2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 clear_bit(HCI_CONN_MASTER, &conn->flags);
108 set_bit(HCI_CONN_MASTER, &conn->flags);
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 /* Reset all non-persistent flags */
195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
197 hdev->discovery.state = DISCOVERY_STOPPED;
198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
207 hdev->le_scan_type = LE_SCAN_PASSIVE;
209 hdev->ssp_debug_mode = 0;
212 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214 __u8 status = *((__u8 *) skb->data);
217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
230 hci_dev_unlock(hdev);
233 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
246 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
248 __u8 status = *((__u8 *) skb->data);
251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
258 __u8 param = *((__u8 *) sent);
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
263 clear_bit(HCI_AUTH, &hdev->flags);
266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
291 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 param = *((__u8 *) sent);
308 mgmt_write_scan_failed(hdev, param, status);
309 hdev->discov_timeout = 0;
313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
324 mgmt_discoverable(hdev, 1);
325 } else if (old_iscan)
326 mgmt_discoverable(hdev, 0);
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
331 mgmt_connectable(hdev, 1);
332 } else if (old_pscan)
333 mgmt_connectable(hdev, 0);
336 hci_dev_unlock(hdev);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
438 hdev->num_iac = rp->num_iac;
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
443 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
445 __u8 status = *((__u8 *) skb->data);
446 struct hci_cp_write_ssp_mode *sent;
448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 hdev->features[1][0] |= LMP_HOST_SSP;
458 hdev->features[1][0] &= ~LMP_HOST_SSP;
461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 hdev->features[1][0] |= LMP_HOST_SC;
486 hdev->features[1][0] &= ~LMP_HOST_SC;
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
517 static void hci_cc_read_local_commands(struct hci_dev *hdev,
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
531 static void hci_cc_read_local_features(struct hci_dev *hdev,
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
541 memcpy(hdev->features, rp->features, 8);
543 /* Adjust default settings according to features
544 * supported by device. */
546 if (hdev->features[0][0] & LMP_3SLOT)
547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
549 if (hdev->features[0][0] & LMP_5SLOT)
550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
552 if (hdev->features[0][1] & LMP_HV2) {
553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
557 if (hdev->features[0][1] & LMP_HV3) {
558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
562 if (lmp_esco_capable(hdev))
563 hdev->esco_type |= (ESCO_EV3);
565 if (hdev->features[0][4] & LMP_EV4)
566 hdev->esco_type |= (ESCO_EV4);
568 if (hdev->features[0][4] & LMP_EV5)
569 hdev->esco_type |= (ESCO_EV5);
571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
572 hdev->esco_type |= (ESCO_2EV3);
574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
575 hdev->esco_type |= (ESCO_3EV3);
577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
581 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
598 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606 hdev->flow_ctl_mode = rp->mode;
609 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
635 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
645 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
658 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
677 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
688 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
691 u8 status = *((u8 *) skb->data);
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
701 hdev->page_scan_type = *type;
704 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
718 hdev->block_cnt = hdev->num_blocks;
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
721 hdev->block_cnt, hdev->block_len);
724 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
726 struct hci_rp_read_clock *rp = (void *) skb->data;
727 struct hci_cp_read_clock *cp;
728 struct hci_conn *conn;
730 BT_DBG("%s", hdev->name);
732 if (skb->len < sizeof(*rp))
740 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
744 if (cp->which == 0x00) {
745 hdev->clock = le32_to_cpu(rp->clock);
749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
751 conn->clock = le32_to_cpu(rp->clock);
752 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
756 hci_dev_unlock(hdev);
759 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
762 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 hdev->amp_status = rp->amp_status;
770 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
771 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
772 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
773 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
774 hdev->amp_type = rp->amp_type;
775 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
776 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
777 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
778 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
781 a2mp_send_getinfo_rsp(hdev);
784 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
787 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
788 struct amp_assoc *assoc = &hdev->loc_assoc;
789 size_t rem_len, frag_len;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
796 frag_len = skb->len - sizeof(*rp);
797 rem_len = __le16_to_cpu(rp->rem_len);
799 if (rem_len > frag_len) {
800 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
802 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
803 assoc->offset += frag_len;
805 /* Read other fragments */
806 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
811 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
812 assoc->len = assoc->offset + rem_len;
816 /* Send A2MP Rsp when all fragments are received */
817 a2mp_send_getampassoc_rsp(hdev, rp->status);
818 a2mp_send_create_phy_link_req(hdev, rp->status);
821 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
824 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829 hdev->inq_tx_power = rp->tx_power;
832 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
834 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
835 struct hci_cp_pin_code_reply *cp;
836 struct hci_conn *conn;
838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
843 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
848 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
854 conn->pin_length = cp->pin_len;
857 hci_dev_unlock(hdev);
860 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
862 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
869 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
872 hci_dev_unlock(hdev);
875 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
878 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
885 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
886 hdev->le_pkts = rp->le_max_pkt;
888 hdev->le_cnt = hdev->le_pkts;
890 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
893 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
896 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 memcpy(hdev->le_features, rp->features, 8);
904 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
907 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 hdev->adv_tx_power = rp->tx_power;
915 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
923 if (test_bit(HCI_MGMT, &hdev->dev_flags))
924 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
927 hci_dev_unlock(hdev);
930 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
933 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
939 if (test_bit(HCI_MGMT, &hdev->dev_flags))
940 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
941 ACL_LINK, 0, rp->status);
943 hci_dev_unlock(hdev);
946 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954 if (test_bit(HCI_MGMT, &hdev->dev_flags))
955 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
958 hci_dev_unlock(hdev);
961 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
971 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
972 ACL_LINK, 0, rp->status);
974 hci_dev_unlock(hdev);
977 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
980 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
986 NULL, NULL, rp->status);
987 hci_dev_unlock(hdev);
990 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
993 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
998 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
999 rp->hash256, rp->randomizer256,
1001 hci_dev_unlock(hdev);
1005 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1007 __u8 status = *((__u8 *) skb->data);
1010 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1012 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1019 bacpy(&hdev->random_addr, sent);
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1026 __u8 *sent, status = *((__u8 *) skb->data);
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1030 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1039 /* If we're doing connection initation as peripheral. Set a
1040 * timeout in case something goes wrong.
1043 struct hci_conn *conn;
1045 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1047 queue_delayed_work(hdev->workqueue,
1048 &conn->le_conn_timeout,
1049 HCI_LE_CONN_TIMEOUT);
1052 mgmt_advertising(hdev, *sent);
1054 hci_dev_unlock(hdev);
1057 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1059 struct hci_cp_le_set_scan_param *cp;
1060 __u8 status = *((__u8 *) skb->data);
1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1064 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1071 hdev->le_scan_type = cp->type;
1073 hci_dev_unlock(hdev);
1076 static bool has_pending_adv_report(struct hci_dev *hdev)
1078 struct discovery_state *d = &hdev->discovery;
1080 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1083 static void clear_pending_adv_report(struct hci_dev *hdev)
1085 struct discovery_state *d = &hdev->discovery;
1087 bacpy(&d->last_adv_addr, BDADDR_ANY);
1088 d->last_adv_data_len = 0;
1091 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1092 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
1094 struct discovery_state *d = &hdev->discovery;
1096 bacpy(&d->last_adv_addr, bdaddr);
1097 d->last_adv_addr_type = bdaddr_type;
1098 d->last_adv_rssi = rssi;
1099 memcpy(d->last_adv_data, data, len);
1100 d->last_adv_data_len = len;
1103 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1104 struct sk_buff *skb)
1106 struct hci_cp_le_set_scan_enable *cp;
1107 __u8 status = *((__u8 *) skb->data);
1109 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1111 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1118 switch (cp->enable) {
1119 case LE_SCAN_ENABLE:
1120 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1121 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1122 clear_pending_adv_report(hdev);
1125 case LE_SCAN_DISABLE:
1126 /* We do this here instead of when setting DISCOVERY_STOPPED
1127 * since the latter would potentially require waiting for
1128 * inquiry to stop too.
1130 if (has_pending_adv_report(hdev)) {
1131 struct discovery_state *d = &hdev->discovery;
1133 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1134 d->last_adv_addr_type, NULL,
1135 d->last_adv_rssi, 0, 1,
1137 d->last_adv_data_len, NULL, 0);
1140 /* Cancel this timer so that we don't try to disable scanning
1141 * when it's already disabled.
1143 cancel_delayed_work(&hdev->le_scan_disable);
1145 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1146 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1147 * interrupted scanning due to a connect request. Mark
1148 * therefore discovery as stopped.
