2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->le_scan_type = LE_SCAN_PASSIVE;
204 hdev->ssp_debug_mode = 0;
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209 __u8 status = *((__u8 *) skb->data);
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
225 hci_dev_unlock(hdev);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
267 __u8 status = *((__u8 *) skb->data);
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 __u8 param = *((__u8 *) sent);
280 set_bit(HCI_ENCRYPT, &hdev->flags);
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
319 mgmt_discoverable(hdev, 1);
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343 memcpy(hdev->dev_class, rp->dev_class, 3);
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 __u8 status = *((__u8 *) skb->data);
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 memcpy(hdev->dev_class, sent, 3);
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
368 hci_dev_unlock(hdev);
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381 setting = __le16_to_cpu(rp->voice_setting);
383 if (hdev->voice_setting == setting)
386 hdev->voice_setting = setting;
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
397 __u8 status = *((__u8 *) skb->data);
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 setting = get_unaligned_le16(sent);
412 if (hdev->voice_setting == setting)
415 hdev->voice_setting = setting;
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
423 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
433 hdev->num_iac = rp->num_iac;
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
438 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440 __u8 status = *((__u8 *) skb->data);
441 struct hci_cp_write_ssp_mode *sent;
443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 hdev->features[1][0] |= LMP_HOST_SSP;
453 hdev->features[1][0] &= ~LMP_HOST_SSP;
456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 hdev->features[1][0] |= LMP_HOST_SC;
481 hdev->features[1][0] &= ~LMP_HOST_SC;
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
512 static void hci_cc_read_local_commands(struct hci_dev *hdev,
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
526 static void hci_cc_read_local_features(struct hci_dev *hdev,
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
536 memcpy(hdev->features, rp->features, 8);
538 /* Adjust default settings according to features
539 * supported by device. */
541 if (hdev->features[0][0] & LMP_3SLOT)
542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
544 if (hdev->features[0][0] & LMP_5SLOT)
545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
547 if (hdev->features[0][1] & LMP_HV2) {
548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
552 if (hdev->features[0][1] & LMP_HV3) {
553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
557 if (lmp_esco_capable(hdev))
558 hdev->esco_type |= (ESCO_EV3);
560 if (hdev->features[0][4] & LMP_EV4)
561 hdev->esco_type |= (ESCO_EV4);
563 if (hdev->features[0][4] & LMP_EV5)
564 hdev->esco_type |= (ESCO_EV5);
566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
567 hdev->esco_type |= (ESCO_2EV3);
569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
570 hdev->esco_type |= (ESCO_3EV3);
572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
576 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
593 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 hdev->flow_ctl_mode = rp->mode;
604 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
630 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
640 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
653 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
672 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
683 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
686 u8 status = *((u8 *) skb->data);
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
696 hdev->page_scan_type = *type;
699 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
713 hdev->block_cnt = hdev->num_blocks;
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
716 hdev->block_cnt, hdev->block_len);
719 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
741 a2mp_send_getinfo_rsp(hdev);
744 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
759 if (rem_len > frag_len) {
760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
778 a2mp_send_create_phy_link_req(hdev, rp->status);
781 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
789 hdev->inq_tx_power = rp->tx_power;
792 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
814 conn->pin_length = cp->pin_len;
817 hci_dev_unlock(hdev);
820 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
832 hci_dev_unlock(hdev);
835 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
848 hdev->le_cnt = hdev->le_pkts;
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
853 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
861 memcpy(hdev->le_features, rp->features, 8);
864 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
872 hdev->adv_tx_power = rp->tx_power;
875 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
887 hci_dev_unlock(hdev);
890 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
901 ACL_LINK, 0, rp->status);
903 hci_dev_unlock(hdev);
906 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
918 hci_dev_unlock(hdev);
921 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
932 ACL_LINK, 0, rp->status);
934 hci_dev_unlock(hdev);
937 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
950 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
961 hci_dev_unlock(hdev);
965 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
967 __u8 status = *((__u8 *) skb->data);
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
979 bacpy(&hdev->random_addr, sent);
981 hci_dev_unlock(hdev);
984 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
986 __u8 *sent, status = *((__u8 *) skb->data);
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
997 mgmt_advertising(hdev, *sent);
999 hci_dev_unlock(hdev);
1002 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1004 struct hci_cp_le_set_scan_param *cp;
1005 __u8 status = *((__u8 *) skb->data);
1007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1009 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1016 hdev->le_scan_type = cp->type;
1018 hci_dev_unlock(hdev);
1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1036 switch (cp->enable) {
1037 case LE_SCAN_ENABLE:
1038 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1041 case LE_SCAN_DISABLE:
1042 /* Cancel this timer so that we don't try to disable scanning
1043 * when it's already disabled.
1045 cancel_delayed_work(&hdev->le_scan_disable);
1047 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1048 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1049 * interrupted scanning due to a connect request. Mark
1050 * therefore discovery as stopped.
1052 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1054 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1058 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1063 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1068 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1071 hdev->le_white_list_size = rp->size;
1074 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1075 struct sk_buff *skb)
1077 __u8 status = *((__u8 *) skb->data);
1079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1082 hci_white_list_clear(hdev);
1085 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1088 struct hci_cp_le_add_to_white_list *sent;
1089 __u8 status = *((__u8 *) skb->data);
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1093 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1098 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1101 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1102 struct sk_buff *skb)
1104 struct hci_cp_le_del_from_white_list *sent;
1105 __u8 status = *((__u8 *) skb->data);
1107 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1109 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1114 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1117 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1118 struct sk_buff *skb)
1120 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1125 memcpy(hdev->le_states, rp->le_states, 8);
1128 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1129 struct sk_buff *skb)
1131 struct hci_cp_write_le_host_supported *sent;
1132 __u8 status = *((__u8 *) skb->data);
1134 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1142 hdev->features[1][0] |= LMP_HOST_LE;
1143 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1145 hdev->features[1][0] &= ~LMP_HOST_LE;
1146 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1147 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1151 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1153 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1157 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1159 struct hci_cp_le_set_adv_param *cp;
1160 u8 status = *((u8 *) skb->data);
1162 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1172 hdev->adv_addr_type = cp->own_address_type;
1173 hci_dev_unlock(hdev);
1176 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1179 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1181 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1182 hdev->name, rp->status, rp->phy_handle);
1187 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1190 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1195 hci_conn_check_pending(hdev);
1199 set_bit(HCI_INQUIRY, &hdev->flags);
1202 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1204 struct hci_cp_create_conn *cp;
1205 struct hci_conn *conn;
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1217 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1220 if (conn && conn->state == BT_CONNECT) {
1221 if (status != 0x0c || conn->attempt > 2) {
1222 conn->state = BT_CLOSED;