1150 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1152 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1156 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1161 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1162 struct sk_buff *skb)
1164 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1166 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1169 hdev->le_white_list_size = rp->size;
1172 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1173 struct sk_buff *skb)
1175 __u8 status = *((__u8 *) skb->data);
1177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1180 hci_white_list_clear(hdev);
1183 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1184 struct sk_buff *skb)
1186 struct hci_cp_le_add_to_white_list *sent;
1187 __u8 status = *((__u8 *) skb->data);
1189 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1191 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1196 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1199 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1202 struct hci_cp_le_del_from_white_list *sent;
1203 __u8 status = *((__u8 *) skb->data);
1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1207 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1212 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1215 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1218 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1220 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1223 memcpy(hdev->le_states, rp->le_states, 8);
1226 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1227 struct sk_buff *skb)
1229 struct hci_cp_write_le_host_supported *sent;
1230 __u8 status = *((__u8 *) skb->data);
1232 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1240 hdev->features[1][0] |= LMP_HOST_LE;
1241 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1243 hdev->features[1][0] &= ~LMP_HOST_LE;
1244 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1245 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1249 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1251 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1255 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1257 struct hci_cp_le_set_adv_param *cp;
1258 u8 status = *((u8 *) skb->data);
1260 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1265 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1270 hdev->adv_addr_type = cp->own_address_type;
1271 hci_dev_unlock(hdev);
1274 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1275 struct sk_buff *skb)
1277 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1279 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1280 hdev->name, rp->status, rp->phy_handle);
1285 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1288 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1290 struct hci_rp_read_rssi *rp = (void *) skb->data;
1291 struct hci_conn *conn;
1293 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1300 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1302 conn->rssi = rp->rssi;
1304 hci_dev_unlock(hdev);
1307 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1309 struct hci_cp_read_tx_power *sent;
1310 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1311 struct hci_conn *conn;
1313 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1318 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1328 switch (sent->type) {
1330 conn->tx_power = rp->tx_power;
1333 conn->max_tx_power = rp->tx_power;
1338 hci_dev_unlock(hdev);
1341 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1343 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1346 hci_conn_check_pending(hdev);
1350 set_bit(HCI_INQUIRY, &hdev->flags);
1353 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1355 struct hci_cp_create_conn *cp;
1356 struct hci_conn *conn;
1358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1360 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1368 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1371 if (conn && conn->state == BT_CONNECT) {
1372 if (status != 0x0c || conn->attempt > 2) {
1373 conn->state = BT_CLOSED;
1374 hci_proto_connect_cfm(conn, status);
1377 conn->state = BT_CONNECT2;
1381 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1384 set_bit(HCI_CONN_MASTER, &conn->flags);
1386 BT_ERR("No memory for new connection");
1390 hci_dev_unlock(hdev);
1393 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1395 struct hci_cp_add_sco *cp;
1396 struct hci_conn *acl, *sco;
1399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1404 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1408 handle = __le16_to_cpu(cp->handle);
1410 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1414 acl = hci_conn_hash_lookup_handle(hdev, handle);
1418 sco->state = BT_CLOSED;
1420 hci_proto_connect_cfm(sco, status);
1425 hci_dev_unlock(hdev);
1428 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1430 struct hci_cp_auth_requested *cp;
1431 struct hci_conn *conn;
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1446 if (conn->state == BT_CONFIG) {
1447 hci_proto_connect_cfm(conn, status);
1448 hci_conn_drop(conn);
1452 hci_dev_unlock(hdev);
1455 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1457 struct hci_cp_set_conn_encrypt *cp;
1458 struct hci_conn *conn;
1460 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1465 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1473 if (conn->state == BT_CONFIG) {
1474 hci_proto_connect_cfm(conn, status);
1475 hci_conn_drop(conn);
1479 hci_dev_unlock(hdev);
1482 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1483 struct hci_conn *conn)
1485 if (conn->state != BT_CONFIG || !conn->out)
1488 if (conn->pending_sec_level == BT_SECURITY_SDP)
1491 /* Only request authentication for SSP connections or non-SSP
1492 * devices with sec_level MEDIUM or HIGH or if MITM protection
1495 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1496 conn->pending_sec_level != BT_SECURITY_FIPS &&
1497 conn->pending_sec_level != BT_SECURITY_HIGH &&
1498 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1504 static int hci_resolve_name(struct hci_dev *hdev,
1505 struct inquiry_entry *e)
1507 struct hci_cp_remote_name_req cp;
1509 memset(&cp, 0, sizeof(cp));
1511 bacpy(&cp.bdaddr, &e->data.bdaddr);
1512 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1513 cp.pscan_mode = e->data.pscan_mode;
1514 cp.clock_offset = e->data.clock_offset;
1516 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1519 static bool hci_resolve_next_name(struct hci_dev *hdev)
1521 struct discovery_state *discov = &hdev->discovery;
1522 struct inquiry_entry *e;
1524 if (list_empty(&discov->resolve))
1527 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1531 if (hci_resolve_name(hdev, e) == 0) {
1532 e->name_state = NAME_PENDING;
1539 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1540 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1542 struct discovery_state *discov = &hdev->discovery;
1543 struct inquiry_entry *e;
1545 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1546 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1547 name_len, conn->dev_class);
1549 if (discov->state == DISCOVERY_STOPPED)
1552 if (discov->state == DISCOVERY_STOPPING)
1553 goto discov_complete;
1555 if (discov->state != DISCOVERY_RESOLVING)
1558 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1559 /* If the device was not found in a list of found devices names of which
1560 * are pending. there is no need to continue resolving a next name as it
1561 * will be done upon receiving another Remote Name Request Complete
1568 e->name_state = NAME_KNOWN;
1569 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1570 e->data.rssi, name, name_len);
1572 e->name_state = NAME_NOT_KNOWN;
1575 if (hci_resolve_next_name(hdev))
1579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1582 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1584 struct hci_cp_remote_name_req *cp;
1585 struct hci_conn *conn;
1587 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1589 /* If successful wait for the name req complete event before
1590 * checking for the need to do authentication */
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1602 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1603 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1608 if (!hci_outgoing_auth_needed(hdev, conn))
1611 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1612 struct hci_cp_auth_requested auth_cp;
1614 auth_cp.handle = __cpu_to_le16(conn->handle);
1615 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1616 sizeof(auth_cp), &auth_cp);
1620 hci_dev_unlock(hdev);
1623 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1625 struct hci_cp_read_remote_features *cp;
1626 struct hci_conn *conn;
1628 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1633 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1639 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1641 if (conn->state == BT_CONFIG) {
1642 hci_proto_connect_cfm(conn, status);
1643 hci_conn_drop(conn);
1647 hci_dev_unlock(hdev);
1650 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1652 struct hci_cp_read_remote_ext_features *cp;
1653 struct hci_conn *conn;
1655 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1660 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1668 if (conn->state == BT_CONFIG) {
1669 hci_proto_connect_cfm(conn, status);
1670 hci_conn_drop(conn);
1674 hci_dev_unlock(hdev);
1677 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1679 struct hci_cp_setup_sync_conn *cp;
1680 struct hci_conn *acl, *sco;
1683 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1688 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1692 handle = __le16_to_cpu(cp->handle);
1694 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1698 acl = hci_conn_hash_lookup_handle(hdev, handle);
1702 sco->state = BT_CLOSED;
1704 hci_proto_connect_cfm(sco, status);
1709 hci_dev_unlock(hdev);
1712 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1714 struct hci_cp_sniff_mode *cp;
1715 struct hci_conn *conn;
1717 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1722 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1730 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1732 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1733 hci_sco_setup(conn, status);
1736 hci_dev_unlock(hdev);
1739 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1741 struct hci_cp_exit_sniff_mode *cp;
1742 struct hci_conn *conn;
1744 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1749 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1755 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1757 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1759 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1760 hci_sco_setup(conn, status);
1763 hci_dev_unlock(hdev);
1766 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1768 struct hci_cp_disconnect *cp;
1769 struct hci_conn *conn;
1774 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1780 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1782 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1783 conn->dst_type, status);
1785 hci_dev_unlock(hdev);
1788 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1790 struct hci_cp_create_phy_link *cp;
1792 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1794 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1801 struct hci_conn *hcon;
1803 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1807 amp_write_remote_assoc(hdev, cp->phy_handle);
1810 hci_dev_unlock(hdev);
1813 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1815 struct hci_cp_accept_phy_link *cp;
1817 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1822 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1826 amp_write_remote_assoc(hdev, cp->phy_handle);
1829 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1831 struct hci_cp_le_create_conn *cp;
1832 struct hci_conn *conn;
1834 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836 /* All connection failure handling is taken care of by the
1837 * hci_le_conn_failed function which is triggered by the HCI
1838 * request completion callbacks used for connecting.
1843 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1849 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1853 /* Store the initiator and responder address information which
1854 * is needed for SMP. These values will not change during the
1855 * lifetime of the connection.
1857 conn->init_addr_type = cp->own_address_type;
1858 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1859 bacpy(&conn->init_addr, &hdev->random_addr);
1861 bacpy(&conn->init_addr, &hdev->bdaddr);
1863 conn->resp_addr_type = cp->peer_addr_type;
1864 bacpy(&conn->resp_addr, &cp->peer_addr);
1866 /* We don't want the connection attempt to stick around
1867 * indefinitely since LE doesn't have a page timeout concept
1868 * like BR/EDR. Set a timer for any connection that doesn't use
1869 * the white list for connecting.
1871 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1872 queue_delayed_work(conn->hdev->workqueue,
1873 &conn->le_conn_timeout,
1874 HCI_LE_CONN_TIMEOUT);
1877 hci_dev_unlock(hdev);
1880 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1882 struct hci_cp_le_start_enc *cp;
1883 struct hci_conn *conn;
1885 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1892 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1900 if (conn->state != BT_CONNECTED)
1903 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1904 hci_conn_drop(conn);
1907 hci_dev_unlock(hdev);
1910 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1912 __u8 status = *((__u8 *) skb->data);
1913 struct discovery_state *discov = &hdev->discovery;
1914 struct inquiry_entry *e;
1916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1918 hci_conn_check_pending(hdev);
1920 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1923 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1924 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1926 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1931 if (discov->state != DISCOVERY_FINDING)
1934 if (list_empty(&discov->resolve)) {
1935 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1939 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1940 if (e && hci_resolve_name(hdev, e) == 0) {
1941 e->name_state = NAME_PENDING;
1942 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1944 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1948 hci_dev_unlock(hdev);
1951 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1953 struct inquiry_data data;
1954 struct inquiry_info *info = (void *) (skb->data + 1);
1955 int num_rsp = *((__u8 *) skb->data);
1957 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1962 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1967 for (; num_rsp; num_rsp--, info++) {
1968 bool name_known, ssp;
1970 bacpy(&data.bdaddr, &info->bdaddr);
1971 data.pscan_rep_mode = info->pscan_rep_mode;
1972 data.pscan_period_mode = info->pscan_period_mode;
1973 data.pscan_mode = info->pscan_mode;
1974 memcpy(data.dev_class, info->dev_class, 3);
1975 data.clock_offset = info->clock_offset;
1977 data.ssp_mode = 0x00;
1979 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1980 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1981 info->dev_class, 0, !name_known, ssp, NULL,
1985 hci_dev_unlock(hdev);
1988 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1990 struct hci_ev_conn_complete *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1993 BT_DBG("%s", hdev->name);
1997 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1999 if (ev->link_type != SCO_LINK)
2002 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2006 conn->type = SCO_LINK;
2010 conn->handle = __le16_to_cpu(ev->handle);
2012 if (conn->type == ACL_LINK) {
2013 conn->state = BT_CONFIG;
2014 hci_conn_hold(conn);
2016 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2017 !hci_find_link_key(hdev, &ev->bdaddr))
2018 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2020 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2022 conn->state = BT_CONNECTED;
2024 hci_conn_add_sysfs(conn);
2026 if (test_bit(HCI_AUTH, &hdev->flags))
2027 set_bit(HCI_CONN_AUTH, &conn->flags);
2029 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2030 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2032 /* Get remote features */
2033 if (conn->type == ACL_LINK) {
2034 struct hci_cp_read_remote_features cp;
2035 cp.handle = ev->handle;
2036 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2040 /* Set packet type for incoming connection */
2041 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2042 struct hci_cp_change_conn_ptype cp;
2043 cp.handle = ev->handle;
2044 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2045 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2049 conn->state = BT_CLOSED;
2050 if (conn->type == ACL_LINK)
2051 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2052 conn->dst_type, ev->status);
2055 if (conn->type == ACL_LINK)
2056 hci_sco_setup(conn, ev->status);
2059 hci_proto_connect_cfm(conn, ev->status);
2061 } else if (ev->link_type != ACL_LINK)
2062 hci_proto_connect_cfm(conn, ev->status);
2065 hci_dev_unlock(hdev);
2067 hci_conn_check_pending(hdev);
2070 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2072 struct hci_ev_conn_request *ev = (void *) skb->data;
2073 int mask = hdev->link_mode;
2076 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2079 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2082 if ((mask & HCI_LM_ACCEPT) &&
2083 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2084 /* Connection accepted */
2085 struct inquiry_entry *ie;
2086 struct hci_conn *conn;
2090 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2092 memcpy(ie->data.dev_class, ev->dev_class, 3);
2094 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2097 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2099 BT_ERR("No memory for new connection");
2100 hci_dev_unlock(hdev);
2105 memcpy(conn->dev_class, ev->dev_class, 3);
2107 hci_dev_unlock(hdev);
2109 if (ev->link_type == ACL_LINK ||
2110 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2111 struct hci_cp_accept_conn_req cp;
2112 conn->state = BT_CONNECT;
2114 bacpy(&cp.bdaddr, &ev->bdaddr);
2116 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2117 cp.role = 0x00; /* Become master */
2119 cp.role = 0x01; /* Remain slave */
2121 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2123 } else if (!(flags & HCI_PROTO_DEFER)) {
2124 struct hci_cp_accept_sync_conn_req cp;
2125 conn->state = BT_CONNECT;
2127 bacpy(&cp.bdaddr, &ev->bdaddr);
2128 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2130 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2131 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2132 cp.max_latency = cpu_to_le16(0xffff);
2133 cp.content_format = cpu_to_le16(hdev->voice_setting);
2134 cp.retrans_effort = 0xff;
2136 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2139 conn->state = BT_CONNECT2;
2140 hci_proto_connect_cfm(conn, 0);
2143 /* Connection rejected */
2144 struct hci_cp_reject_conn_req cp;
2146 bacpy(&cp.bdaddr, &ev->bdaddr);
2147 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2148 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2152 static u8 hci_to_mgmt_reason(u8 err)
2155 case HCI_ERROR_CONNECTION_TIMEOUT:
2156 return MGMT_DEV_DISCONN_TIMEOUT;
2157 case HCI_ERROR_REMOTE_USER_TERM:
2158 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2159 case HCI_ERROR_REMOTE_POWER_OFF:
2160 return MGMT_DEV_DISCONN_REMOTE;
2161 case HCI_ERROR_LOCAL_HOST_TERM:
2162 return MGMT_DEV_DISCONN_LOCAL_HOST;
2164 return MGMT_DEV_DISCONN_UNKNOWN;
2168 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2170 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2171 u8 reason = hci_to_mgmt_reason(ev->reason);
2172 struct hci_conn_params *params;
2173 struct hci_conn *conn;
2174 bool mgmt_connected;
2177 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2186 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2187 conn->dst_type, ev->status);
2191 conn->state = BT_CLOSED;
2193 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2194 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2195 reason, mgmt_connected);
2197 if (conn->type == ACL_LINK &&
2198 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2199 hci_remove_link_key(hdev, &conn->dst);
2201 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2203 switch (params->auto_connect) {
2204 case HCI_AUTO_CONN_LINK_LOSS:
2205 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2209 case HCI_AUTO_CONN_ALWAYS:
2210 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2220 hci_proto_disconn_cfm(conn, ev->reason);
2223 /* Re-enable advertising if necessary, since it might
2224 * have been disabled by the connection. From the
2225 * HCI_LE_Set_Advertise_Enable command description in
2226 * the core specification (v4.0):
2227 * "The Controller shall continue advertising until the Host
2228 * issues an LE_Set_Advertise_Enable command with
2229 * Advertising_Enable set to 0x00 (Advertising is disabled)
2230 * or until a connection is created or until the Advertising
2231 * is timed out due to Directed Advertising."
2233 if (type == LE_LINK)
2234 mgmt_reenable_advertising(hdev);
2237 hci_dev_unlock(hdev);
2240 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2242 struct hci_ev_auth_complete *ev = (void *) skb->data;
2243 struct hci_conn *conn;
2245 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2249 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2254 if (!hci_conn_ssp_enabled(conn) &&
2255 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2256 BT_INFO("re-auth of legacy device is not possible.");
2258 set_bit(HCI_CONN_AUTH, &conn->flags);
2259 conn->sec_level = conn->pending_sec_level;
2262 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2266 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2267 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2269 if (conn->state == BT_CONFIG) {
2270 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2271 struct hci_cp_set_conn_encrypt cp;
2272 cp.handle = ev->handle;
2274 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2277 conn->state = BT_CONNECTED;
2278 hci_proto_connect_cfm(conn, ev->status);
2279 hci_conn_drop(conn);
2282 hci_auth_cfm(conn, ev->status);
2284 hci_conn_hold(conn);
2285 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2286 hci_conn_drop(conn);
2289 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2291 struct hci_cp_set_conn_encrypt cp;
2292 cp.handle = ev->handle;
2294 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2297 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2298 hci_encrypt_cfm(conn, ev->status, 0x00);
2303 hci_dev_unlock(hdev);
2306 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2308 struct hci_ev_remote_name *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2311 BT_DBG("%s", hdev->name);
2313 hci_conn_check_pending(hdev);
2317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2319 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2322 if (ev->status == 0)
2323 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2324 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2326 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2332 if (!hci_outgoing_auth_needed(hdev, conn))
2335 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2336 struct hci_cp_auth_requested cp;
2337 cp.handle = __cpu_to_le16(conn->handle);
2338 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2342 hci_dev_unlock(hdev);
2345 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2348 struct hci_conn *conn;
2350 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2360 /* Encryption implies authentication */
2361 set_bit(HCI_CONN_AUTH, &conn->flags);
2362 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2363 conn->sec_level = conn->pending_sec_level;
2365 /* P-256 authentication key implies FIPS */
2366 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2367 set_bit(HCI_CONN_FIPS, &conn->flags);
2369 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2370 conn->type == LE_LINK)
2371 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2373 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2374 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2378 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2380 if (ev->status && conn->state == BT_CONNECTED) {
2381 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2382 hci_conn_drop(conn);
2386 if (conn->state == BT_CONFIG) {
2388 conn->state = BT_CONNECTED;
2390 /* In Secure Connections Only mode, do not allow any
2391 * connections that are not encrypted with AES-CCM
2392 * using a P-256 authenticated combination key.