1223 hci_proto_connect_cfm(conn, status);
1226 conn->state = BT_CONNECT2;
1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1233 conn->link_mode |= HCI_LM_MASTER;
1235 BT_ERR("No memory for new connection");
1239 hci_dev_unlock(hdev);
1242 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1244 struct hci_cp_add_sco *cp;
1245 struct hci_conn *acl, *sco;
1248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1257 handle = __le16_to_cpu(cp->handle);
1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1263 acl = hci_conn_hash_lookup_handle(hdev, handle);
1267 sco->state = BT_CLOSED;
1269 hci_proto_connect_cfm(sco, status);
1274 hci_dev_unlock(hdev);
1277 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1279 struct hci_cp_auth_requested *cp;
1280 struct hci_conn *conn;
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1295 if (conn->state == BT_CONFIG) {
1296 hci_proto_connect_cfm(conn, status);
1297 hci_conn_drop(conn);
1301 hci_dev_unlock(hdev);
1304 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1306 struct hci_cp_set_conn_encrypt *cp;
1307 struct hci_conn *conn;
1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1322 if (conn->state == BT_CONFIG) {
1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_drop(conn);
1328 hci_dev_unlock(hdev);
1331 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1332 struct hci_conn *conn)
1334 if (conn->state != BT_CONFIG || !conn->out)
1337 if (conn->pending_sec_level == BT_SECURITY_SDP)
1340 /* Only request authentication for SSP connections or non-SSP
1341 * devices with sec_level MEDIUM or HIGH or if MITM protection
1344 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1345 conn->pending_sec_level != BT_SECURITY_HIGH &&
1346 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1352 static int hci_resolve_name(struct hci_dev *hdev,
1353 struct inquiry_entry *e)
1355 struct hci_cp_remote_name_req cp;
1357 memset(&cp, 0, sizeof(cp));
1359 bacpy(&cp.bdaddr, &e->data.bdaddr);
1360 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1361 cp.pscan_mode = e->data.pscan_mode;
1362 cp.clock_offset = e->data.clock_offset;
1364 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1367 static bool hci_resolve_next_name(struct hci_dev *hdev)
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1372 if (list_empty(&discov->resolve))
1375 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1379 if (hci_resolve_name(hdev, e) == 0) {
1380 e->name_state = NAME_PENDING;
1387 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1388 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1390 struct discovery_state *discov = &hdev->discovery;
1391 struct inquiry_entry *e;
1393 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1394 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1395 name_len, conn->dev_class);
1397 if (discov->state == DISCOVERY_STOPPED)
1400 if (discov->state == DISCOVERY_STOPPING)
1401 goto discov_complete;
1403 if (discov->state != DISCOVERY_RESOLVING)
1406 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1407 /* If the device was not found in a list of found devices names of which
1408 * are pending. there is no need to continue resolving a next name as it
1409 * will be done upon receiving another Remote Name Request Complete
1416 e->name_state = NAME_KNOWN;
1417 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1418 e->data.rssi, name, name_len);
1420 e->name_state = NAME_NOT_KNOWN;
1423 if (hci_resolve_next_name(hdev))
1427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1430 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1432 struct hci_cp_remote_name_req *cp;
1433 struct hci_conn *conn;
1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437 /* If successful wait for the name req complete event before
1438 * checking for the need to do authentication */
1442 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1450 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1451 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1456 if (!hci_outgoing_auth_needed(hdev, conn))
1459 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1460 struct hci_cp_auth_requested auth_cp;
1462 auth_cp.handle = __cpu_to_le16(conn->handle);
1463 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1464 sizeof(auth_cp), &auth_cp);
1468 hci_dev_unlock(hdev);
1471 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1473 struct hci_cp_read_remote_features *cp;
1474 struct hci_conn *conn;
1476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1481 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1489 if (conn->state == BT_CONFIG) {
1490 hci_proto_connect_cfm(conn, status);
1491 hci_conn_drop(conn);
1495 hci_dev_unlock(hdev);
1498 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1500 struct hci_cp_read_remote_ext_features *cp;
1501 struct hci_conn *conn;
1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn->state == BT_CONFIG) {
1517 hci_proto_connect_cfm(conn, status);
1518 hci_conn_drop(conn);
1522 hci_dev_unlock(hdev);
1525 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1527 struct hci_cp_setup_sync_conn *cp;
1528 struct hci_conn *acl, *sco;
1531 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1536 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1540 handle = __le16_to_cpu(cp->handle);
1542 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1546 acl = hci_conn_hash_lookup_handle(hdev, handle);
1550 sco->state = BT_CLOSED;
1552 hci_proto_connect_cfm(sco, status);
1557 hci_dev_unlock(hdev);
1560 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1562 struct hci_cp_sniff_mode *cp;
1563 struct hci_conn *conn;
1565 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1570 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1578 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1581 hci_sco_setup(conn, status);
1584 hci_dev_unlock(hdev);
1587 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1589 struct hci_cp_exit_sniff_mode *cp;
1590 struct hci_conn *conn;
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1597 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1605 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1607 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1608 hci_sco_setup(conn, status);
1611 hci_dev_unlock(hdev);
1614 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1616 struct hci_cp_disconnect *cp;
1617 struct hci_conn *conn;
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1630 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1631 conn->dst_type, status);
1633 hci_dev_unlock(hdev);
1636 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1638 struct hci_cp_create_phy_link *cp;
1640 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1642 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1649 struct hci_conn *hcon;
1651 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1655 amp_write_remote_assoc(hdev, cp->phy_handle);
1658 hci_dev_unlock(hdev);
1661 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1663 struct hci_cp_accept_phy_link *cp;
1665 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1670 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1674 amp_write_remote_assoc(hdev, cp->phy_handle);
1677 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1679 struct hci_cp_le_create_conn *cp;
1680 struct hci_conn *conn;
1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1684 /* All connection failure handling is taken care of by the
1685 * hci_le_conn_failed function which is triggered by the HCI
1686 * request completion callbacks used for connecting.
1691 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1697 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1701 /* Store the initiator and responder address information which
1702 * is needed for SMP. These values will not change during the
1703 * lifetime of the connection.
1705 conn->init_addr_type = cp->own_address_type;
1706 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1707 bacpy(&conn->init_addr, &hdev->random_addr);
1709 bacpy(&conn->init_addr, &hdev->bdaddr);
1711 conn->resp_addr_type = cp->peer_addr_type;
1712 bacpy(&conn->resp_addr, &cp->peer_addr);
1714 /* We don't want the connection attempt to stick around
1715 * indefinitely since LE doesn't have a page timeout concept
1716 * like BR/EDR. Set a timer for any connection that doesn't use
1717 * the white list for connecting.
1719 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1720 queue_delayed_work(conn->hdev->workqueue,
1721 &conn->le_conn_timeout,
1722 HCI_LE_CONN_TIMEOUT);
1725 hci_dev_unlock(hdev);
1728 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1730 __u8 status = *((__u8 *) skb->data);
1731 struct discovery_state *discov = &hdev->discovery;
1732 struct inquiry_entry *e;
1734 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1736 hci_conn_check_pending(hdev);
1738 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1741 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1742 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1744 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1749 if (discov->state != DISCOVERY_FINDING)
1752 if (list_empty(&discov->resolve)) {
1753 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1757 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1758 if (e && hci_resolve_name(hdev, e) == 0) {
1759 e->name_state = NAME_PENDING;
1760 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1762 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1766 hci_dev_unlock(hdev);
1769 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1771 struct inquiry_data data;
1772 struct inquiry_info *info = (void *) (skb->data + 1);
1773 int num_rsp = *((__u8 *) skb->data);
1775 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1780 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1785 for (; num_rsp; num_rsp--, info++) {
1786 bool name_known, ssp;
1788 bacpy(&data.bdaddr, &info->bdaddr);
1789 data.pscan_rep_mode = info->pscan_rep_mode;
1790 data.pscan_period_mode = info->pscan_period_mode;
1791 data.pscan_mode = info->pscan_mode;
1792 memcpy(data.dev_class, info->dev_class, 3);
1793 data.clock_offset = info->clock_offset;
1795 data.ssp_mode = 0x00;
1797 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1798 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1799 info->dev_class, 0, !name_known, ssp, NULL,
1803 hci_dev_unlock(hdev);
1806 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1808 struct hci_ev_conn_complete *ev = (void *) skb->data;
1809 struct hci_conn *conn;
1811 BT_DBG("%s", hdev->name);
1815 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1817 if (ev->link_type != SCO_LINK)
1820 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1824 conn->type = SCO_LINK;
1828 conn->handle = __le16_to_cpu(ev->handle);
1830 if (conn->type == ACL_LINK) {
1831 conn->state = BT_CONFIG;
1832 hci_conn_hold(conn);
1834 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1835 !hci_find_link_key(hdev, &ev->bdaddr))
1836 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1838 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1840 conn->state = BT_CONNECTED;
1842 hci_conn_add_sysfs(conn);
1844 if (test_bit(HCI_AUTH, &hdev->flags))
1845 conn->link_mode |= HCI_LM_AUTH;
1847 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1848 conn->link_mode |= HCI_LM_ENCRYPT;
1850 /* Get remote features */
1851 if (conn->type == ACL_LINK) {
1852 struct hci_cp_read_remote_features cp;
1853 cp.handle = ev->handle;
1854 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1858 /* Set packet type for incoming connection */
1859 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1860 struct hci_cp_change_conn_ptype cp;
1861 cp.handle = ev->handle;
1862 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1863 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1867 conn->state = BT_CLOSED;
1868 if (conn->type == ACL_LINK)
1869 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1870 conn->dst_type, ev->status);
1873 if (conn->type == ACL_LINK)
1874 hci_sco_setup(conn, ev->status);
1877 hci_proto_connect_cfm(conn, ev->status);
1879 } else if (ev->link_type != ACL_LINK)
1880 hci_proto_connect_cfm(conn, ev->status);
1883 hci_dev_unlock(hdev);
1885 hci_conn_check_pending(hdev);
1888 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1890 struct hci_ev_conn_request *ev = (void *) skb->data;
1891 int mask = hdev->link_mode;
1894 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1897 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1900 if ((mask & HCI_LM_ACCEPT) &&
1901 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1902 /* Connection accepted */
1903 struct inquiry_entry *ie;
1904 struct hci_conn *conn;
1908 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1910 memcpy(ie->data.dev_class, ev->dev_class, 3);
1912 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1915 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1917 BT_ERR("No memory for new connection");
1918 hci_dev_unlock(hdev);
1923 memcpy(conn->dev_class, ev->dev_class, 3);
1925 hci_dev_unlock(hdev);
1927 if (ev->link_type == ACL_LINK ||
1928 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1929 struct hci_cp_accept_conn_req cp;
1930 conn->state = BT_CONNECT;
1932 bacpy(&cp.bdaddr, &ev->bdaddr);
1934 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1935 cp.role = 0x00; /* Become master */
1937 cp.role = 0x01; /* Remain slave */
1939 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1941 } else if (!(flags & HCI_PROTO_DEFER)) {
1942 struct hci_cp_accept_sync_conn_req cp;
1943 conn->state = BT_CONNECT;
1945 bacpy(&cp.bdaddr, &ev->bdaddr);
1946 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1948 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1949 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1950 cp.max_latency = cpu_to_le16(0xffff);
1951 cp.content_format = cpu_to_le16(hdev->voice_setting);
1952 cp.retrans_effort = 0xff;
1954 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1957 conn->state = BT_CONNECT2;
1958 hci_proto_connect_cfm(conn, 0);
1961 /* Connection rejected */
1962 struct hci_cp_reject_conn_req cp;
1964 bacpy(&cp.bdaddr, &ev->bdaddr);
1965 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1966 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1970 static u8 hci_to_mgmt_reason(u8 err)
1973 case HCI_ERROR_CONNECTION_TIMEOUT:
1974 return MGMT_DEV_DISCONN_TIMEOUT;
1975 case HCI_ERROR_REMOTE_USER_TERM:
1976 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1977 case HCI_ERROR_REMOTE_POWER_OFF:
1978 return MGMT_DEV_DISCONN_REMOTE;
1979 case HCI_ERROR_LOCAL_HOST_TERM:
1980 return MGMT_DEV_DISCONN_LOCAL_HOST;
1982 return MGMT_DEV_DISCONN_UNKNOWN;
1986 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1988 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1989 u8 reason = hci_to_mgmt_reason(ev->reason);
1990 struct hci_conn_params *params;
1991 struct hci_conn *conn;
1992 bool mgmt_connected;
1995 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1999 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2004 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2005 conn->dst_type, ev->status);
2009 conn->state = BT_CLOSED;
2011 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2012 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2013 reason, mgmt_connected);
2015 if (conn->type == ACL_LINK && conn->flush_key)
2016 hci_remove_link_key(hdev, &conn->dst);
2018 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2020 switch (params->auto_connect) {
2021 case HCI_AUTO_CONN_LINK_LOSS:
2022 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2026 case HCI_AUTO_CONN_ALWAYS:
2027 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2037 hci_proto_disconn_cfm(conn, ev->reason);
2040 /* Re-enable advertising if necessary, since it might
2041 * have been disabled by the connection. From the
2042 * HCI_LE_Set_Advertise_Enable command description in
2043 * the core specification (v4.0):
2044 * "The Controller shall continue advertising until the Host
2045 * issues an LE_Set_Advertise_Enable command with
2046 * Advertising_Enable set to 0x00 (Advertising is disabled)
2047 * or until a connection is created or until the Advertising
2048 * is timed out due to Directed Advertising."
2050 if (type == LE_LINK)
2051 mgmt_reenable_advertising(hdev);
2054 hci_dev_unlock(hdev);
2057 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2059 struct hci_ev_auth_complete *ev = (void *) skb->data;
2060 struct hci_conn *conn;
2062 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2066 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2071 if (!hci_conn_ssp_enabled(conn) &&
2072 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2073 BT_INFO("re-auth of legacy device is not possible.");
2075 conn->link_mode |= HCI_LM_AUTH;
2076 conn->sec_level = conn->pending_sec_level;
2079 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2083 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2084 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2086 if (conn->state == BT_CONFIG) {
2087 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2088 struct hci_cp_set_conn_encrypt cp;
2089 cp.handle = ev->handle;
2091 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2094 conn->state = BT_CONNECTED;
2095 hci_proto_connect_cfm(conn, ev->status);
2096 hci_conn_drop(conn);
2099 hci_auth_cfm(conn, ev->status);
2101 hci_conn_hold(conn);
2102 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2103 hci_conn_drop(conn);
2106 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2108 struct hci_cp_set_conn_encrypt cp;
2109 cp.handle = ev->handle;
2111 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2114 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2115 hci_encrypt_cfm(conn, ev->status, 0x00);
2120 hci_dev_unlock(hdev);
2123 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2125 struct hci_ev_remote_name *ev = (void *) skb->data;
2126 struct hci_conn *conn;
2128 BT_DBG("%s", hdev->name);
2130 hci_conn_check_pending(hdev);
2134 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2136 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2139 if (ev->status == 0)
2140 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2141 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2143 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2149 if (!hci_outgoing_auth_needed(hdev, conn))
2152 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2153 struct hci_cp_auth_requested cp;
2154 cp.handle = __cpu_to_le16(conn->handle);
2155 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2159 hci_dev_unlock(hdev);
2162 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2164 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2165 struct hci_conn *conn;
2167 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2171 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2177 /* Encryption implies authentication */
2178 conn->link_mode |= HCI_LM_AUTH;
2179 conn->link_mode |= HCI_LM_ENCRYPT;
2180 conn->sec_level = conn->pending_sec_level;
2182 /* P-256 authentication key implies FIPS */
2183 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2184 conn->link_mode |= HCI_LM_FIPS;
2186 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2187 conn->type == LE_LINK)
2188 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2190 conn->link_mode &= ~HCI_LM_ENCRYPT;
2191 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2195 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2197 if (ev->status && conn->state == BT_CONNECTED) {
2198 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2199 hci_conn_drop(conn);
2203 if (conn->state == BT_CONFIG) {
2205 conn->state = BT_CONNECTED;
2207 /* In Secure Connections Only mode, do not allow any
2208 * connections that are not encrypted with AES-CCM
2209 * using a P-256 authenticated combination key.