2394 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2395 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2396 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2397 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2398 hci_conn_drop(conn);
2402 hci_proto_connect_cfm(conn, ev->status);
2403 hci_conn_drop(conn);
2405 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2408 hci_dev_unlock(hdev);
2411 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2412 struct sk_buff *skb)
2414 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2415 struct hci_conn *conn;
2417 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2421 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2424 set_bit(HCI_CONN_SECURE, &conn->flags);
2426 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2428 hci_key_change_cfm(conn, ev->status);
2431 hci_dev_unlock(hdev);
2434 static void hci_remote_features_evt(struct hci_dev *hdev,
2435 struct sk_buff *skb)
2437 struct hci_ev_remote_features *ev = (void *) skb->data;
2438 struct hci_conn *conn;
2440 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2449 memcpy(conn->features[0], ev->features, 8);
2451 if (conn->state != BT_CONFIG)
2454 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2455 struct hci_cp_read_remote_ext_features cp;
2456 cp.handle = ev->handle;
2458 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2463 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2464 struct hci_cp_remote_name_req cp;
2465 memset(&cp, 0, sizeof(cp));
2466 bacpy(&cp.bdaddr, &conn->dst);
2467 cp.pscan_rep_mode = 0x02;
2468 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2469 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2470 mgmt_device_connected(hdev, &conn->dst, conn->type,
2471 conn->dst_type, 0, NULL, 0,
2474 if (!hci_outgoing_auth_needed(hdev, conn)) {
2475 conn->state = BT_CONNECTED;
2476 hci_proto_connect_cfm(conn, ev->status);
2477 hci_conn_drop(conn);
2481 hci_dev_unlock(hdev);
2484 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2486 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2487 u8 status = skb->data[sizeof(*ev)];
2490 skb_pull(skb, sizeof(*ev));
2492 opcode = __le16_to_cpu(ev->opcode);
2495 case HCI_OP_INQUIRY_CANCEL:
2496 hci_cc_inquiry_cancel(hdev, skb);
2499 case HCI_OP_PERIODIC_INQ:
2500 hci_cc_periodic_inq(hdev, skb);
2503 case HCI_OP_EXIT_PERIODIC_INQ:
2504 hci_cc_exit_periodic_inq(hdev, skb);
2507 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2508 hci_cc_remote_name_req_cancel(hdev, skb);
2511 case HCI_OP_ROLE_DISCOVERY:
2512 hci_cc_role_discovery(hdev, skb);
2515 case HCI_OP_READ_LINK_POLICY:
2516 hci_cc_read_link_policy(hdev, skb);
2519 case HCI_OP_WRITE_LINK_POLICY:
2520 hci_cc_write_link_policy(hdev, skb);
2523 case HCI_OP_READ_DEF_LINK_POLICY:
2524 hci_cc_read_def_link_policy(hdev, skb);
2527 case HCI_OP_WRITE_DEF_LINK_POLICY:
2528 hci_cc_write_def_link_policy(hdev, skb);
2532 hci_cc_reset(hdev, skb);
2535 case HCI_OP_WRITE_LOCAL_NAME:
2536 hci_cc_write_local_name(hdev, skb);
2539 case HCI_OP_READ_LOCAL_NAME:
2540 hci_cc_read_local_name(hdev, skb);
2543 case HCI_OP_WRITE_AUTH_ENABLE:
2544 hci_cc_write_auth_enable(hdev, skb);
2547 case HCI_OP_WRITE_ENCRYPT_MODE:
2548 hci_cc_write_encrypt_mode(hdev, skb);
2551 case HCI_OP_WRITE_SCAN_ENABLE:
2552 hci_cc_write_scan_enable(hdev, skb);
2555 case HCI_OP_READ_CLASS_OF_DEV:
2556 hci_cc_read_class_of_dev(hdev, skb);
2559 case HCI_OP_WRITE_CLASS_OF_DEV:
2560 hci_cc_write_class_of_dev(hdev, skb);
2563 case HCI_OP_READ_VOICE_SETTING:
2564 hci_cc_read_voice_setting(hdev, skb);
2567 case HCI_OP_WRITE_VOICE_SETTING:
2568 hci_cc_write_voice_setting(hdev, skb);
2571 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2572 hci_cc_read_num_supported_iac(hdev, skb);
2575 case HCI_OP_WRITE_SSP_MODE:
2576 hci_cc_write_ssp_mode(hdev, skb);
2579 case HCI_OP_WRITE_SC_SUPPORT:
2580 hci_cc_write_sc_support(hdev, skb);
2583 case HCI_OP_READ_LOCAL_VERSION:
2584 hci_cc_read_local_version(hdev, skb);
2587 case HCI_OP_READ_LOCAL_COMMANDS:
2588 hci_cc_read_local_commands(hdev, skb);
2591 case HCI_OP_READ_LOCAL_FEATURES:
2592 hci_cc_read_local_features(hdev, skb);
2595 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2596 hci_cc_read_local_ext_features(hdev, skb);
2599 case HCI_OP_READ_BUFFER_SIZE:
2600 hci_cc_read_buffer_size(hdev, skb);
2603 case HCI_OP_READ_BD_ADDR:
2604 hci_cc_read_bd_addr(hdev, skb);
2607 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2608 hci_cc_read_page_scan_activity(hdev, skb);
2611 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2612 hci_cc_write_page_scan_activity(hdev, skb);
2615 case HCI_OP_READ_PAGE_SCAN_TYPE:
2616 hci_cc_read_page_scan_type(hdev, skb);
2619 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2620 hci_cc_write_page_scan_type(hdev, skb);
2623 case HCI_OP_READ_DATA_BLOCK_SIZE:
2624 hci_cc_read_data_block_size(hdev, skb);
2627 case HCI_OP_READ_FLOW_CONTROL_MODE:
2628 hci_cc_read_flow_control_mode(hdev, skb);
2631 case HCI_OP_READ_LOCAL_AMP_INFO:
2632 hci_cc_read_local_amp_info(hdev, skb);
2635 case HCI_OP_READ_CLOCK:
2636 hci_cc_read_clock(hdev, skb);
2639 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2640 hci_cc_read_local_amp_assoc(hdev, skb);
2643 case HCI_OP_READ_INQ_RSP_TX_POWER:
2644 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2647 case HCI_OP_PIN_CODE_REPLY:
2648 hci_cc_pin_code_reply(hdev, skb);
2651 case HCI_OP_PIN_CODE_NEG_REPLY:
2652 hci_cc_pin_code_neg_reply(hdev, skb);
2655 case HCI_OP_READ_LOCAL_OOB_DATA:
2656 hci_cc_read_local_oob_data(hdev, skb);
2659 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2660 hci_cc_read_local_oob_ext_data(hdev, skb);
2663 case HCI_OP_LE_READ_BUFFER_SIZE:
2664 hci_cc_le_read_buffer_size(hdev, skb);
2667 case HCI_OP_LE_READ_LOCAL_FEATURES:
2668 hci_cc_le_read_local_features(hdev, skb);
2671 case HCI_OP_LE_READ_ADV_TX_POWER:
2672 hci_cc_le_read_adv_tx_power(hdev, skb);
2675 case HCI_OP_USER_CONFIRM_REPLY:
2676 hci_cc_user_confirm_reply(hdev, skb);
2679 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2680 hci_cc_user_confirm_neg_reply(hdev, skb);
2683 case HCI_OP_USER_PASSKEY_REPLY:
2684 hci_cc_user_passkey_reply(hdev, skb);
2687 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2688 hci_cc_user_passkey_neg_reply(hdev, skb);
2691 case HCI_OP_LE_SET_RANDOM_ADDR:
2692 hci_cc_le_set_random_addr(hdev, skb);
2695 case HCI_OP_LE_SET_ADV_ENABLE:
2696 hci_cc_le_set_adv_enable(hdev, skb);
2699 case HCI_OP_LE_SET_SCAN_PARAM:
2700 hci_cc_le_set_scan_param(hdev, skb);
2703 case HCI_OP_LE_SET_SCAN_ENABLE:
2704 hci_cc_le_set_scan_enable(hdev, skb);
2707 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2708 hci_cc_le_read_white_list_size(hdev, skb);
2711 case HCI_OP_LE_CLEAR_WHITE_LIST:
2712 hci_cc_le_clear_white_list(hdev, skb);
2715 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2716 hci_cc_le_add_to_white_list(hdev, skb);
2719 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2720 hci_cc_le_del_from_white_list(hdev, skb);
2723 case HCI_OP_LE_READ_SUPPORTED_STATES:
2724 hci_cc_le_read_supported_states(hdev, skb);
2727 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2728 hci_cc_write_le_host_supported(hdev, skb);
2731 case HCI_OP_LE_SET_ADV_PARAM:
2732 hci_cc_set_adv_param(hdev, skb);
2735 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2736 hci_cc_write_remote_amp_assoc(hdev, skb);
2739 case HCI_OP_READ_RSSI:
2740 hci_cc_read_rssi(hdev, skb);
2743 case HCI_OP_READ_TX_POWER:
2744 hci_cc_read_tx_power(hdev, skb);
2748 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2752 if (opcode != HCI_OP_NOP)
2753 cancel_delayed_work(&hdev->cmd_timer);
2755 hci_req_cmd_complete(hdev, opcode, status);
2757 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2758 atomic_set(&hdev->cmd_cnt, 1);
2759 if (!skb_queue_empty(&hdev->cmd_q))
2760 queue_work(hdev->workqueue, &hdev->cmd_work);
2764 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2766 struct hci_ev_cmd_status *ev = (void *) skb->data;
2769 skb_pull(skb, sizeof(*ev));
2771 opcode = __le16_to_cpu(ev->opcode);
2774 case HCI_OP_INQUIRY:
2775 hci_cs_inquiry(hdev, ev->status);
2778 case HCI_OP_CREATE_CONN:
2779 hci_cs_create_conn(hdev, ev->status);