2211 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2212 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2213 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2214 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2215 hci_conn_drop(conn);
2219 hci_proto_connect_cfm(conn, ev->status);
2220 hci_conn_drop(conn);
2222 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2225 hci_dev_unlock(hdev);
2228 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2229 struct sk_buff *skb)
2231 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2232 struct hci_conn *conn;
2234 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2238 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2241 conn->link_mode |= HCI_LM_SECURE;
2243 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2245 hci_key_change_cfm(conn, ev->status);
2248 hci_dev_unlock(hdev);
2251 static void hci_remote_features_evt(struct hci_dev *hdev,
2252 struct sk_buff *skb)
2254 struct hci_ev_remote_features *ev = (void *) skb->data;
2255 struct hci_conn *conn;
2257 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2266 memcpy(conn->features[0], ev->features, 8);
2268 if (conn->state != BT_CONFIG)
2271 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2272 struct hci_cp_read_remote_ext_features cp;
2273 cp.handle = ev->handle;
2275 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2280 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2281 struct hci_cp_remote_name_req cp;
2282 memset(&cp, 0, sizeof(cp));
2283 bacpy(&cp.bdaddr, &conn->dst);
2284 cp.pscan_rep_mode = 0x02;
2285 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2286 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2287 mgmt_device_connected(hdev, &conn->dst, conn->type,
2288 conn->dst_type, 0, NULL, 0,
2291 if (!hci_outgoing_auth_needed(hdev, conn)) {
2292 conn->state = BT_CONNECTED;
2293 hci_proto_connect_cfm(conn, ev->status);
2294 hci_conn_drop(conn);
2298 hci_dev_unlock(hdev);
2301 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2303 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2304 u8 status = skb->data[sizeof(*ev)];
2307 skb_pull(skb, sizeof(*ev));
2309 opcode = __le16_to_cpu(ev->opcode);
2312 case HCI_OP_INQUIRY_CANCEL:
2313 hci_cc_inquiry_cancel(hdev, skb);
2316 case HCI_OP_PERIODIC_INQ:
2317 hci_cc_periodic_inq(hdev, skb);
2320 case HCI_OP_EXIT_PERIODIC_INQ:
2321 hci_cc_exit_periodic_inq(hdev, skb);
2324 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2325 hci_cc_remote_name_req_cancel(hdev, skb);
2328 case HCI_OP_ROLE_DISCOVERY:
2329 hci_cc_role_discovery(hdev, skb);
2332 case HCI_OP_READ_LINK_POLICY:
2333 hci_cc_read_link_policy(hdev, skb);
2336 case HCI_OP_WRITE_LINK_POLICY:
2337 hci_cc_write_link_policy(hdev, skb);
2340 case HCI_OP_READ_DEF_LINK_POLICY:
2341 hci_cc_read_def_link_policy(hdev, skb);
2344 case HCI_OP_WRITE_DEF_LINK_POLICY:
2345 hci_cc_write_def_link_policy(hdev, skb);
2349 hci_cc_reset(hdev, skb);
2352 case HCI_OP_WRITE_LOCAL_NAME:
2353 hci_cc_write_local_name(hdev, skb);
2356 case HCI_OP_READ_LOCAL_NAME:
2357 hci_cc_read_local_name(hdev, skb);
2360 case HCI_OP_WRITE_AUTH_ENABLE:
2361 hci_cc_write_auth_enable(hdev, skb);
2364 case HCI_OP_WRITE_ENCRYPT_MODE:
2365 hci_cc_write_encrypt_mode(hdev, skb);
2368 case HCI_OP_WRITE_SCAN_ENABLE:
2369 hci_cc_write_scan_enable(hdev, skb);
2372 case HCI_OP_READ_CLASS_OF_DEV:
2373 hci_cc_read_class_of_dev(hdev, skb);
2376 case HCI_OP_WRITE_CLASS_OF_DEV:
2377 hci_cc_write_class_of_dev(hdev, skb);
2380 case HCI_OP_READ_VOICE_SETTING:
2381 hci_cc_read_voice_setting(hdev, skb);
2384 case HCI_OP_WRITE_VOICE_SETTING:
2385 hci_cc_write_voice_setting(hdev, skb);
2388 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2389 hci_cc_read_num_supported_iac(hdev, skb);
2392 case HCI_OP_WRITE_SSP_MODE:
2393 hci_cc_write_ssp_mode(hdev, skb);
2396 case HCI_OP_WRITE_SC_SUPPORT:
2397 hci_cc_write_sc_support(hdev, skb);
2400 case HCI_OP_READ_LOCAL_VERSION:
2401 hci_cc_read_local_version(hdev, skb);
2404 case HCI_OP_READ_LOCAL_COMMANDS:
2405 hci_cc_read_local_commands(hdev, skb);
2408 case HCI_OP_READ_LOCAL_FEATURES:
2409 hci_cc_read_local_features(hdev, skb);
2412 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2413 hci_cc_read_local_ext_features(hdev, skb);
2416 case HCI_OP_READ_BUFFER_SIZE:
2417 hci_cc_read_buffer_size(hdev, skb);
2420 case HCI_OP_READ_BD_ADDR:
2421 hci_cc_read_bd_addr(hdev, skb);
2424 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2425 hci_cc_read_page_scan_activity(hdev, skb);
2428 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2429 hci_cc_write_page_scan_activity(hdev, skb);
2432 case HCI_OP_READ_PAGE_SCAN_TYPE:
2433 hci_cc_read_page_scan_type(hdev, skb);
2436 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2437 hci_cc_write_page_scan_type(hdev, skb);
2440 case HCI_OP_READ_DATA_BLOCK_SIZE:
2441 hci_cc_read_data_block_size(hdev, skb);
2444 case HCI_OP_READ_FLOW_CONTROL_MODE:
2445 hci_cc_read_flow_control_mode(hdev, skb);
2448 case HCI_OP_READ_LOCAL_AMP_INFO:
2449 hci_cc_read_local_amp_info(hdev, skb);
2452 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2453 hci_cc_read_local_amp_assoc(hdev, skb);
2456 case HCI_OP_READ_INQ_RSP_TX_POWER:
2457 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2460 case HCI_OP_PIN_CODE_REPLY:
2461 hci_cc_pin_code_reply(hdev, skb);
2464 case HCI_OP_PIN_CODE_NEG_REPLY:
2465 hci_cc_pin_code_neg_reply(hdev, skb);
2468 case HCI_OP_READ_LOCAL_OOB_DATA:
2469 hci_cc_read_local_oob_data(hdev, skb);
2472 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2473 hci_cc_read_local_oob_ext_data(hdev, skb);
2476 case HCI_OP_LE_READ_BUFFER_SIZE:
2477 hci_cc_le_read_buffer_size(hdev, skb);
2480 case HCI_OP_LE_READ_LOCAL_FEATURES:
2481 hci_cc_le_read_local_features(hdev, skb);
2484 case HCI_OP_LE_READ_ADV_TX_POWER:
2485 hci_cc_le_read_adv_tx_power(hdev, skb);
2488 case HCI_OP_USER_CONFIRM_REPLY:
2489 hci_cc_user_confirm_reply(hdev, skb);
2492 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2493 hci_cc_user_confirm_neg_reply(hdev, skb);
2496 case HCI_OP_USER_PASSKEY_REPLY:
2497 hci_cc_user_passkey_reply(hdev, skb);
2500 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2501 hci_cc_user_passkey_neg_reply(hdev, skb);
2504 case HCI_OP_LE_SET_RANDOM_ADDR:
2505 hci_cc_le_set_random_addr(hdev, skb);
2508 case HCI_OP_LE_SET_ADV_ENABLE:
2509 hci_cc_le_set_adv_enable(hdev, skb);
2512 case HCI_OP_LE_SET_SCAN_PARAM:
2513 hci_cc_le_set_scan_param(hdev, skb);
2516 case HCI_OP_LE_SET_SCAN_ENABLE:
2517 hci_cc_le_set_scan_enable(hdev, skb);
2520 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2521 hci_cc_le_read_white_list_size(hdev, skb);
2524 case HCI_OP_LE_CLEAR_WHITE_LIST:
2525 hci_cc_le_clear_white_list(hdev, skb);
2528 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2529 hci_cc_le_add_to_white_list(hdev, skb);
2532 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2533 hci_cc_le_del_from_white_list(hdev, skb);
2536 case HCI_OP_LE_READ_SUPPORTED_STATES:
2537 hci_cc_le_read_supported_states(hdev, skb);
2540 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2541 hci_cc_write_le_host_supported(hdev, skb);
2544 case HCI_OP_LE_SET_ADV_PARAM:
2545 hci_cc_set_adv_param(hdev, skb);
2548 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2549 hci_cc_write_remote_amp_assoc(hdev, skb);
2553 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2557 if (opcode != HCI_OP_NOP)
2558 del_timer(&hdev->cmd_timer);
2560 hci_req_cmd_complete(hdev, opcode, status);
2562 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2563 atomic_set(&hdev->cmd_cnt, 1);
2564 if (!skb_queue_empty(&hdev->cmd_q))
2565 queue_work(hdev->workqueue, &hdev->cmd_work);
2569 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2571 struct hci_ev_cmd_status *ev = (void *) skb->data;
2574 skb_pull(skb, sizeof(*ev));
2576 opcode = __le16_to_cpu(ev->opcode);
2579 case HCI_OP_INQUIRY:
2580 hci_cs_inquiry(hdev, ev->status);
2583 case HCI_OP_CREATE_CONN:
2584 hci_cs_create_conn(hdev, ev->status);
2587 case HCI_OP_ADD_SCO:
2588 hci_cs_add_sco(hdev, ev->status);
2591 case HCI_OP_AUTH_REQUESTED:
2592 hci_cs_auth_requested(hdev, ev->status);
2595 case HCI_OP_SET_CONN_ENCRYPT:
2596 hci_cs_set_conn_encrypt(hdev, ev->status);
2599 case HCI_OP_REMOTE_NAME_REQ:
2600 hci_cs_remote_name_req(hdev, ev->status);
2603 case HCI_OP_READ_REMOTE_FEATURES:
2604 hci_cs_read_remote_features(hdev, ev->status);
2607 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2608 hci_cs_read_remote_ext_features(hdev, ev->status);
2611 case HCI_OP_SETUP_SYNC_CONN:
2612 hci_cs_setup_sync_conn(hdev, ev->status);
2615 case HCI_OP_SNIFF_MODE:
2616 hci_cs_sniff_mode(hdev, ev->status);
2619 case HCI_OP_EXIT_SNIFF_MODE:
2620 hci_cs_exit_sniff_mode(hdev, ev->status);
2623 case HCI_OP_DISCONNECT:
2624 hci_cs_disconnect(hdev, ev->status);
2627 case HCI_OP_CREATE_PHY_LINK:
2628 hci_cs_create_phylink(hdev, ev->status);
2631 case HCI_OP_ACCEPT_PHY_LINK:
2632 hci_cs_accept_phylink(hdev, ev->status);
2635 case HCI_OP_LE_CREATE_CONN:
2636 hci_cs_le_create_conn(hdev, ev->status);
2640 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2644 if (opcode != HCI_OP_NOP)
2645 del_timer(&hdev->cmd_timer);
2648 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2649 hci_req_cmd_complete(hdev, opcode, ev->status);
2651 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2652 atomic_set(&hdev->cmd_cnt, 1);
2653 if (!skb_queue_empty(&hdev->cmd_q))
2654 queue_work(hdev->workqueue, &hdev->cmd_work);
2658 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2660 struct hci_ev_role_change *ev = (void *) skb->data;
2661 struct hci_conn *conn;
2663 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2667 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2671 conn->link_mode &= ~HCI_LM_MASTER;
2673 conn->link_mode |= HCI_LM_MASTER;
2676 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2678 hci_role_switch_cfm(conn, ev->status, ev->role);
2681 hci_dev_unlock(hdev);
2684 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2689 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2690 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2694 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2695 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2696 BT_DBG("%s bad parameters", hdev->name);
2700 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2702 for (i = 0; i < ev->num_hndl; i++) {
2703 struct hci_comp_pkts_info *info = &ev->handles[i];
2704 struct hci_conn *conn;
2705 __u16 handle, count;
2707 handle = __le16_to_cpu(info->handle);
2708 count = __le16_to_cpu(info->count);
2710 conn = hci_conn_hash_lookup_handle(hdev, handle);
2714 conn->sent -= count;
2716 switch (conn->type) {
2718 hdev->acl_cnt += count;
2719 if (hdev->acl_cnt > hdev->acl_pkts)
2720 hdev->acl_cnt = hdev->acl_pkts;
2724 if (hdev->le_pkts) {
2725 hdev->le_cnt += count;
2726 if (hdev->le_cnt > hdev->le_pkts)
2727 hdev->le_cnt = hdev->le_pkts;
2729 hdev->acl_cnt += count;
2730 if (hdev->acl_cnt > hdev->acl_pkts)
2731 hdev->acl_cnt = hdev->acl_pkts;
2736 hdev->sco_cnt += count;
2737 if (hdev->sco_cnt > hdev->sco_pkts)
2738 hdev->sco_cnt = hdev->sco_pkts;
2742 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2747 queue_work(hdev->workqueue, &hdev->tx_work);
2750 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2753 struct hci_chan *chan;
2755 switch (hdev->dev_type) {
2757 return hci_conn_hash_lookup_handle(hdev, handle);
2759 chan = hci_chan_lookup_handle(hdev, handle);
2764 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2771 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2773 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2776 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2777 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2781 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2782 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2783 BT_DBG("%s bad parameters", hdev->name);
2787 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2790 for (i = 0; i < ev->num_hndl; i++) {
2791 struct hci_comp_blocks_info *info = &ev->handles[i];
2792 struct hci_conn *conn = NULL;
2793 __u16 handle, block_count;
2795 handle = __le16_to_cpu(info->handle);
2796 block_count = __le16_to_cpu(info->blocks);
2798 conn = __hci_conn_lookup_handle(hdev, handle);
2802 conn->sent -= block_count;
2804 switch (conn->type) {
2807 hdev->block_cnt += block_count;
2808 if (hdev->block_cnt > hdev->num_blocks)
2809 hdev->block_cnt = hdev->num_blocks;
2813 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2818 queue_work(hdev->workqueue, &hdev->tx_work);
2821 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2823 struct hci_ev_mode_change *ev = (void *) skb->data;
2824 struct hci_conn *conn;
2826 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2830 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2832 conn->mode = ev->mode;
2834 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2836 if (conn->mode == HCI_CM_ACTIVE)
2837 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2839 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2842 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2843 hci_sco_setup(conn, ev->status);
2846 hci_dev_unlock(hdev);
2849 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2851 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2852 struct hci_conn *conn;
2854 BT_DBG("%s", hdev->name);
2858 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2862 if (conn->state == BT_CONNECTED) {
2863 hci_conn_hold(conn);
2864 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2865 hci_conn_drop(conn);
2868 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2869 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2870 sizeof(ev->bdaddr), &ev->bdaddr);
2871 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2874 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2879 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2883 hci_dev_unlock(hdev);
2886 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2888 struct hci_ev_link_key_req *ev = (void *) skb->data;
2889 struct hci_cp_link_key_reply cp;
2890 struct hci_conn *conn;
2891 struct link_key *key;
2893 BT_DBG("%s", hdev->name);
2895 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2900 key = hci_find_link_key(hdev, &ev->bdaddr);
2902 BT_DBG("%s link key not found for %pMR", hdev->name,
2907 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2910 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2911 key->type == HCI_LK_DEBUG_COMBINATION) {
2912 BT_DBG("%s ignoring debug key", hdev->name);
2916 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2918 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2919 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2920 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2921 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2925 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2926 conn->pending_sec_level == BT_SECURITY_HIGH) {
2927 BT_DBG("%s ignoring key unauthenticated for high security",
2932 conn->key_type = key->type;
2933 conn->pin_length = key->pin_len;
2936 bacpy(&cp.bdaddr, &ev->bdaddr);
2937 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2939 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2941 hci_dev_unlock(hdev);
2946 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2947 hci_dev_unlock(hdev);
2950 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2952 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2953 struct hci_conn *conn;
2956 BT_DBG("%s", hdev->name);
2960 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2962 hci_conn_hold(conn);
2963 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2964 pin_len = conn->pin_length;
2966 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2967 conn->key_type = ev->key_type;
2969 hci_conn_drop(conn);
2972 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2973 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2974 ev->key_type, pin_len);
2976 hci_dev_unlock(hdev);
2979 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2981 struct hci_ev_clock_offset *ev = (void *) skb->data;
2982 struct hci_conn *conn;
2984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2988 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2989 if (conn && !ev->status) {
2990 struct inquiry_entry *ie;
2992 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2994 ie->data.clock_offset = ev->clock_offset;
2995 ie->timestamp = jiffies;
2999 hci_dev_unlock(hdev);
3002 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3004 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3005 struct hci_conn *conn;
3007 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3012 if (conn && !ev->status)
3013 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3015 hci_dev_unlock(hdev);