2782 case HCI_OP_ADD_SCO:
2783 hci_cs_add_sco(hdev, ev->status);
2786 case HCI_OP_AUTH_REQUESTED:
2787 hci_cs_auth_requested(hdev, ev->status);
2790 case HCI_OP_SET_CONN_ENCRYPT:
2791 hci_cs_set_conn_encrypt(hdev, ev->status);
2794 case HCI_OP_REMOTE_NAME_REQ:
2795 hci_cs_remote_name_req(hdev, ev->status);
2798 case HCI_OP_READ_REMOTE_FEATURES:
2799 hci_cs_read_remote_features(hdev, ev->status);
2802 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2803 hci_cs_read_remote_ext_features(hdev, ev->status);
2806 case HCI_OP_SETUP_SYNC_CONN:
2807 hci_cs_setup_sync_conn(hdev, ev->status);
2810 case HCI_OP_SNIFF_MODE:
2811 hci_cs_sniff_mode(hdev, ev->status);
2814 case HCI_OP_EXIT_SNIFF_MODE:
2815 hci_cs_exit_sniff_mode(hdev, ev->status);
2818 case HCI_OP_DISCONNECT:
2819 hci_cs_disconnect(hdev, ev->status);
2822 case HCI_OP_CREATE_PHY_LINK:
2823 hci_cs_create_phylink(hdev, ev->status);
2826 case HCI_OP_ACCEPT_PHY_LINK:
2827 hci_cs_accept_phylink(hdev, ev->status);
2830 case HCI_OP_LE_CREATE_CONN:
2831 hci_cs_le_create_conn(hdev, ev->status);
2834 case HCI_OP_LE_START_ENC:
2835 hci_cs_le_start_enc(hdev, ev->status);
2839 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2843 if (opcode != HCI_OP_NOP)
2844 cancel_delayed_work(&hdev->cmd_timer);
2847 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2848 hci_req_cmd_complete(hdev, opcode, ev->status);
2850 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2851 atomic_set(&hdev->cmd_cnt, 1);
2852 if (!skb_queue_empty(&hdev->cmd_q))
2853 queue_work(hdev->workqueue, &hdev->cmd_work);
2857 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2859 struct hci_ev_role_change *ev = (void *) skb->data;
2860 struct hci_conn *conn;
2862 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2866 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2870 clear_bit(HCI_CONN_MASTER, &conn->flags);
2872 set_bit(HCI_CONN_MASTER, &conn->flags);
2875 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2877 hci_role_switch_cfm(conn, ev->status, ev->role);
2880 hci_dev_unlock(hdev);
2883 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2888 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2889 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2893 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2894 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2895 BT_DBG("%s bad parameters", hdev->name);
2899 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2901 for (i = 0; i < ev->num_hndl; i++) {
2902 struct hci_comp_pkts_info *info = &ev->handles[i];
2903 struct hci_conn *conn;
2904 __u16 handle, count;
2906 handle = __le16_to_cpu(info->handle);
2907 count = __le16_to_cpu(info->count);
2909 conn = hci_conn_hash_lookup_handle(hdev, handle);
2913 conn->sent -= count;
2915 switch (conn->type) {
2917 hdev->acl_cnt += count;
2918 if (hdev->acl_cnt > hdev->acl_pkts)
2919 hdev->acl_cnt = hdev->acl_pkts;
2923 if (hdev->le_pkts) {
2924 hdev->le_cnt += count;
2925 if (hdev->le_cnt > hdev->le_pkts)
2926 hdev->le_cnt = hdev->le_pkts;
2928 hdev->acl_cnt += count;
2929 if (hdev->acl_cnt > hdev->acl_pkts)
2930 hdev->acl_cnt = hdev->acl_pkts;
2935 hdev->sco_cnt += count;
2936 if (hdev->sco_cnt > hdev->sco_pkts)
2937 hdev->sco_cnt = hdev->sco_pkts;
2941 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2946 queue_work(hdev->workqueue, &hdev->tx_work);
2949 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2952 struct hci_chan *chan;
2954 switch (hdev->dev_type) {
2956 return hci_conn_hash_lookup_handle(hdev, handle);
2958 chan = hci_chan_lookup_handle(hdev, handle);
2963 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2970 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2972 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2975 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2976 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2980 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2981 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2982 BT_DBG("%s bad parameters", hdev->name);
2986 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2989 for (i = 0; i < ev->num_hndl; i++) {
2990 struct hci_comp_blocks_info *info = &ev->handles[i];
2991 struct hci_conn *conn = NULL;
2992 __u16 handle, block_count;
2994 handle = __le16_to_cpu(info->handle);
2995 block_count = __le16_to_cpu(info->blocks);
2997 conn = __hci_conn_lookup_handle(hdev, handle);
3001 conn->sent -= block_count;
3003 switch (conn->type) {
3006 hdev->block_cnt += block_count;
3007 if (hdev->block_cnt > hdev->num_blocks)
3008 hdev->block_cnt = hdev->num_blocks;
3012 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3017 queue_work(hdev->workqueue, &hdev->tx_work);
3020 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3022 struct hci_ev_mode_change *ev = (void *) skb->data;
3023 struct hci_conn *conn;
3025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3031 conn->mode = ev->mode;
3033 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3035 if (conn->mode == HCI_CM_ACTIVE)
3036 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3038 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3041 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3042 hci_sco_setup(conn, ev->status);
3045 hci_dev_unlock(hdev);
3048 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3050 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3051 struct hci_conn *conn;
3053 BT_DBG("%s", hdev->name);
3057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3061 if (conn->state == BT_CONNECTED) {
3062 hci_conn_hold(conn);
3063 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3064 hci_conn_drop(conn);
3067 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3068 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3069 sizeof(ev->bdaddr), &ev->bdaddr);
3070 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3073 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3078 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3082 hci_dev_unlock(hdev);
3085 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3087 struct hci_ev_link_key_req *ev = (void *) skb->data;
3088 struct hci_cp_link_key_reply cp;
3089 struct hci_conn *conn;
3090 struct link_key *key;
3092 BT_DBG("%s", hdev->name);
3094 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3099 key = hci_find_link_key(hdev, &ev->bdaddr);
3101 BT_DBG("%s link key not found for %pMR", hdev->name,
3106 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3109 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3111 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3112 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3113 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3114 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3118 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3119 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3120 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3121 BT_DBG("%s ignoring key unauthenticated for high security",
3126 conn->key_type = key->type;
3127 conn->pin_length = key->pin_len;
3130 bacpy(&cp.bdaddr, &ev->bdaddr);
3131 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3133 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3135 hci_dev_unlock(hdev);
3140 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3141 hci_dev_unlock(hdev);
3144 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3146 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3147 struct hci_conn *conn;
3148 struct link_key *key;
3152 BT_DBG("%s", hdev->name);
3156 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 hci_conn_hold(conn);
3159 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3160 pin_len = conn->pin_length;
3162 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3163 conn->key_type = ev->key_type;
3165 hci_conn_drop(conn);
3168 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3171 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3172 ev->key_type, pin_len, &persistent);
3176 mgmt_new_link_key(hdev, key, persistent);
3178 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3179 * is set. If it's not set simply remove the key from the kernel
3180 * list (we've still notified user space about it but with
3181 * store_hint being 0).
3183 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3184 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3185 list_del(&key->list);
3189 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3191 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3195 hci_dev_unlock(hdev);
3198 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3200 struct hci_ev_clock_offset *ev = (void *) skb->data;
3201 struct hci_conn *conn;
3203 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3207 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3208 if (conn && !ev->status) {
3209 struct inquiry_entry *ie;
3211 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3213 ie->data.clock_offset = ev->clock_offset;
3214 ie->timestamp = jiffies;
3218 hci_dev_unlock(hdev);
3221 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3223 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3224 struct hci_conn *conn;
3226 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3230 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3231 if (conn && !ev->status)
3232 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3234 hci_dev_unlock(hdev);
3237 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3239 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3240 struct inquiry_entry *ie;
3242 BT_DBG("%s", hdev->name);
3246 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3248 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3249 ie->timestamp = jiffies;
3252 hci_dev_unlock(hdev);
3255 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
3258 struct inquiry_data data;
3259 int num_rsp = *((__u8 *) skb->data);
3260 bool name_known, ssp;
3262 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3267 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3272 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3273 struct inquiry_info_with_rssi_and_pscan_mode *info;
3274 info = (void *) (skb->data + 1);
3276 for (; num_rsp; num_rsp--, info++) {
3277 bacpy(&data.bdaddr, &info->bdaddr);
3278 data.pscan_rep_mode = info->pscan_rep_mode;
3279 data.pscan_period_mode = info->pscan_period_mode;
3280 data.pscan_mode = info->pscan_mode;
3281 memcpy(data.dev_class, info->dev_class, 3);
3282 data.clock_offset = info->clock_offset;
3283 data.rssi = info->rssi;
3284 data.ssp_mode = 0x00;
3286 name_known = hci_inquiry_cache_update(hdev, &data,
3288 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3289 info->dev_class, info->rssi,
3290 !name_known, ssp, NULL, 0, NULL, 0);
3293 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3295 for (; num_rsp; num_rsp--, info++) {
3296 bacpy(&data.bdaddr, &info->bdaddr);
3297 data.pscan_rep_mode = info->pscan_rep_mode;
3298 data.pscan_period_mode = info->pscan_period_mode;
3299 data.pscan_mode = 0x00;
3300 memcpy(data.dev_class, info->dev_class, 3);
3301 data.clock_offset = info->clock_offset;
3302 data.rssi = info->rssi;
3303 data.ssp_mode = 0x00;
3304 name_known = hci_inquiry_cache_update(hdev, &data,
3306 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3307 info->dev_class, info->rssi,
3308 !name_known, ssp, NULL, 0, NULL, 0);
3312 hci_dev_unlock(hdev);
3315 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3316 struct sk_buff *skb)
3318 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3319 struct hci_conn *conn;
3321 BT_DBG("%s", hdev->name);
3325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3329 if (ev->page < HCI_MAX_PAGES)
3330 memcpy(conn->features[ev->page], ev->features, 8);
3332 if (!ev->status && ev->page == 0x01) {
3333 struct inquiry_entry *ie;
3335 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3337 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3339 if (ev->features[0] & LMP_HOST_SSP) {
3340 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3342 /* It is mandatory by the Bluetooth specification that
3343 * Extended Inquiry Results are only used when Secure
3344 * Simple Pairing is enabled, but some devices violate
3347 * To make these devices work, the internal SSP
3348 * enabled flag needs to be cleared if the remote host
3349 * features do not indicate SSP support */
3350 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3353 if (ev->features[0] & LMP_HOST_SC)
3354 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3357 if (conn->state != BT_CONFIG)
3360 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3361 struct hci_cp_remote_name_req cp;
3362 memset(&cp, 0, sizeof(cp));
3363 bacpy(&cp.bdaddr, &conn->dst);
3364 cp.pscan_rep_mode = 0x02;
3365 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3366 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3367 mgmt_device_connected(hdev, &conn->dst, conn->type,
3368 conn->dst_type, 0, NULL, 0,
3371 if (!hci_outgoing_auth_needed(hdev, conn)) {
3372 conn->state = BT_CONNECTED;
3373 hci_proto_connect_cfm(conn, ev->status);
3374 hci_conn_drop(conn);
3378 hci_dev_unlock(hdev);
3381 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3382 struct sk_buff *skb)
3384 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3385 struct hci_conn *conn;
3387 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3391 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3393 if (ev->link_type == ESCO_LINK)
3396 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3400 conn->type = SCO_LINK;
3403 switch (ev->status) {
3405 conn->handle = __le16_to_cpu(ev->handle);
3406 conn->state = BT_CONNECTED;
3408 hci_conn_add_sysfs(conn);
3411 case 0x0d: /* Connection Rejected due to Limited Resources */
3412 case 0x11: /* Unsupported Feature or Parameter Value */
3413 case 0x1c: /* SCO interval rejected */
3414 case 0x1a: /* Unsupported Remote Feature */
3415 case 0x1f: /* Unspecified error */
3416 case 0x20: /* Unsupported LMP Parameter value */
3418 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3419 (hdev->esco_type & EDR_ESCO_MASK);
3420 if (hci_setup_sync(conn, conn->link->handle))
3426 conn->state = BT_CLOSED;
3430 hci_proto_connect_cfm(conn, ev->status);
3435 hci_dev_unlock(hdev);
3438 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3442 while (parsed < eir_len) {
3443 u8 field_len = eir[0];
3448 parsed += field_len + 1;
3449 eir += field_len + 1;
3455 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3456 struct sk_buff *skb)
3458 struct inquiry_data data;
3459 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3460 int num_rsp = *((__u8 *) skb->data);
3463 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3468 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3473 for (; num_rsp; num_rsp--, info++) {
3474 bool name_known, ssp;
3476 bacpy(&data.bdaddr, &info->bdaddr);
3477 data.pscan_rep_mode = info->pscan_rep_mode;
3478 data.pscan_period_mode = info->pscan_period_mode;
3479 data.pscan_mode = 0x00;
3480 memcpy(data.dev_class, info->dev_class, 3);
3481 data.clock_offset = info->clock_offset;
3482 data.rssi = info->rssi;
3483 data.ssp_mode = 0x01;
3485 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3486 name_known = eir_has_data_type(info->data,
3492 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3494 eir_len = eir_get_length(info->data, sizeof(info->data));
3495 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3496 info->dev_class, info->rssi, !name_known,
3497 ssp, info->data, eir_len, NULL, 0);
3500 hci_dev_unlock(hdev);
3503 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3504 struct sk_buff *skb)
3506 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3507 struct hci_conn *conn;
3509 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3510 __le16_to_cpu(ev->handle));
3514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3518 /* For BR/EDR the necessary steps are taken through the
3519 * auth_complete event.
3521 if (conn->type != LE_LINK)
3525 conn->sec_level = conn->pending_sec_level;
3527 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3529 if (ev->status && conn->state == BT_CONNECTED) {
3530 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3531 hci_conn_drop(conn);
3535 if (conn->state == BT_CONFIG) {
3537 conn->state = BT_CONNECTED;
3539 hci_proto_connect_cfm(conn, ev->status);
3540 hci_conn_drop(conn);
3542 hci_auth_cfm(conn, ev->status);
3544 hci_conn_hold(conn);
3545 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3546 hci_conn_drop(conn);
3550 hci_dev_unlock(hdev);
3553 static u8 hci_get_auth_req(struct hci_conn *conn)
3555 /* If remote requests no-bonding follow that lead */
3556 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3557 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3558 return conn->remote_auth | (conn->auth_type & 0x01);
3560 /* If both remote and local have enough IO capabilities, require
3563 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3564 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3565 return conn->remote_auth | 0x01;
3567 /* No MITM protection possible so ignore remote requirement */
3568 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3571 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3573 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3574 struct hci_conn *conn;
3576 BT_DBG("%s", hdev->name);
3580 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3584 hci_conn_hold(conn);
3586 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3589 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3590 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3591 struct hci_cp_io_capability_reply cp;
3593 bacpy(&cp.bdaddr, &ev->bdaddr);
3594 /* Change the IO capability from KeyboardDisplay
3595 * to DisplayYesNo as it is not supported by BT spec. */
3596 cp.capability = (conn->io_capability == 0x04) ?
3597 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3599 /* If we are initiators, there is no remote information yet */
3600 if (conn->remote_auth == 0xff) {
3601 cp.authentication = conn->auth_type;
3603 /* Request MITM protection if our IO caps allow it
3604 * except for the no-bonding case.
3605 * conn->auth_type is not updated here since
3606 * that might cause the user confirmation to be
3607 * rejected in case the remote doesn't have the
3608 * IO capabilities for MITM.
3610 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3611 cp.authentication != HCI_AT_NO_BONDING)
3612 cp.authentication |= 0x01;
3614 conn->auth_type = hci_get_auth_req(conn);
3615 cp.authentication = conn->auth_type;
3618 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3619 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3624 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3627 struct hci_cp_io_capability_neg_reply cp;
3629 bacpy(&cp.bdaddr, &ev->bdaddr);
3630 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3632 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3637 hci_dev_unlock(hdev);
3640 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3642 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3643 struct hci_conn *conn;
3645 BT_DBG("%s", hdev->name);
3649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3653 conn->remote_cap = ev->capability;
3654 conn->remote_auth = ev->authentication;
3656 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3659 hci_dev_unlock(hdev);
3662 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3663 struct sk_buff *skb)
3665 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3666 int loc_mitm, rem_mitm, confirm_hint = 0;
3667 struct hci_conn *conn;
3669 BT_DBG("%s", hdev->name);
3673 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3680 loc_mitm = (conn->auth_type & 0x01);
3681 rem_mitm = (conn->remote_auth & 0x01);
3683 /* If we require MITM but the remote device can't provide that
3684 * (it has NoInputNoOutput) then reject the confirmation request
3686 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3687 BT_DBG("Rejecting request: remote device can't provide MITM");
3688 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3689 sizeof(ev->bdaddr), &ev->bdaddr);
3693 /* If no side requires MITM protection; auto-accept */
3694 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3695 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3697 /* If we're not the initiators request authorization to
3698 * proceed from user space (mgmt_user_confirm with
3699 * confirm_hint set to 1). The exception is if neither
3700 * side had MITM in which case we do auto-accept.
3702 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3703 (loc_mitm || rem_mitm)) {
3704 BT_DBG("Confirming auto-accept as acceptor");
3709 BT_DBG("Auto-accept of user confirmation with %ums delay",
3710 hdev->auto_accept_delay);
3712 if (hdev->auto_accept_delay > 0) {
3713 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3714 queue_delayed_work(conn->hdev->workqueue,
3715 &conn->auto_accept_work, delay);
3719 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3720 sizeof(ev->bdaddr), &ev->bdaddr);
3725 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3726 le32_to_cpu(ev->passkey), confirm_hint);
3729 hci_dev_unlock(hdev);
3732 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3733 struct sk_buff *skb)
3735 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3737 BT_DBG("%s", hdev->name);
3739 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3740 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3743 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3744 struct sk_buff *skb)
3746 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3747 struct hci_conn *conn;
3749 BT_DBG("%s", hdev->name);
3751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3755 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3756 conn->passkey_entered = 0;
3758 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3759 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3760 conn->dst_type, conn->passkey_notify,
3761 conn->passkey_entered);
3764 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3766 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3767 struct hci_conn *conn;
3769 BT_DBG("%s", hdev->name);
3771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3776 case HCI_KEYPRESS_STARTED:
3777 conn->passkey_entered = 0;
3780 case HCI_KEYPRESS_ENTERED:
3781 conn->passkey_entered++;
3784 case HCI_KEYPRESS_ERASED:
3785 conn->passkey_entered--;
3788 case HCI_KEYPRESS_CLEARED:
3789 conn->passkey_entered = 0;
3792 case HCI_KEYPRESS_COMPLETED:
3796 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3797 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3798 conn->dst_type, conn->passkey_notify,
3799 conn->passkey_entered);
3802 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3803 struct sk_buff *skb)
3805 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3806 struct hci_conn *conn;
3808 BT_DBG("%s", hdev->name);
3812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3816 /* To avoid duplicate auth_failed events to user space we check
3817 * the HCI_CONN_AUTH_PEND flag which will be set if we
3818 * initiated the authentication. A traditional auth_complete
3819 * event gets always produced as initiator and is also mapped to
3820 * the mgmt_auth_failed event */
3821 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3822 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3825 hci_conn_drop(conn);
3828 hci_dev_unlock(hdev);
3831 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3832 struct sk_buff *skb)
3834 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3835 struct inquiry_entry *ie;
3836 struct hci_conn *conn;
3838 BT_DBG("%s", hdev->name);
3842 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3844 memcpy(conn->features[1], ev->features, 8);
3846 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3848 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3850 hci_dev_unlock(hdev);
3853 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3854 struct sk_buff *skb)
3856 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3857 struct oob_data *data;
3859 BT_DBG("%s", hdev->name);
3863 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3866 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3868 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3869 struct hci_cp_remote_oob_ext_data_reply cp;
3871 bacpy(&cp.bdaddr, &ev->bdaddr);
3872 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3873 memcpy(cp.randomizer192, data->randomizer192,
3874 sizeof(cp.randomizer192));
3875 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3876 memcpy(cp.randomizer256, data->randomizer256,
3877 sizeof(cp.randomizer256));
3879 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3882 struct hci_cp_remote_oob_data_reply cp;
3884 bacpy(&cp.bdaddr, &ev->bdaddr);
3885 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3886 memcpy(cp.randomizer, data->randomizer192,
3887 sizeof(cp.randomizer));
3889 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3893 struct hci_cp_remote_oob_data_neg_reply cp;
3895 bacpy(&cp.bdaddr, &ev->bdaddr);
3896 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3901 hci_dev_unlock(hdev);
3904 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3905 struct sk_buff *skb)
3907 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3908 struct hci_conn *hcon, *bredr_hcon;
3910 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3915 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3917 hci_dev_unlock(hdev);
3923 hci_dev_unlock(hdev);
3927 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3929 hcon->state = BT_CONNECTED;
3930 bacpy(&hcon->dst, &bredr_hcon->dst);
3932 hci_conn_hold(hcon);
3933 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3934 hci_conn_drop(hcon);
3936 hci_conn_add_sysfs(hcon);
3938 amp_physical_cfm(bredr_hcon, hcon);
3940 hci_dev_unlock(hdev);
3943 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3945 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3946 struct hci_conn *hcon;
3947 struct hci_chan *hchan;
3948 struct amp_mgr *mgr;
3950 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3951 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3954 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3958 /* Create AMP hchan */
3959 hchan = hci_chan_create(hcon);
3963 hchan->handle = le16_to_cpu(ev->handle);
3965 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3967 mgr = hcon->amp_mgr;
3968 if (mgr && mgr->bredr_chan) {
3969 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3971 l2cap_chan_lock(bredr_chan);
3973 bredr_chan->conn->mtu = hdev->block_mtu;
3974 l2cap_logical_cfm(bredr_chan, hchan, 0);
3975 hci_conn_hold(hcon);
3977 l2cap_chan_unlock(bredr_chan);
3981 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3982 struct sk_buff *skb)
3984 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3985 struct hci_chan *hchan;
3987 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3988 le16_to_cpu(ev->handle), ev->status);
3995 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3999 amp_destroy_logical_link(hchan, ev->reason);
4002 hci_dev_unlock(hdev);
4005 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4006 struct sk_buff *skb)
4008 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4009 struct hci_conn *hcon;
4011 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4018 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4020 hcon->state = BT_CLOSED;
4024 hci_dev_unlock(hdev);
4027 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4029 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4030 struct hci_conn *conn;
4031 struct smp_irk *irk;
4033 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4037 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4039 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4041 BT_ERR("No memory for new connection");
4045 conn->dst_type = ev->bdaddr_type;
4047 if (ev->role == LE_CONN_ROLE_MASTER) {
4049 set_bit(HCI_CONN_MASTER, &conn->flags);
4052 /* If we didn't have a hci_conn object previously
4053 * but we're in master role this must be something
4054 * initiated using a white list. Since white list based
4055 * connections are not "first class citizens" we don't
4056 * have full tracking of them. Therefore, we go ahead
4057 * with a "best effort" approach of determining the
4058 * initiator address based on the HCI_PRIVACY flag.
4061 conn->resp_addr_type = ev->bdaddr_type;
4062 bacpy(&conn->resp_addr, &ev->bdaddr);
4063 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4064 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4065 bacpy(&conn->init_addr, &hdev->rpa);
4067 hci_copy_identity_address(hdev,
4069 &conn->init_addr_type);
4073 cancel_delayed_work(&conn->le_conn_timeout);
4077 /* Set the responder (our side) address type based on
4078 * the advertising address type.
4080 conn->resp_addr_type = hdev->adv_addr_type;
4081 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4082 bacpy(&conn->resp_addr, &hdev->random_addr);
4084 bacpy(&conn->resp_addr, &hdev->bdaddr);
4086 conn->init_addr_type = ev->bdaddr_type;
4087 bacpy(&conn->init_addr, &ev->bdaddr);
4089 /* For incoming connections, set the default minimum
4090 * and maximum connection interval. They will be used
4091 * to check if the parameters are in range and if not
4092 * trigger the connection update procedure.
4094 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4095 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4098 /* Lookup the identity address from the stored connection
4099 * address and address type.
4101 * When establishing connections to an identity address, the
4102 * connection procedure will store the resolvable random
4103 * address first. Now if it can be converted back into the
4104 * identity address, start using the identity address from
4107 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4109 bacpy(&conn->dst, &irk->bdaddr);
4110 conn->dst_type = irk->addr_type;
4114 hci_le_conn_failed(conn, ev->status);
4118 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4119 mgmt_device_connected(hdev, &conn->dst, conn->type,
4120 conn->dst_type, 0, NULL, 0, NULL);
4122 conn->sec_level = BT_SECURITY_LOW;
4123 conn->handle = __le16_to_cpu(ev->handle);
4124 conn->state = BT_CONNECTED;
4126 conn->le_conn_interval = le16_to_cpu(ev->interval);
4127 conn->le_conn_latency = le16_to_cpu(ev->latency);
4128 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4130 hci_conn_add_sysfs(conn);
4132 hci_proto_connect_cfm(conn, ev->status);
4134 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4137 hci_dev_unlock(hdev);
4140 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4141 struct sk_buff *skb)
4143 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4144 struct hci_conn *conn;
4146 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4155 conn->le_conn_interval = le16_to_cpu(ev->interval);
4156 conn->le_conn_latency = le16_to_cpu(ev->latency);
4157 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4160 hci_dev_unlock(hdev);
4163 /* This function requires the caller holds hdev->lock */
4164 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4167 struct hci_conn *conn;
4168 struct smp_irk *irk;
4170 /* If this is a resolvable address, we should resolve it and then
4171 * update address and address type variables.
4173 irk = hci_get_irk(hdev, addr, addr_type);
4175 addr = &irk->bdaddr;
4176 addr_type = irk->addr_type;
4179 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4182 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4187 switch (PTR_ERR(conn)) {
4189 /* If hci_connect() returns -EBUSY it means there is already
4190 * an LE connection attempt going on. Since controllers don't
4191 * support more than one connection attempt at the time, we
4192 * don't consider this an error case.
4196 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4200 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4201 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4203 struct discovery_state *d = &hdev->discovery;
4206 /* Passive scanning shouldn't trigger any device found events */
4207 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4208 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4209 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4213 /* If there's nothing pending either store the data from this
4214 * event or send an immediate device found event if the data
4215 * should not be stored for later.
4217 if (!has_pending_adv_report(hdev)) {
4218 /* If the report will trigger a SCAN_REQ store it for
4221 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4222 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4227 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4228 rssi, 0, 1, data, len, NULL, 0);
4232 /* Check if the pending report is for the same device as the new one */
4233 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4234 bdaddr_type == d->last_adv_addr_type);
4236 /* If the pending data doesn't match this report or this isn't a
4237 * scan response (e.g. we got a duplicate ADV_IND) then force
4238 * sending of the pending data.
4240 if (type != LE_ADV_SCAN_RSP || !match) {
4241 /* Send out whatever is in the cache, but skip duplicates */
4243 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4244 d->last_adv_addr_type, NULL,
4245 d->last_adv_rssi, 0, 1,
4247 d->last_adv_data_len, NULL, 0);
4249 /* If the new report will trigger a SCAN_REQ store it for
4252 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4253 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4258 /* The advertising reports cannot be merged, so clear
4259 * the pending report and send out a device found event.
4261 clear_pending_adv_report(hdev);
4262 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4263 rssi, 0, 1, data, len, NULL, 0);
4267 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4268 * the new event is a SCAN_RSP. We can therefore proceed with
4269 * sending a merged device found event.
4271 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4272 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4273 d->last_adv_data, d->last_adv_data_len);
4274 clear_pending_adv_report(hdev);
4277 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4279 u8 num_reports = skb->data[0];
4280 void *ptr = &skb->data[1];
4284 while (num_reports--) {
4285 struct hci_ev_le_advertising_info *ev = ptr;
4288 rssi = ev->data[ev->length];
4289 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4290 ev->bdaddr_type, rssi, ev->data, ev->length);
4292 ptr += sizeof(*ev) + ev->length + 1;
4295 hci_dev_unlock(hdev);
4298 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4300 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4301 struct hci_cp_le_ltk_reply cp;
4302 struct hci_cp_le_ltk_neg_reply neg;
4303 struct hci_conn *conn;
4304 struct smp_ltk *ltk;
4306 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4310 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4314 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4318 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4319 cp.handle = cpu_to_le16(conn->handle);
4321 if (ltk->authenticated)
4322 conn->pending_sec_level = BT_SECURITY_HIGH;
4324 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4326 conn->enc_key_size = ltk->enc_size;
4328 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4330 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4331 * temporary key used to encrypt a connection following
4332 * pairing. It is used during the Encrypted Session Setup to
4333 * distribute the keys. Later, security can be re-established
4334 * using a distributed LTK.
4336 if (ltk->type == SMP_STK) {
4337 list_del(<k->list);
4341 hci_dev_unlock(hdev);
4346 neg.handle = ev->handle;
4347 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4348 hci_dev_unlock(hdev);
4351 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4353 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4355 skb_pull(skb, sizeof(*le_ev));
4357 switch (le_ev->subevent) {
4358 case HCI_EV_LE_CONN_COMPLETE:
4359 hci_le_conn_complete_evt(hdev, skb);
4362 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4363 hci_le_conn_update_complete_evt(hdev, skb);
4366 case HCI_EV_LE_ADVERTISING_REPORT:
4367 hci_le_adv_report_evt(hdev, skb);
4370 case HCI_EV_LE_LTK_REQ:
4371 hci_le_ltk_request_evt(hdev, skb);
4379 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4381 struct hci_ev_channel_selected *ev = (void *) skb->data;
4382 struct hci_conn *hcon;
4384 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4386 skb_pull(skb, sizeof(*ev));
4388 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4392 amp_read_loc_assoc_final_data(hdev, hcon);
4395 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4397 struct hci_event_hdr *hdr = (void *) skb->data;
4398 __u8 event = hdr->evt;
4402 /* Received events are (currently) only needed when a request is
4403 * ongoing so avoid unnecessary memory allocation.
4405 if (hdev->req_status == HCI_REQ_PEND) {
4406 kfree_skb(hdev->recv_evt);
4407 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4410 hci_dev_unlock(hdev);
4412 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4414 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4415 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4416 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4418 hci_req_cmd_complete(hdev, opcode, 0);
4422 case HCI_EV_INQUIRY_COMPLETE:
4423 hci_inquiry_complete_evt(hdev, skb);
4426 case HCI_EV_INQUIRY_RESULT:
4427 hci_inquiry_result_evt(hdev, skb);
4430 case HCI_EV_CONN_COMPLETE:
4431 hci_conn_complete_evt(hdev, skb);
4434 case HCI_EV_CONN_REQUEST:
4435 hci_conn_request_evt(hdev, skb);
4438 case HCI_EV_DISCONN_COMPLETE:
4439 hci_disconn_complete_evt(hdev, skb);
4442 case HCI_EV_AUTH_COMPLETE:
4443 hci_auth_complete_evt(hdev, skb);
4446 case HCI_EV_REMOTE_NAME:
4447 hci_remote_name_evt(hdev, skb);
4450 case HCI_EV_ENCRYPT_CHANGE:
4451 hci_encrypt_change_evt(hdev, skb);
4454 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4455 hci_change_link_key_complete_evt(hdev, skb);
4458 case HCI_EV_REMOTE_FEATURES:
4459 hci_remote_features_evt(hdev, skb);
4462 case HCI_EV_CMD_COMPLETE:
4463 hci_cmd_complete_evt(hdev, skb);
4466 case HCI_EV_CMD_STATUS:
4467 hci_cmd_status_evt(hdev, skb);
4470 case HCI_EV_ROLE_CHANGE:
4471 hci_role_change_evt(hdev, skb);
4474 case HCI_EV_NUM_COMP_PKTS:
4475 hci_num_comp_pkts_evt(hdev, skb);
4478 case HCI_EV_MODE_CHANGE:
4479 hci_mode_change_evt(hdev, skb);
4482 case HCI_EV_PIN_CODE_REQ:
4483 hci_pin_code_request_evt(hdev, skb);
4486 case HCI_EV_LINK_KEY_REQ:
4487 hci_link_key_request_evt(hdev, skb);
4490 case HCI_EV_LINK_KEY_NOTIFY:
4491 hci_link_key_notify_evt(hdev, skb);
4494 case HCI_EV_CLOCK_OFFSET:
4495 hci_clock_offset_evt(hdev, skb);
4498 case HCI_EV_PKT_TYPE_CHANGE:
4499 hci_pkt_type_change_evt(hdev, skb);
4502 case HCI_EV_PSCAN_REP_MODE:
4503 hci_pscan_rep_mode_evt(hdev, skb);
4506 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4507 hci_inquiry_result_with_rssi_evt(hdev, skb);
4510 case HCI_EV_REMOTE_EXT_FEATURES:
4511 hci_remote_ext_features_evt(hdev, skb);
4514 case HCI_EV_SYNC_CONN_COMPLETE:
4515 hci_sync_conn_complete_evt(hdev, skb);
4518 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4519 hci_extended_inquiry_result_evt(hdev, skb);
4522 case HCI_EV_KEY_REFRESH_COMPLETE:
4523 hci_key_refresh_complete_evt(hdev, skb);
4526 case HCI_EV_IO_CAPA_REQUEST:
4527 hci_io_capa_request_evt(hdev, skb);
4530 case HCI_EV_IO_CAPA_REPLY:
4531 hci_io_capa_reply_evt(hdev, skb);
4534 case HCI_EV_USER_CONFIRM_REQUEST:
4535 hci_user_confirm_request_evt(hdev, skb);
4538 case HCI_EV_USER_PASSKEY_REQUEST:
4539 hci_user_passkey_request_evt(hdev, skb);
4542 case HCI_EV_USER_PASSKEY_NOTIFY:
4543 hci_user_passkey_notify_evt(hdev, skb);
4546 case HCI_EV_KEYPRESS_NOTIFY:
4547 hci_keypress_notify_evt(hdev, skb);
4550 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4551 hci_simple_pair_complete_evt(hdev, skb);
4554 case HCI_EV_REMOTE_HOST_FEATURES:
4555 hci_remote_host_features_evt(hdev, skb);
4558 case HCI_EV_LE_META:
4559 hci_le_meta_evt(hdev, skb);
4562 case HCI_EV_CHANNEL_SELECTED:
4563 hci_chan_selected_evt(hdev, skb);
4566 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4567 hci_remote_oob_data_request_evt(hdev, skb);
4570 case HCI_EV_PHY_LINK_COMPLETE:
4571 hci_phy_link_complete_evt(hdev, skb);
4574 case HCI_EV_LOGICAL_LINK_COMPLETE:
4575 hci_loglink_complete_evt(hdev, skb);
4578 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4579 hci_disconn_loglink_complete_evt(hdev, skb);
4582 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4583 hci_disconn_phylink_complete_evt(hdev, skb);
4586 case HCI_EV_NUM_COMP_BLOCKS:
4587 hci_num_comp_blocks_evt(hdev, skb);
4591 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4596 hdev->stat.evt_rx++;