3018 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3020 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3021 struct inquiry_entry *ie;
3023 BT_DBG("%s", hdev->name);
3027 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3029 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3030 ie->timestamp = jiffies;
3033 hci_dev_unlock(hdev);
3036 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3037 struct sk_buff *skb)
3039 struct inquiry_data data;
3040 int num_rsp = *((__u8 *) skb->data);
3041 bool name_known, ssp;
3043 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3048 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3053 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3054 struct inquiry_info_with_rssi_and_pscan_mode *info;
3055 info = (void *) (skb->data + 1);
3057 for (; num_rsp; num_rsp--, info++) {
3058 bacpy(&data.bdaddr, &info->bdaddr);
3059 data.pscan_rep_mode = info->pscan_rep_mode;
3060 data.pscan_period_mode = info->pscan_period_mode;
3061 data.pscan_mode = info->pscan_mode;
3062 memcpy(data.dev_class, info->dev_class, 3);
3063 data.clock_offset = info->clock_offset;
3064 data.rssi = info->rssi;
3065 data.ssp_mode = 0x00;
3067 name_known = hci_inquiry_cache_update(hdev, &data,
3069 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3070 info->dev_class, info->rssi,
3071 !name_known, ssp, NULL, 0);
3074 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3076 for (; num_rsp; num_rsp--, info++) {
3077 bacpy(&data.bdaddr, &info->bdaddr);
3078 data.pscan_rep_mode = info->pscan_rep_mode;
3079 data.pscan_period_mode = info->pscan_period_mode;
3080 data.pscan_mode = 0x00;
3081 memcpy(data.dev_class, info->dev_class, 3);
3082 data.clock_offset = info->clock_offset;
3083 data.rssi = info->rssi;
3084 data.ssp_mode = 0x00;
3085 name_known = hci_inquiry_cache_update(hdev, &data,
3087 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3088 info->dev_class, info->rssi,
3089 !name_known, ssp, NULL, 0);
3093 hci_dev_unlock(hdev);
3096 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3097 struct sk_buff *skb)
3099 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3100 struct hci_conn *conn;
3102 BT_DBG("%s", hdev->name);
3106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3110 if (ev->page < HCI_MAX_PAGES)
3111 memcpy(conn->features[ev->page], ev->features, 8);
3113 if (!ev->status && ev->page == 0x01) {
3114 struct inquiry_entry *ie;
3116 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3118 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3120 if (ev->features[0] & LMP_HOST_SSP) {
3121 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3123 /* It is mandatory by the Bluetooth specification that
3124 * Extended Inquiry Results are only used when Secure
3125 * Simple Pairing is enabled, but some devices violate
3128 * To make these devices work, the internal SSP
3129 * enabled flag needs to be cleared if the remote host
3130 * features do not indicate SSP support */
3131 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3134 if (ev->features[0] & LMP_HOST_SC)
3135 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3138 if (conn->state != BT_CONFIG)
3141 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3142 struct hci_cp_remote_name_req cp;
3143 memset(&cp, 0, sizeof(cp));
3144 bacpy(&cp.bdaddr, &conn->dst);
3145 cp.pscan_rep_mode = 0x02;
3146 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3147 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3148 mgmt_device_connected(hdev, &conn->dst, conn->type,
3149 conn->dst_type, 0, NULL, 0,
3152 if (!hci_outgoing_auth_needed(hdev, conn)) {
3153 conn->state = BT_CONNECTED;
3154 hci_proto_connect_cfm(conn, ev->status);
3155 hci_conn_drop(conn);
3159 hci_dev_unlock(hdev);
3162 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3163 struct sk_buff *skb)
3165 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3166 struct hci_conn *conn;
3168 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3172 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3174 if (ev->link_type == ESCO_LINK)
3177 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3181 conn->type = SCO_LINK;
3184 switch (ev->status) {
3186 conn->handle = __le16_to_cpu(ev->handle);
3187 conn->state = BT_CONNECTED;
3189 hci_conn_add_sysfs(conn);
3192 case 0x0d: /* Connection Rejected due to Limited Resources */
3193 case 0x11: /* Unsupported Feature or Parameter Value */
3194 case 0x1c: /* SCO interval rejected */
3195 case 0x1a: /* Unsupported Remote Feature */
3196 case 0x1f: /* Unspecified error */
3197 case 0x20: /* Unsupported LMP Parameter value */
3199 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3200 (hdev->esco_type & EDR_ESCO_MASK);
3201 if (hci_setup_sync(conn, conn->link->handle))
3207 conn->state = BT_CLOSED;
3211 hci_proto_connect_cfm(conn, ev->status);
3216 hci_dev_unlock(hdev);
3219 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3223 while (parsed < eir_len) {
3224 u8 field_len = eir[0];
3229 parsed += field_len + 1;
3230 eir += field_len + 1;
3236 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3237 struct sk_buff *skb)
3239 struct inquiry_data data;
3240 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3241 int num_rsp = *((__u8 *) skb->data);
3244 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3249 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3254 for (; num_rsp; num_rsp--, info++) {
3255 bool name_known, ssp;
3257 bacpy(&data.bdaddr, &info->bdaddr);
3258 data.pscan_rep_mode = info->pscan_rep_mode;
3259 data.pscan_period_mode = info->pscan_period_mode;
3260 data.pscan_mode = 0x00;
3261 memcpy(data.dev_class, info->dev_class, 3);
3262 data.clock_offset = info->clock_offset;
3263 data.rssi = info->rssi;
3264 data.ssp_mode = 0x01;
3266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3267 name_known = eir_has_data_type(info->data,
3273 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3275 eir_len = eir_get_length(info->data, sizeof(info->data));
3276 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3277 info->dev_class, info->rssi, !name_known,
3278 ssp, info->data, eir_len);
3281 hci_dev_unlock(hdev);
3284 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3287 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3288 struct hci_conn *conn;
3290 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3291 __le16_to_cpu(ev->handle));
3295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3300 conn->sec_level = conn->pending_sec_level;
3302 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3304 if (ev->status && conn->state == BT_CONNECTED) {
3305 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3306 hci_conn_drop(conn);
3310 if (conn->state == BT_CONFIG) {
3312 conn->state = BT_CONNECTED;
3314 hci_proto_connect_cfm(conn, ev->status);
3315 hci_conn_drop(conn);
3317 hci_auth_cfm(conn, ev->status);
3319 hci_conn_hold(conn);
3320 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3321 hci_conn_drop(conn);
3325 hci_dev_unlock(hdev);
3328 static u8 hci_get_auth_req(struct hci_conn *conn)
3330 /* If remote requests dedicated bonding follow that lead */
3331 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3332 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3333 /* If both remote and local IO capabilities allow MITM
3334 * protection then require it, otherwise don't */
3335 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3336 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3337 return HCI_AT_DEDICATED_BONDING;
3339 return HCI_AT_DEDICATED_BONDING_MITM;
3342 /* If remote requests no-bonding follow that lead */
3343 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3344 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3345 return conn->remote_auth | (conn->auth_type & 0x01);
3347 return conn->auth_type;
3350 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3352 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3353 struct hci_conn *conn;
3355 BT_DBG("%s", hdev->name);
3359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3363 hci_conn_hold(conn);
3365 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3368 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3369 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3370 struct hci_cp_io_capability_reply cp;
3372 bacpy(&cp.bdaddr, &ev->bdaddr);
3373 /* Change the IO capability from KeyboardDisplay
3374 * to DisplayYesNo as it is not supported by BT spec. */
3375 cp.capability = (conn->io_capability == 0x04) ?
3376 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3377 conn->auth_type = hci_get_auth_req(conn);
3378 cp.authentication = conn->auth_type;
3380 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3381 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3386 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3389 struct hci_cp_io_capability_neg_reply cp;
3391 bacpy(&cp.bdaddr, &ev->bdaddr);
3392 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3394 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3399 hci_dev_unlock(hdev);
3402 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3404 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3405 struct hci_conn *conn;
3407 BT_DBG("%s", hdev->name);
3411 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3415 conn->remote_cap = ev->capability;
3416 conn->remote_auth = ev->authentication;
3418 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3421 hci_dev_unlock(hdev);
3424 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3425 struct sk_buff *skb)
3427 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3428 int loc_mitm, rem_mitm, confirm_hint = 0;
3429 struct hci_conn *conn;
3431 BT_DBG("%s", hdev->name);
3435 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3438 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3442 loc_mitm = (conn->auth_type & 0x01);
3443 rem_mitm = (conn->remote_auth & 0x01);
3445 /* If we require MITM but the remote device can't provide that
3446 * (it has NoInputNoOutput) then reject the confirmation
3447 * request. The only exception is when we're dedicated bonding
3448 * initiators (connect_cfm_cb set) since then we always have the MITM
3450 if (!conn->connect_cfm_cb && loc_mitm &&
3451 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3452 BT_DBG("Rejecting request: remote device can't provide MITM");
3453 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3454 sizeof(ev->bdaddr), &ev->bdaddr);
3458 /* If no side requires MITM protection; auto-accept */
3459 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3460 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3462 /* If we're not the initiators request authorization to
3463 * proceed from user space (mgmt_user_confirm with
3464 * confirm_hint set to 1). */
3465 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3466 BT_DBG("Confirming auto-accept as acceptor");
3471 BT_DBG("Auto-accept of user confirmation with %ums delay",
3472 hdev->auto_accept_delay);
3474 if (hdev->auto_accept_delay > 0) {
3475 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3476 queue_delayed_work(conn->hdev->workqueue,
3477 &conn->auto_accept_work, delay);
3481 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3482 sizeof(ev->bdaddr), &ev->bdaddr);
3487 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3488 le32_to_cpu(ev->passkey), confirm_hint);
3491 hci_dev_unlock(hdev);
3494 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3495 struct sk_buff *skb)
3497 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3499 BT_DBG("%s", hdev->name);
3501 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3502 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3505 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3506 struct sk_buff *skb)
3508 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3509 struct hci_conn *conn;
3511 BT_DBG("%s", hdev->name);
3513 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3517 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3518 conn->passkey_entered = 0;
3520 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3521 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3522 conn->dst_type, conn->passkey_notify,
3523 conn->passkey_entered);
3526 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3528 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3529 struct hci_conn *conn;
3531 BT_DBG("%s", hdev->name);
3533 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3538 case HCI_KEYPRESS_STARTED:
3539 conn->passkey_entered = 0;
3542 case HCI_KEYPRESS_ENTERED:
3543 conn->passkey_entered++;
3546 case HCI_KEYPRESS_ERASED:
3547 conn->passkey_entered--;
3550 case HCI_KEYPRESS_CLEARED:
3551 conn->passkey_entered = 0;
3554 case HCI_KEYPRESS_COMPLETED:
3558 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3559 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3560 conn->dst_type, conn->passkey_notify,
3561 conn->passkey_entered);
3564 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3565 struct sk_buff *skb)
3567 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3568 struct hci_conn *conn;
3570 BT_DBG("%s", hdev->name);
3574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3578 /* To avoid duplicate auth_failed events to user space we check
3579 * the HCI_CONN_AUTH_PEND flag which will be set if we
3580 * initiated the authentication. A traditional auth_complete
3581 * event gets always produced as initiator and is also mapped to
3582 * the mgmt_auth_failed event */
3583 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3584 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3587 hci_conn_drop(conn);
3590 hci_dev_unlock(hdev);
3593 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3594 struct sk_buff *skb)
3596 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3597 struct inquiry_entry *ie;
3598 struct hci_conn *conn;
3600 BT_DBG("%s", hdev->name);
3604 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3606 memcpy(conn->features[1], ev->features, 8);
3608 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3610 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3612 hci_dev_unlock(hdev);
3615 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3616 struct sk_buff *skb)
3618 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3619 struct oob_data *data;
3621 BT_DBG("%s", hdev->name);
3625 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3628 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3630 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3631 struct hci_cp_remote_oob_ext_data_reply cp;
3633 bacpy(&cp.bdaddr, &ev->bdaddr);
3634 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3635 memcpy(cp.randomizer192, data->randomizer192,
3636 sizeof(cp.randomizer192));
3637 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3638 memcpy(cp.randomizer256, data->randomizer256,
3639 sizeof(cp.randomizer256));
3641 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3644 struct hci_cp_remote_oob_data_reply cp;
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
3647 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3648 memcpy(cp.randomizer, data->randomizer192,
3649 sizeof(cp.randomizer));
3651 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3655 struct hci_cp_remote_oob_data_neg_reply cp;
3657 bacpy(&cp.bdaddr, &ev->bdaddr);
3658 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3663 hci_dev_unlock(hdev);
3666 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3667 struct sk_buff *skb)
3669 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3670 struct hci_conn *hcon, *bredr_hcon;
3672 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3677 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3679 hci_dev_unlock(hdev);
3685 hci_dev_unlock(hdev);
3689 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3691 hcon->state = BT_CONNECTED;
3692 bacpy(&hcon->dst, &bredr_hcon->dst);
3694 hci_conn_hold(hcon);
3695 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3696 hci_conn_drop(hcon);
3698 hci_conn_add_sysfs(hcon);
3700 amp_physical_cfm(bredr_hcon, hcon);
3702 hci_dev_unlock(hdev);
3705 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3707 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3708 struct hci_conn *hcon;
3709 struct hci_chan *hchan;
3710 struct amp_mgr *mgr;
3712 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3713 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3716 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3720 /* Create AMP hchan */
3721 hchan = hci_chan_create(hcon);
3725 hchan->handle = le16_to_cpu(ev->handle);
3727 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3729 mgr = hcon->amp_mgr;
3730 if (mgr && mgr->bredr_chan) {
3731 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3733 l2cap_chan_lock(bredr_chan);
3735 bredr_chan->conn->mtu = hdev->block_mtu;
3736 l2cap_logical_cfm(bredr_chan, hchan, 0);
3737 hci_conn_hold(hcon);
3739 l2cap_chan_unlock(bredr_chan);
3743 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3744 struct sk_buff *skb)
3746 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3747 struct hci_chan *hchan;
3749 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3750 le16_to_cpu(ev->handle), ev->status);
3757 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3761 amp_destroy_logical_link(hchan, ev->reason);
3764 hci_dev_unlock(hdev);
3767 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3768 struct sk_buff *skb)
3770 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3771 struct hci_conn *hcon;
3773 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3780 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3782 hcon->state = BT_CLOSED;
3786 hci_dev_unlock(hdev);
3789 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3791 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3792 struct hci_conn *conn;
3793 struct smp_irk *irk;
3795 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3799 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3801 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3803 BT_ERR("No memory for new connection");
3807 conn->dst_type = ev->bdaddr_type;
3809 /* The advertising parameters for own address type
3810 * define which source address and source address
3811 * type this connections has.
3813 if (bacmp(&conn->src, BDADDR_ANY)) {
3814 conn->src_type = ADDR_LE_DEV_PUBLIC;
3816 bacpy(&conn->src, &hdev->static_addr);
3817 conn->src_type = ADDR_LE_DEV_RANDOM;
3820 if (ev->role == LE_CONN_ROLE_MASTER) {
3822 conn->link_mode |= HCI_LM_MASTER;
3825 /* If we didn't have a hci_conn object previously
3826 * but we're in master role this must be something
3827 * initiated using a white list. Since white list based
3828 * connections are not "first class citizens" we don't
3829 * have full tracking of them. Therefore, we go ahead
3830 * with a "best effort" approach of determining the
3831 * initiator address based on the HCI_PRIVACY flag.
3834 conn->resp_addr_type = ev->bdaddr_type;
3835 bacpy(&conn->resp_addr, &ev->bdaddr);
3836 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3837 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3838 bacpy(&conn->init_addr, &hdev->rpa);
3840 hci_copy_identity_address(hdev,
3842 &conn->init_addr_type);
3845 /* Set the responder (our side) address type based on
3846 * the advertising address type.
3848 conn->resp_addr_type = hdev->adv_addr_type;
3849 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3850 bacpy(&conn->resp_addr, &hdev->random_addr);
3852 bacpy(&conn->resp_addr, &hdev->bdaddr);
3854 conn->init_addr_type = ev->bdaddr_type;
3855 bacpy(&conn->init_addr, &ev->bdaddr);
3858 cancel_delayed_work(&conn->le_conn_timeout);
3861 /* Ensure that the hci_conn contains the identity address type
3862 * regardless of which address the connection was made with.
3864 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
3866 /* Lookup the identity address from the stored connection
3867 * address and address type.
3869 * When establishing connections to an identity address, the
3870 * connection procedure will store the resolvable random
3871 * address first. Now if it can be converted back into the
3872 * identity address, start using the identity address from
3875 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3877 bacpy(&conn->dst, &irk->bdaddr);
3878 conn->dst_type = irk->addr_type;
3882 hci_le_conn_failed(conn, ev->status);
3886 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3887 mgmt_device_connected(hdev, &conn->dst, conn->type,
3888 conn->dst_type, 0, NULL, 0, NULL);
3890 conn->sec_level = BT_SECURITY_LOW;
3891 conn->handle = __le16_to_cpu(ev->handle);
3892 conn->state = BT_CONNECTED;
3894 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3895 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3897 hci_conn_add_sysfs(conn);
3899 hci_proto_connect_cfm(conn, ev->status);
3901 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3904 hci_dev_unlock(hdev);
3907 /* This function requires the caller holds hdev->lock */
3908 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3911 struct hci_conn *conn;
3912 struct smp_irk *irk;
3914 /* If this is a resolvable address, we should resolve it and then
3915 * update address and address type variables.
3917 irk = hci_get_irk(hdev, addr, addr_type);
3919 addr = &irk->bdaddr;
3920 addr_type = irk->addr_type;
3923 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3926 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3931 switch (PTR_ERR(conn)) {
3933 /* If hci_connect() returns -EBUSY it means there is already
3934 * an LE connection attempt going on. Since controllers don't
3935 * support more than one connection attempt at the time, we
3936 * don't consider this an error case.
3940 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3944 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3946 u8 num_reports = skb->data[0];
3947 void *ptr = &skb->data[1];
3952 while (num_reports--) {
3953 struct hci_ev_le_advertising_info *ev = ptr;
3955 if (ev->evt_type == LE_ADV_IND ||
3956 ev->evt_type == LE_ADV_DIRECT_IND)
3957 check_pending_le_conn(hdev, &ev->bdaddr,
3960 rssi = ev->data[ev->length];
3961 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3962 NULL, rssi, 0, 1, ev->data, ev->length);
3964 ptr += sizeof(*ev) + ev->length + 1;
3967 hci_dev_unlock(hdev);
3970 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3972 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3973 struct hci_cp_le_ltk_reply cp;
3974 struct hci_cp_le_ltk_neg_reply neg;
3975 struct hci_conn *conn;
3976 struct smp_ltk *ltk;
3978 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3982 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3986 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
3990 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3991 cp.handle = cpu_to_le16(conn->handle);
3993 if (ltk->authenticated)
3994 conn->pending_sec_level = BT_SECURITY_HIGH;
3996 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3998 conn->enc_key_size = ltk->enc_size;
4000 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4002 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4003 * temporary key used to encrypt a connection following
4004 * pairing. It is used during the Encrypted Session Setup to
4005 * distribute the keys. Later, security can be re-established
4006 * using a distributed LTK.
4008 if (ltk->type == HCI_SMP_STK_SLAVE) {
4009 list_del(<k->list);
4013 hci_dev_unlock(hdev);
4018 neg.handle = ev->handle;
4019 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4020 hci_dev_unlock(hdev);
4023 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4025 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4027 skb_pull(skb, sizeof(*le_ev));
4029 switch (le_ev->subevent) {
4030 case HCI_EV_LE_CONN_COMPLETE:
4031 hci_le_conn_complete_evt(hdev, skb);
4034 case HCI_EV_LE_ADVERTISING_REPORT:
4035 hci_le_adv_report_evt(hdev, skb);
4038 case HCI_EV_LE_LTK_REQ:
4039 hci_le_ltk_request_evt(hdev, skb);
4047 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4049 struct hci_ev_channel_selected *ev = (void *) skb->data;
4050 struct hci_conn *hcon;
4052 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4054 skb_pull(skb, sizeof(*ev));
4056 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4060 amp_read_loc_assoc_final_data(hdev, hcon);
4063 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4065 struct hci_event_hdr *hdr = (void *) skb->data;
4066 __u8 event = hdr->evt;
4070 /* Received events are (currently) only needed when a request is
4071 * ongoing so avoid unnecessary memory allocation.
4073 if (hdev->req_status == HCI_REQ_PEND) {
4074 kfree_skb(hdev->recv_evt);
4075 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4078 hci_dev_unlock(hdev);
4080 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4082 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4083 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4084 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4086 hci_req_cmd_complete(hdev, opcode, 0);
4090 case HCI_EV_INQUIRY_COMPLETE:
4091 hci_inquiry_complete_evt(hdev, skb);
4094 case HCI_EV_INQUIRY_RESULT:
4095 hci_inquiry_result_evt(hdev, skb);
4098 case HCI_EV_CONN_COMPLETE:
4099 hci_conn_complete_evt(hdev, skb);
4102 case HCI_EV_CONN_REQUEST:
4103 hci_conn_request_evt(hdev, skb);
4106 case HCI_EV_DISCONN_COMPLETE:
4107 hci_disconn_complete_evt(hdev, skb);
4110 case HCI_EV_AUTH_COMPLETE:
4111 hci_auth_complete_evt(hdev, skb);
4114 case HCI_EV_REMOTE_NAME:
4115 hci_remote_name_evt(hdev, skb);
4118 case HCI_EV_ENCRYPT_CHANGE:
4119 hci_encrypt_change_evt(hdev, skb);
4122 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4123 hci_change_link_key_complete_evt(hdev, skb);
4126 case HCI_EV_REMOTE_FEATURES:
4127 hci_remote_features_evt(hdev, skb);
4130 case HCI_EV_CMD_COMPLETE:
4131 hci_cmd_complete_evt(hdev, skb);
4134 case HCI_EV_CMD_STATUS:
4135 hci_cmd_status_evt(hdev, skb);
4138 case HCI_EV_ROLE_CHANGE:
4139 hci_role_change_evt(hdev, skb);
4142 case HCI_EV_NUM_COMP_PKTS:
4143 hci_num_comp_pkts_evt(hdev, skb);
4146 case HCI_EV_MODE_CHANGE:
4147 hci_mode_change_evt(hdev, skb);
4150 case HCI_EV_PIN_CODE_REQ:
4151 hci_pin_code_request_evt(hdev, skb);
4154 case HCI_EV_LINK_KEY_REQ:
4155 hci_link_key_request_evt(hdev, skb);
4158 case HCI_EV_LINK_KEY_NOTIFY:
4159 hci_link_key_notify_evt(hdev, skb);
4162 case HCI_EV_CLOCK_OFFSET:
4163 hci_clock_offset_evt(hdev, skb);
4166 case HCI_EV_PKT_TYPE_CHANGE:
4167 hci_pkt_type_change_evt(hdev, skb);
4170 case HCI_EV_PSCAN_REP_MODE:
4171 hci_pscan_rep_mode_evt(hdev, skb);
4174 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4175 hci_inquiry_result_with_rssi_evt(hdev, skb);
4178 case HCI_EV_REMOTE_EXT_FEATURES:
4179 hci_remote_ext_features_evt(hdev, skb);
4182 case HCI_EV_SYNC_CONN_COMPLETE:
4183 hci_sync_conn_complete_evt(hdev, skb);
4186 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4187 hci_extended_inquiry_result_evt(hdev, skb);
4190 case HCI_EV_KEY_REFRESH_COMPLETE:
4191 hci_key_refresh_complete_evt(hdev, skb);
4194 case HCI_EV_IO_CAPA_REQUEST:
4195 hci_io_capa_request_evt(hdev, skb);
4198 case HCI_EV_IO_CAPA_REPLY:
4199 hci_io_capa_reply_evt(hdev, skb);
4202 case HCI_EV_USER_CONFIRM_REQUEST:
4203 hci_user_confirm_request_evt(hdev, skb);
4206 case HCI_EV_USER_PASSKEY_REQUEST:
4207 hci_user_passkey_request_evt(hdev, skb);
4210 case HCI_EV_USER_PASSKEY_NOTIFY:
4211 hci_user_passkey_notify_evt(hdev, skb);
4214 case HCI_EV_KEYPRESS_NOTIFY:
4215 hci_keypress_notify_evt(hdev, skb);
4218 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4219 hci_simple_pair_complete_evt(hdev, skb);
4222 case HCI_EV_REMOTE_HOST_FEATURES:
4223 hci_remote_host_features_evt(hdev, skb);
4226 case HCI_EV_LE_META:
4227 hci_le_meta_evt(hdev, skb);
4230 case HCI_EV_CHANNEL_SELECTED:
4231 hci_chan_selected_evt(hdev, skb);
4234 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4235 hci_remote_oob_data_request_evt(hdev, skb);
4238 case HCI_EV_PHY_LINK_COMPLETE:
4239 hci_phy_link_complete_evt(hdev, skb);
4242 case HCI_EV_LOGICAL_LINK_COMPLETE:
4243 hci_loglink_complete_evt(hdev, skb);
4246 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4247 hci_disconn_loglink_complete_evt(hdev, skb);
4250 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4251 hci_disconn_phylink_complete_evt(hdev, skb);
4254 case HCI_EV_NUM_COMP_BLOCKS:
4255 hci_num_comp_blocks_evt(hdev, skb);
4259 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4264 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob