2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 clear_bit(HCI_CONN_MASTER, &conn->flags);
108 set_bit(HCI_CONN_MASTER, &conn->flags);
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 /* Reset all non-persistent flags */
195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
197 hdev->discovery.state = DISCOVERY_STOPPED;
198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
207 hdev->le_scan_type = LE_SCAN_PASSIVE;
209 hdev->ssp_debug_mode = 0;
212 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214 __u8 status = *((__u8 *) skb->data);
217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
230 hci_dev_unlock(hdev);
233 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
246 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
248 __u8 status = *((__u8 *) skb->data);
251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
258 __u8 param = *((__u8 *) sent);
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
263 clear_bit(HCI_AUTH, &hdev->flags);
266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
291 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 param = *((__u8 *) sent);
308 mgmt_write_scan_failed(hdev, param, status);
309 hdev->discov_timeout = 0;
313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
324 mgmt_discoverable(hdev, 1);
325 } else if (old_iscan)
326 mgmt_discoverable(hdev, 0);
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
331 mgmt_connectable(hdev, 1);
332 } else if (old_pscan)
333 mgmt_connectable(hdev, 0);
336 hci_dev_unlock(hdev);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
438 hdev->num_iac = rp->num_iac;
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
443 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
445 __u8 status = *((__u8 *) skb->data);
446 struct hci_cp_write_ssp_mode *sent;
448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 hdev->features[1][0] |= LMP_HOST_SSP;
458 hdev->features[1][0] &= ~LMP_HOST_SSP;
461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 hdev->features[1][0] |= LMP_HOST_SC;
486 hdev->features[1][0] &= ~LMP_HOST_SC;
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
517 static void hci_cc_read_local_commands(struct hci_dev *hdev,
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
531 static void hci_cc_read_local_features(struct hci_dev *hdev,
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
541 memcpy(hdev->features, rp->features, 8);
543 /* Adjust default settings according to features
544 * supported by device. */
546 if (hdev->features[0][0] & LMP_3SLOT)
547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
549 if (hdev->features[0][0] & LMP_5SLOT)
550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
552 if (hdev->features[0][1] & LMP_HV2) {
553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
557 if (hdev->features[0][1] & LMP_HV3) {
558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
562 if (lmp_esco_capable(hdev))
563 hdev->esco_type |= (ESCO_EV3);
565 if (hdev->features[0][4] & LMP_EV4)
566 hdev->esco_type |= (ESCO_EV4);
568 if (hdev->features[0][4] & LMP_EV5)
569 hdev->esco_type |= (ESCO_EV5);
571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
572 hdev->esco_type |= (ESCO_2EV3);
574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
575 hdev->esco_type |= (ESCO_3EV3);
577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
581 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
598 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606 hdev->flow_ctl_mode = rp->mode;
609 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
635 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
645 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
658 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
677 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
688 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
691 u8 status = *((u8 *) skb->data);
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
701 hdev->page_scan_type = *type;
704 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
718 hdev->block_cnt = hdev->num_blocks;
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
721 hdev->block_cnt, hdev->block_len);
724 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
726 struct hci_rp_read_clock *rp = (void *) skb->data;
727 struct hci_cp_read_clock *cp;
728 struct hci_conn *conn;
730 BT_DBG("%s", hdev->name);
732 if (skb->len < sizeof(*rp))
740 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
744 if (cp->which == 0x00) {
745 hdev->clock = le32_to_cpu(rp->clock);
749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
751 conn->clock = le32_to_cpu(rp->clock);
752 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
756 hci_dev_unlock(hdev);
759 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
762 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 hdev->amp_status = rp->amp_status;
770 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
771 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
772 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
773 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
774 hdev->amp_type = rp->amp_type;
775 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
776 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
777 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
778 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
781 a2mp_send_getinfo_rsp(hdev);
784 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
787 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
788 struct amp_assoc *assoc = &hdev->loc_assoc;
789 size_t rem_len, frag_len;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
796 frag_len = skb->len - sizeof(*rp);
797 rem_len = __le16_to_cpu(rp->rem_len);
799 if (rem_len > frag_len) {
800 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
802 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
803 assoc->offset += frag_len;
805 /* Read other fragments */
806 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
811 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
812 assoc->len = assoc->offset + rem_len;
816 /* Send A2MP Rsp when all fragments are received */
817 a2mp_send_getampassoc_rsp(hdev, rp->status);
818 a2mp_send_create_phy_link_req(hdev, rp->status);
821 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
824 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829 hdev->inq_tx_power = rp->tx_power;
832 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
834 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
835 struct hci_cp_pin_code_reply *cp;
836 struct hci_conn *conn;
838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
843 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
848 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
854 conn->pin_length = cp->pin_len;
857 hci_dev_unlock(hdev);
860 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
862 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
869 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
872 hci_dev_unlock(hdev);
875 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
878 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
885 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
886 hdev->le_pkts = rp->le_max_pkt;
888 hdev->le_cnt = hdev->le_pkts;
890 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
893 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
896 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 memcpy(hdev->le_features, rp->features, 8);
904 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
907 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 hdev->adv_tx_power = rp->tx_power;
915 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
923 if (test_bit(HCI_MGMT, &hdev->dev_flags))
924 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
927 hci_dev_unlock(hdev);
930 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
933 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
939 if (test_bit(HCI_MGMT, &hdev->dev_flags))
940 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
941 ACL_LINK, 0, rp->status);
943 hci_dev_unlock(hdev);
946 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954 if (test_bit(HCI_MGMT, &hdev->dev_flags))
955 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
958 hci_dev_unlock(hdev);
961 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
971 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
972 ACL_LINK, 0, rp->status);
974 hci_dev_unlock(hdev);
977 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
980 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
986 NULL, NULL, rp->status);
987 hci_dev_unlock(hdev);
990 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
993 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
998 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
999 rp->hash256, rp->randomizer256,
1001 hci_dev_unlock(hdev);
1005 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1007 __u8 status = *((__u8 *) skb->data);
1010 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1012 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1019 bacpy(&hdev->random_addr, sent);
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1026 __u8 *sent, status = *((__u8 *) skb->data);
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1030 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1039 /* If we're doing connection initation as peripheral. Set a
1040 * timeout in case something goes wrong.
1043 struct hci_conn *conn;
1045 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1047 queue_delayed_work(hdev->workqueue,
1048 &conn->le_conn_timeout,
1049 HCI_LE_CONN_TIMEOUT);
1052 mgmt_advertising(hdev, *sent);
1054 hci_dev_unlock(hdev);
1057 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1059 struct hci_cp_le_set_scan_param *cp;
1060 __u8 status = *((__u8 *) skb->data);
1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1064 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1071 hdev->le_scan_type = cp->type;
1073 hci_dev_unlock(hdev);
1076 static bool has_pending_adv_report(struct hci_dev *hdev)
1078 struct discovery_state *d = &hdev->discovery;
1080 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1083 static void clear_pending_adv_report(struct hci_dev *hdev)
1085 struct discovery_state *d = &hdev->discovery;
1087 bacpy(&d->last_adv_addr, BDADDR_ANY);
1088 d->last_adv_data_len = 0;
1091 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1092 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
1094 struct discovery_state *d = &hdev->discovery;
1096 bacpy(&d->last_adv_addr, bdaddr);
1097 d->last_adv_addr_type = bdaddr_type;
1098 d->last_adv_rssi = rssi;
1099 memcpy(d->last_adv_data, data, len);
1100 d->last_adv_data_len = len;
1103 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1104 struct sk_buff *skb)
1106 struct hci_cp_le_set_scan_enable *cp;
1107 __u8 status = *((__u8 *) skb->data);
1109 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1111 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1118 switch (cp->enable) {
1119 case LE_SCAN_ENABLE:
1120 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1121 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1122 clear_pending_adv_report(hdev);
1125 case LE_SCAN_DISABLE:
1126 /* We do this here instead of when setting DISCOVERY_STOPPED
1127 * since the latter would potentially require waiting for
1128 * inquiry to stop too.
1130 if (has_pending_adv_report(hdev)) {
1131 struct discovery_state *d = &hdev->discovery;
1133 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1134 d->last_adv_addr_type, NULL,
1135 d->last_adv_rssi, 0, 1,
1137 d->last_adv_data_len, NULL, 0);
1140 /* Cancel this timer so that we don't try to disable scanning
1141 * when it's already disabled.
1143 cancel_delayed_work(&hdev->le_scan_disable);
1145 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1146 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1147 * interrupted scanning due to a connect request. Mark
1148 * therefore discovery as stopped.
1150 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1152 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1156 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1161 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1162 struct sk_buff *skb)
1164 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1166 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1169 hdev->le_white_list_size = rp->size;
1172 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1173 struct sk_buff *skb)
1175 __u8 status = *((__u8 *) skb->data);
1177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1180 hci_white_list_clear(hdev);
1183 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1184 struct sk_buff *skb)
1186 struct hci_cp_le_add_to_white_list *sent;
1187 __u8 status = *((__u8 *) skb->data);
1189 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1191 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1196 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1199 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1202 struct hci_cp_le_del_from_white_list *sent;
1203 __u8 status = *((__u8 *) skb->data);
1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1207 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1212 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1215 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1218 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1220 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1223 memcpy(hdev->le_states, rp->le_states, 8);
1226 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1227 struct sk_buff *skb)
1229 struct hci_cp_write_le_host_supported *sent;
1230 __u8 status = *((__u8 *) skb->data);
1232 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1240 hdev->features[1][0] |= LMP_HOST_LE;
1241 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1243 hdev->features[1][0] &= ~LMP_HOST_LE;
1244 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1245 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1249 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1251 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1255 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1257 struct hci_cp_le_set_adv_param *cp;
1258 u8 status = *((u8 *) skb->data);
1260 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1265 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1270 hdev->adv_addr_type = cp->own_address_type;
1271 hci_dev_unlock(hdev);
1274 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1275 struct sk_buff *skb)
1277 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1279 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1280 hdev->name, rp->status, rp->phy_handle);
1285 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1288 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1290 struct hci_rp_read_rssi *rp = (void *) skb->data;
1291 struct hci_conn *conn;
1293 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1300 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1302 conn->rssi = rp->rssi;
1304 hci_dev_unlock(hdev);
1307 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1309 struct hci_cp_read_tx_power *sent;
1310 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1311 struct hci_conn *conn;
1313 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1318 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1328 switch (sent->type) {
1330 conn->tx_power = rp->tx_power;
1333 conn->max_tx_power = rp->tx_power;
1338 hci_dev_unlock(hdev);
1341 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1343 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1346 hci_conn_check_pending(hdev);
1350 set_bit(HCI_INQUIRY, &hdev->flags);
1353 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1355 struct hci_cp_create_conn *cp;
1356 struct hci_conn *conn;
1358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1360 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1368 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1371 if (conn && conn->state == BT_CONNECT) {
1372 if (status != 0x0c || conn->attempt > 2) {
1373 conn->state = BT_CLOSED;
1374 hci_proto_connect_cfm(conn, status);
1377 conn->state = BT_CONNECT2;
1381 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1384 set_bit(HCI_CONN_MASTER, &conn->flags);
1386 BT_ERR("No memory for new connection");
1390 hci_dev_unlock(hdev);
1393 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1395 struct hci_cp_add_sco *cp;
1396 struct hci_conn *acl, *sco;
1399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1404 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1408 handle = __le16_to_cpu(cp->handle);
1410 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1414 acl = hci_conn_hash_lookup_handle(hdev, handle);
1418 sco->state = BT_CLOSED;
1420 hci_proto_connect_cfm(sco, status);
1425 hci_dev_unlock(hdev);
1428 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1430 struct hci_cp_auth_requested *cp;
1431 struct hci_conn *conn;
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1446 if (conn->state == BT_CONFIG) {
1447 hci_proto_connect_cfm(conn, status);
1448 hci_conn_drop(conn);
1452 hci_dev_unlock(hdev);
1455 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1457 struct hci_cp_set_conn_encrypt *cp;
1458 struct hci_conn *conn;
1460 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1465 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1473 if (conn->state == BT_CONFIG) {
1474 hci_proto_connect_cfm(conn, status);
1475 hci_conn_drop(conn);
1479 hci_dev_unlock(hdev);
1482 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1483 struct hci_conn *conn)
1485 if (conn->state != BT_CONFIG || !conn->out)
1488 if (conn->pending_sec_level == BT_SECURITY_SDP)
1491 /* Only request authentication for SSP connections or non-SSP
1492 * devices with sec_level MEDIUM or HIGH or if MITM protection
1495 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1496 conn->pending_sec_level != BT_SECURITY_FIPS &&
1497 conn->pending_sec_level != BT_SECURITY_HIGH &&
1498 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1504 static int hci_resolve_name(struct hci_dev *hdev,
1505 struct inquiry_entry *e)
1507 struct hci_cp_remote_name_req cp;
1509 memset(&cp, 0, sizeof(cp));
1511 bacpy(&cp.bdaddr, &e->data.bdaddr);
1512 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1513 cp.pscan_mode = e->data.pscan_mode;
1514 cp.clock_offset = e->data.clock_offset;
1516 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1519 static bool hci_resolve_next_name(struct hci_dev *hdev)
1521 struct discovery_state *discov = &hdev->discovery;
1522 struct inquiry_entry *e;
1524 if (list_empty(&discov->resolve))
1527 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1531 if (hci_resolve_name(hdev, e) == 0) {
1532 e->name_state = NAME_PENDING;
1539 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1540 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1542 struct discovery_state *discov = &hdev->discovery;
1543 struct inquiry_entry *e;
1545 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1546 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1547 name_len, conn->dev_class);
1549 if (discov->state == DISCOVERY_STOPPED)
1552 if (discov->state == DISCOVERY_STOPPING)
1553 goto discov_complete;
1555 if (discov->state != DISCOVERY_RESOLVING)
1558 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1559 /* If the device was not found in a list of found devices names of which
1560 * are pending. there is no need to continue resolving a next name as it
1561 * will be done upon receiving another Remote Name Request Complete
1568 e->name_state = NAME_KNOWN;
1569 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1570 e->data.rssi, name, name_len);
1572 e->name_state = NAME_NOT_KNOWN;
1575 if (hci_resolve_next_name(hdev))
1579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1582 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1584 struct hci_cp_remote_name_req *cp;
1585 struct hci_conn *conn;
1587 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1589 /* If successful wait for the name req complete event before
1590 * checking for the need to do authentication */
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1602 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1603 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1608 if (!hci_outgoing_auth_needed(hdev, conn))
1611 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1612 struct hci_cp_auth_requested auth_cp;
1614 auth_cp.handle = __cpu_to_le16(conn->handle);
1615 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1616 sizeof(auth_cp), &auth_cp);
1620 hci_dev_unlock(hdev);
1623 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1625 struct hci_cp_read_remote_features *cp;
1626 struct hci_conn *conn;
1628 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1633 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1639 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1641 if (conn->state == BT_CONFIG) {
1642 hci_proto_connect_cfm(conn, status);
1643 hci_conn_drop(conn);
1647 hci_dev_unlock(hdev);
1650 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1652 struct hci_cp_read_remote_ext_features *cp;
1653 struct hci_conn *conn;
1655 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1660 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1668 if (conn->state == BT_CONFIG) {
1669 hci_proto_connect_cfm(conn, status);
1670 hci_conn_drop(conn);
1674 hci_dev_unlock(hdev);
1677 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1679 struct hci_cp_setup_sync_conn *cp;
1680 struct hci_conn *acl, *sco;
1683 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1688 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1692 handle = __le16_to_cpu(cp->handle);
1694 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1698 acl = hci_conn_hash_lookup_handle(hdev, handle);
1702 sco->state = BT_CLOSED;
1704 hci_proto_connect_cfm(sco, status);
1709 hci_dev_unlock(hdev);
1712 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1714 struct hci_cp_sniff_mode *cp;
1715 struct hci_conn *conn;
1717 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1722 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1730 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1732 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1733 hci_sco_setup(conn, status);
1736 hci_dev_unlock(hdev);
1739 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1741 struct hci_cp_exit_sniff_mode *cp;
1742 struct hci_conn *conn;
1744 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1749 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1755 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1757 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1759 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1760 hci_sco_setup(conn, status);
1763 hci_dev_unlock(hdev);
1766 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1768 struct hci_cp_disconnect *cp;
1769 struct hci_conn *conn;
1774 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1780 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1782 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1783 conn->dst_type, status);
1785 hci_dev_unlock(hdev);
1788 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1790 struct hci_cp_create_phy_link *cp;
1792 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1794 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1801 struct hci_conn *hcon;
1803 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1807 amp_write_remote_assoc(hdev, cp->phy_handle);
1810 hci_dev_unlock(hdev);
1813 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1815 struct hci_cp_accept_phy_link *cp;
1817 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1822 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1826 amp_write_remote_assoc(hdev, cp->phy_handle);
1829 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1831 struct hci_cp_le_create_conn *cp;
1832 struct hci_conn *conn;
1834 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836 /* All connection failure handling is taken care of by the
1837 * hci_le_conn_failed function which is triggered by the HCI
1838 * request completion callbacks used for connecting.
1843 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1849 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1853 /* Store the initiator and responder address information which
1854 * is needed for SMP. These values will not change during the
1855 * lifetime of the connection.
1857 conn->init_addr_type = cp->own_address_type;
1858 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1859 bacpy(&conn->init_addr, &hdev->random_addr);
1861 bacpy(&conn->init_addr, &hdev->bdaddr);
1863 conn->resp_addr_type = cp->peer_addr_type;
1864 bacpy(&conn->resp_addr, &cp->peer_addr);
1866 /* We don't want the connection attempt to stick around
1867 * indefinitely since LE doesn't have a page timeout concept
1868 * like BR/EDR. Set a timer for any connection that doesn't use
1869 * the white list for connecting.
1871 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1872 queue_delayed_work(conn->hdev->workqueue,
1873 &conn->le_conn_timeout,
1874 HCI_LE_CONN_TIMEOUT);
1877 hci_dev_unlock(hdev);
1880 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1882 struct hci_cp_le_start_enc *cp;
1883 struct hci_conn *conn;
1885 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1892 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1900 if (conn->state != BT_CONNECTED)
1903 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1904 hci_conn_drop(conn);
1907 hci_dev_unlock(hdev);
1910 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1912 __u8 status = *((__u8 *) skb->data);
1913 struct discovery_state *discov = &hdev->discovery;
1914 struct inquiry_entry *e;
1916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1918 hci_conn_check_pending(hdev);
1920 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1923 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1924 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1926 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1931 if (discov->state != DISCOVERY_FINDING)
1934 if (list_empty(&discov->resolve)) {
1935 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1939 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1940 if (e && hci_resolve_name(hdev, e) == 0) {
1941 e->name_state = NAME_PENDING;
1942 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1944 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1948 hci_dev_unlock(hdev);
1951 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1953 struct inquiry_data data;
1954 struct inquiry_info *info = (void *) (skb->data + 1);
1955 int num_rsp = *((__u8 *) skb->data);
1957 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1962 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1967 for (; num_rsp; num_rsp--, info++) {
1968 bool name_known, ssp;
1970 bacpy(&data.bdaddr, &info->bdaddr);
1971 data.pscan_rep_mode = info->pscan_rep_mode;
1972 data.pscan_period_mode = info->pscan_period_mode;
1973 data.pscan_mode = info->pscan_mode;
1974 memcpy(data.dev_class, info->dev_class, 3);
1975 data.clock_offset = info->clock_offset;
1977 data.ssp_mode = 0x00;
1979 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1980 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1981 info->dev_class, 0, !name_known, ssp, NULL,
1985 hci_dev_unlock(hdev);
1988 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1990 struct hci_ev_conn_complete *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1993 BT_DBG("%s", hdev->name);
1997 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1999 if (ev->link_type != SCO_LINK)
2002 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2006 conn->type = SCO_LINK;
2010 conn->handle = __le16_to_cpu(ev->handle);
2012 if (conn->type == ACL_LINK) {
2013 conn->state = BT_CONFIG;
2014 hci_conn_hold(conn);
2016 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2017 !hci_find_link_key(hdev, &ev->bdaddr))
2018 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2020 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2022 conn->state = BT_CONNECTED;
2024 hci_conn_add_sysfs(conn);
2026 if (test_bit(HCI_AUTH, &hdev->flags))
2027 set_bit(HCI_CONN_AUTH, &conn->flags);
2029 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2030 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2032 /* Get remote features */
2033 if (conn->type == ACL_LINK) {
2034 struct hci_cp_read_remote_features cp;
2035 cp.handle = ev->handle;
2036 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2040 /* Set packet type for incoming connection */
2041 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2042 struct hci_cp_change_conn_ptype cp;
2043 cp.handle = ev->handle;
2044 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2045 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2049 conn->state = BT_CLOSED;
2050 if (conn->type == ACL_LINK)
2051 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2052 conn->dst_type, ev->status);
2055 if (conn->type == ACL_LINK)
2056 hci_sco_setup(conn, ev->status);
2059 hci_proto_connect_cfm(conn, ev->status);
2061 } else if (ev->link_type != ACL_LINK)
2062 hci_proto_connect_cfm(conn, ev->status);
2065 hci_dev_unlock(hdev);
2067 hci_conn_check_pending(hdev);
2070 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2072 struct hci_ev_conn_request *ev = (void *) skb->data;
2073 int mask = hdev->link_mode;
2076 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2079 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2082 if ((mask & HCI_LM_ACCEPT) &&
2083 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2084 /* Connection accepted */
2085 struct inquiry_entry *ie;
2086 struct hci_conn *conn;
2090 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2092 memcpy(ie->data.dev_class, ev->dev_class, 3);
2094 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2097 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2099 BT_ERR("No memory for new connection");
2100 hci_dev_unlock(hdev);
2105 memcpy(conn->dev_class, ev->dev_class, 3);
2107 hci_dev_unlock(hdev);
2109 if (ev->link_type == ACL_LINK ||
2110 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2111 struct hci_cp_accept_conn_req cp;
2112 conn->state = BT_CONNECT;
2114 bacpy(&cp.bdaddr, &ev->bdaddr);
2116 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2117 cp.role = 0x00; /* Become master */
2119 cp.role = 0x01; /* Remain slave */
2121 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2123 } else if (!(flags & HCI_PROTO_DEFER)) {
2124 struct hci_cp_accept_sync_conn_req cp;
2125 conn->state = BT_CONNECT;
2127 bacpy(&cp.bdaddr, &ev->bdaddr);
2128 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2130 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2131 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2132 cp.max_latency = cpu_to_le16(0xffff);
2133 cp.content_format = cpu_to_le16(hdev->voice_setting);
2134 cp.retrans_effort = 0xff;
2136 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2139 conn->state = BT_CONNECT2;
2140 hci_proto_connect_cfm(conn, 0);
2143 /* Connection rejected */
2144 struct hci_cp_reject_conn_req cp;
2146 bacpy(&cp.bdaddr, &ev->bdaddr);
2147 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2148 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2152 static u8 hci_to_mgmt_reason(u8 err)
2155 case HCI_ERROR_CONNECTION_TIMEOUT:
2156 return MGMT_DEV_DISCONN_TIMEOUT;
2157 case HCI_ERROR_REMOTE_USER_TERM:
2158 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2159 case HCI_ERROR_REMOTE_POWER_OFF:
2160 return MGMT_DEV_DISCONN_REMOTE;
2161 case HCI_ERROR_LOCAL_HOST_TERM:
2162 return MGMT_DEV_DISCONN_LOCAL_HOST;
2164 return MGMT_DEV_DISCONN_UNKNOWN;
2168 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2170 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2171 u8 reason = hci_to_mgmt_reason(ev->reason);
2172 struct hci_conn_params *params;
2173 struct hci_conn *conn;
2174 bool mgmt_connected;
2177 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2186 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2187 conn->dst_type, ev->status);
2191 conn->state = BT_CLOSED;
2193 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2194 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2195 reason, mgmt_connected);
2197 if (conn->type == ACL_LINK &&
2198 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2199 hci_remove_link_key(hdev, &conn->dst);
2201 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2203 switch (params->auto_connect) {
2204 case HCI_AUTO_CONN_LINK_LOSS:
2205 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2209 case HCI_AUTO_CONN_ALWAYS:
2210 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2220 hci_proto_disconn_cfm(conn, ev->reason);
2223 /* Re-enable advertising if necessary, since it might
2224 * have been disabled by the connection. From the
2225 * HCI_LE_Set_Advertise_Enable command description in
2226 * the core specification (v4.0):
2227 * "The Controller shall continue advertising until the Host
2228 * issues an LE_Set_Advertise_Enable command with
2229 * Advertising_Enable set to 0x00 (Advertising is disabled)
2230 * or until a connection is created or until the Advertising
2231 * is timed out due to Directed Advertising."
2233 if (type == LE_LINK)
2234 mgmt_reenable_advertising(hdev);
2237 hci_dev_unlock(hdev);
2240 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2242 struct hci_ev_auth_complete *ev = (void *) skb->data;
2243 struct hci_conn *conn;
2245 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2249 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2254 if (!hci_conn_ssp_enabled(conn) &&
2255 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2256 BT_INFO("re-auth of legacy device is not possible.");
2258 set_bit(HCI_CONN_AUTH, &conn->flags);
2259 conn->sec_level = conn->pending_sec_level;
2262 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2266 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2267 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2269 if (conn->state == BT_CONFIG) {
2270 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2271 struct hci_cp_set_conn_encrypt cp;
2272 cp.handle = ev->handle;
2274 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2277 conn->state = BT_CONNECTED;
2278 hci_proto_connect_cfm(conn, ev->status);
2279 hci_conn_drop(conn);
2282 hci_auth_cfm(conn, ev->status);
2284 hci_conn_hold(conn);
2285 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2286 hci_conn_drop(conn);
2289 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2291 struct hci_cp_set_conn_encrypt cp;
2292 cp.handle = ev->handle;
2294 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2297 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2298 hci_encrypt_cfm(conn, ev->status, 0x00);
2303 hci_dev_unlock(hdev);
2306 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2308 struct hci_ev_remote_name *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2311 BT_DBG("%s", hdev->name);
2313 hci_conn_check_pending(hdev);
2317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2319 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2322 if (ev->status == 0)
2323 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2324 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2326 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2332 if (!hci_outgoing_auth_needed(hdev, conn))
2335 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2336 struct hci_cp_auth_requested cp;
2337 cp.handle = __cpu_to_le16(conn->handle);
2338 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2342 hci_dev_unlock(hdev);
2345 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2348 struct hci_conn *conn;
2350 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2360 /* Encryption implies authentication */
2361 set_bit(HCI_CONN_AUTH, &conn->flags);
2362 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2363 conn->sec_level = conn->pending_sec_level;
2365 /* P-256 authentication key implies FIPS */
2366 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2367 set_bit(HCI_CONN_FIPS, &conn->flags);
2369 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2370 conn->type == LE_LINK)
2371 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2373 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2374 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2378 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2380 if (ev->status && conn->state == BT_CONNECTED) {
2381 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2382 hci_conn_drop(conn);
2386 if (conn->state == BT_CONFIG) {
2388 conn->state = BT_CONNECTED;
2390 /* In Secure Connections Only mode, do not allow any
2391 * connections that are not encrypted with AES-CCM
2392 * using a P-256 authenticated combination key.
2394 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2395 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2396 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2397 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2398 hci_conn_drop(conn);
2402 hci_proto_connect_cfm(conn, ev->status);
2403 hci_conn_drop(conn);
2405 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2408 hci_dev_unlock(hdev);
2411 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2412 struct sk_buff *skb)
2414 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2415 struct hci_conn *conn;
2417 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2421 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2424 set_bit(HCI_CONN_SECURE, &conn->flags);
2426 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2428 hci_key_change_cfm(conn, ev->status);
2431 hci_dev_unlock(hdev);
2434 static void hci_remote_features_evt(struct hci_dev *hdev,
2435 struct sk_buff *skb)
2437 struct hci_ev_remote_features *ev = (void *) skb->data;
2438 struct hci_conn *conn;
2440 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2449 memcpy(conn->features[0], ev->features, 8);
2451 if (conn->state != BT_CONFIG)
2454 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2455 struct hci_cp_read_remote_ext_features cp;
2456 cp.handle = ev->handle;
2458 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2463 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2464 struct hci_cp_remote_name_req cp;
2465 memset(&cp, 0, sizeof(cp));
2466 bacpy(&cp.bdaddr, &conn->dst);
2467 cp.pscan_rep_mode = 0x02;
2468 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2469 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2470 mgmt_device_connected(hdev, &conn->dst, conn->type,
2471 conn->dst_type, 0, NULL, 0,
2474 if (!hci_outgoing_auth_needed(hdev, conn)) {
2475 conn->state = BT_CONNECTED;
2476 hci_proto_connect_cfm(conn, ev->status);
2477 hci_conn_drop(conn);
2481 hci_dev_unlock(hdev);
2484 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2486 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2487 u8 status = skb->data[sizeof(*ev)];
2490 skb_pull(skb, sizeof(*ev));
2492 opcode = __le16_to_cpu(ev->opcode);
2495 case HCI_OP_INQUIRY_CANCEL:
2496 hci_cc_inquiry_cancel(hdev, skb);
2499 case HCI_OP_PERIODIC_INQ:
2500 hci_cc_periodic_inq(hdev, skb);
2503 case HCI_OP_EXIT_PERIODIC_INQ:
2504 hci_cc_exit_periodic_inq(hdev, skb);
2507 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2508 hci_cc_remote_name_req_cancel(hdev, skb);
2511 case HCI_OP_ROLE_DISCOVERY:
2512 hci_cc_role_discovery(hdev, skb);
2515 case HCI_OP_READ_LINK_POLICY:
2516 hci_cc_read_link_policy(hdev, skb);
2519 case HCI_OP_WRITE_LINK_POLICY:
2520 hci_cc_write_link_policy(hdev, skb);
2523 case HCI_OP_READ_DEF_LINK_POLICY:
2524 hci_cc_read_def_link_policy(hdev, skb);
2527 case HCI_OP_WRITE_DEF_LINK_POLICY:
2528 hci_cc_write_def_link_policy(hdev, skb);
2532 hci_cc_reset(hdev, skb);
2535 case HCI_OP_WRITE_LOCAL_NAME:
2536 hci_cc_write_local_name(hdev, skb);
2539 case HCI_OP_READ_LOCAL_NAME:
2540 hci_cc_read_local_name(hdev, skb);
2543 case HCI_OP_WRITE_AUTH_ENABLE:
2544 hci_cc_write_auth_enable(hdev, skb);
2547 case HCI_OP_WRITE_ENCRYPT_MODE:
2548 hci_cc_write_encrypt_mode(hdev, skb);
2551 case HCI_OP_WRITE_SCAN_ENABLE:
2552 hci_cc_write_scan_enable(hdev, skb);
2555 case HCI_OP_READ_CLASS_OF_DEV:
2556 hci_cc_read_class_of_dev(hdev, skb);
2559 case HCI_OP_WRITE_CLASS_OF_DEV:
2560 hci_cc_write_class_of_dev(hdev, skb);
2563 case HCI_OP_READ_VOICE_SETTING:
2564 hci_cc_read_voice_setting(hdev, skb);
2567 case HCI_OP_WRITE_VOICE_SETTING:
2568 hci_cc_write_voice_setting(hdev, skb);
2571 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2572 hci_cc_read_num_supported_iac(hdev, skb);
2575 case HCI_OP_WRITE_SSP_MODE:
2576 hci_cc_write_ssp_mode(hdev, skb);
2579 case HCI_OP_WRITE_SC_SUPPORT:
2580 hci_cc_write_sc_support(hdev, skb);
2583 case HCI_OP_READ_LOCAL_VERSION:
2584 hci_cc_read_local_version(hdev, skb);
2587 case HCI_OP_READ_LOCAL_COMMANDS:
2588 hci_cc_read_local_commands(hdev, skb);
2591 case HCI_OP_READ_LOCAL_FEATURES:
2592 hci_cc_read_local_features(hdev, skb);
2595 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2596 hci_cc_read_local_ext_features(hdev, skb);
2599 case HCI_OP_READ_BUFFER_SIZE:
2600 hci_cc_read_buffer_size(hdev, skb);
2603 case HCI_OP_READ_BD_ADDR:
2604 hci_cc_read_bd_addr(hdev, skb);
2607 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2608 hci_cc_read_page_scan_activity(hdev, skb);
2611 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2612 hci_cc_write_page_scan_activity(hdev, skb);
2615 case HCI_OP_READ_PAGE_SCAN_TYPE:
2616 hci_cc_read_page_scan_type(hdev, skb);
2619 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2620 hci_cc_write_page_scan_type(hdev, skb);
2623 case HCI_OP_READ_DATA_BLOCK_SIZE:
2624 hci_cc_read_data_block_size(hdev, skb);
2627 case HCI_OP_READ_FLOW_CONTROL_MODE:
2628 hci_cc_read_flow_control_mode(hdev, skb);
2631 case HCI_OP_READ_LOCAL_AMP_INFO:
2632 hci_cc_read_local_amp_info(hdev, skb);
2635 case HCI_OP_READ_CLOCK:
2636 hci_cc_read_clock(hdev, skb);
2639 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2640 hci_cc_read_local_amp_assoc(hdev, skb);
2643 case HCI_OP_READ_INQ_RSP_TX_POWER:
2644 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2647 case HCI_OP_PIN_CODE_REPLY:
2648 hci_cc_pin_code_reply(hdev, skb);
2651 case HCI_OP_PIN_CODE_NEG_REPLY:
2652 hci_cc_pin_code_neg_reply(hdev, skb);
2655 case HCI_OP_READ_LOCAL_OOB_DATA:
2656 hci_cc_read_local_oob_data(hdev, skb);
2659 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2660 hci_cc_read_local_oob_ext_data(hdev, skb);
2663 case HCI_OP_LE_READ_BUFFER_SIZE:
2664 hci_cc_le_read_buffer_size(hdev, skb);
2667 case HCI_OP_LE_READ_LOCAL_FEATURES:
2668 hci_cc_le_read_local_features(hdev, skb);
2671 case HCI_OP_LE_READ_ADV_TX_POWER:
2672 hci_cc_le_read_adv_tx_power(hdev, skb);
2675 case HCI_OP_USER_CONFIRM_REPLY:
2676 hci_cc_user_confirm_reply(hdev, skb);
2679 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2680 hci_cc_user_confirm_neg_reply(hdev, skb);
2683 case HCI_OP_USER_PASSKEY_REPLY:
2684 hci_cc_user_passkey_reply(hdev, skb);
2687 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2688 hci_cc_user_passkey_neg_reply(hdev, skb);
2691 case HCI_OP_LE_SET_RANDOM_ADDR:
2692 hci_cc_le_set_random_addr(hdev, skb);
2695 case HCI_OP_LE_SET_ADV_ENABLE:
2696 hci_cc_le_set_adv_enable(hdev, skb);
2699 case HCI_OP_LE_SET_SCAN_PARAM:
2700 hci_cc_le_set_scan_param(hdev, skb);
2703 case HCI_OP_LE_SET_SCAN_ENABLE:
2704 hci_cc_le_set_scan_enable(hdev, skb);
2707 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2708 hci_cc_le_read_white_list_size(hdev, skb);
2711 case HCI_OP_LE_CLEAR_WHITE_LIST:
2712 hci_cc_le_clear_white_list(hdev, skb);
2715 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2716 hci_cc_le_add_to_white_list(hdev, skb);
2719 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2720 hci_cc_le_del_from_white_list(hdev, skb);
2723 case HCI_OP_LE_READ_SUPPORTED_STATES:
2724 hci_cc_le_read_supported_states(hdev, skb);
2727 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2728 hci_cc_write_le_host_supported(hdev, skb);
2731 case HCI_OP_LE_SET_ADV_PARAM:
2732 hci_cc_set_adv_param(hdev, skb);
2735 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2736 hci_cc_write_remote_amp_assoc(hdev, skb);
2739 case HCI_OP_READ_RSSI:
2740 hci_cc_read_rssi(hdev, skb);
2743 case HCI_OP_READ_TX_POWER:
2744 hci_cc_read_tx_power(hdev, skb);
2748 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2752 if (opcode != HCI_OP_NOP)
2753 cancel_delayed_work(&hdev->cmd_timer);
2755 hci_req_cmd_complete(hdev, opcode, status);
2757 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2758 atomic_set(&hdev->cmd_cnt, 1);
2759 if (!skb_queue_empty(&hdev->cmd_q))
2760 queue_work(hdev->workqueue, &hdev->cmd_work);
2764 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2766 struct hci_ev_cmd_status *ev = (void *) skb->data;
2769 skb_pull(skb, sizeof(*ev));
2771 opcode = __le16_to_cpu(ev->opcode);
2774 case HCI_OP_INQUIRY:
2775 hci_cs_inquiry(hdev, ev->status);
2778 case HCI_OP_CREATE_CONN:
2779 hci_cs_create_conn(hdev, ev->status);
2782 case HCI_OP_ADD_SCO:
2783 hci_cs_add_sco(hdev, ev->status);
2786 case HCI_OP_AUTH_REQUESTED:
2787 hci_cs_auth_requested(hdev, ev->status);
2790 case HCI_OP_SET_CONN_ENCRYPT:
2791 hci_cs_set_conn_encrypt(hdev, ev->status);
2794 case HCI_OP_REMOTE_NAME_REQ:
2795 hci_cs_remote_name_req(hdev, ev->status);
2798 case HCI_OP_READ_REMOTE_FEATURES:
2799 hci_cs_read_remote_features(hdev, ev->status);
2802 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2803 hci_cs_read_remote_ext_features(hdev, ev->status);
2806 case HCI_OP_SETUP_SYNC_CONN:
2807 hci_cs_setup_sync_conn(hdev, ev->status);
2810 case HCI_OP_SNIFF_MODE:
2811 hci_cs_sniff_mode(hdev, ev->status);
2814 case HCI_OP_EXIT_SNIFF_MODE:
2815 hci_cs_exit_sniff_mode(hdev, ev->status);
2818 case HCI_OP_DISCONNECT:
2819 hci_cs_disconnect(hdev, ev->status);
2822 case HCI_OP_CREATE_PHY_LINK:
2823 hci_cs_create_phylink(hdev, ev->status);
2826 case HCI_OP_ACCEPT_PHY_LINK:
2827 hci_cs_accept_phylink(hdev, ev->status);
2830 case HCI_OP_LE_CREATE_CONN:
2831 hci_cs_le_create_conn(hdev, ev->status);
2834 case HCI_OP_LE_START_ENC:
2835 hci_cs_le_start_enc(hdev, ev->status);
2839 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2843 if (opcode != HCI_OP_NOP)
2844 cancel_delayed_work(&hdev->cmd_timer);
2847 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2848 hci_req_cmd_complete(hdev, opcode, ev->status);
2850 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2851 atomic_set(&hdev->cmd_cnt, 1);
2852 if (!skb_queue_empty(&hdev->cmd_q))
2853 queue_work(hdev->workqueue, &hdev->cmd_work);
2857 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2859 struct hci_ev_role_change *ev = (void *) skb->data;
2860 struct hci_conn *conn;
2862 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2866 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2870 clear_bit(HCI_CONN_MASTER, &conn->flags);
2872 set_bit(HCI_CONN_MASTER, &conn->flags);
2875 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2877 hci_role_switch_cfm(conn, ev->status, ev->role);
2880 hci_dev_unlock(hdev);
2883 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2888 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2889 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2893 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2894 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2895 BT_DBG("%s bad parameters", hdev->name);
2899 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2901 for (i = 0; i < ev->num_hndl; i++) {
2902 struct hci_comp_pkts_info *info = &ev->handles[i];
2903 struct hci_conn *conn;
2904 __u16 handle, count;
2906 handle = __le16_to_cpu(info->handle);
2907 count = __le16_to_cpu(info->count);
2909 conn = hci_conn_hash_lookup_handle(hdev, handle);
2913 conn->sent -= count;
2915 switch (conn->type) {
2917 hdev->acl_cnt += count;
2918 if (hdev->acl_cnt > hdev->acl_pkts)
2919 hdev->acl_cnt = hdev->acl_pkts;
2923 if (hdev->le_pkts) {
2924 hdev->le_cnt += count;
2925 if (hdev->le_cnt > hdev->le_pkts)
2926 hdev->le_cnt = hdev->le_pkts;
2928 hdev->acl_cnt += count;
2929 if (hdev->acl_cnt > hdev->acl_pkts)
2930 hdev->acl_cnt = hdev->acl_pkts;
2935 hdev->sco_cnt += count;
2936 if (hdev->sco_cnt > hdev->sco_pkts)
2937 hdev->sco_cnt = hdev->sco_pkts;
2941 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2946 queue_work(hdev->workqueue, &hdev->tx_work);
2949 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2952 struct hci_chan *chan;
2954 switch (hdev->dev_type) {
2956 return hci_conn_hash_lookup_handle(hdev, handle);
2958 chan = hci_chan_lookup_handle(hdev, handle);
2963 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2970 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2972 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2975 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2976 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2980 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2981 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2982 BT_DBG("%s bad parameters", hdev->name);
2986 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2989 for (i = 0; i < ev->num_hndl; i++) {
2990 struct hci_comp_blocks_info *info = &ev->handles[i];
2991 struct hci_conn *conn = NULL;
2992 __u16 handle, block_count;
2994 handle = __le16_to_cpu(info->handle);
2995 block_count = __le16_to_cpu(info->blocks);
2997 conn = __hci_conn_lookup_handle(hdev, handle);
3001 conn->sent -= block_count;
3003 switch (conn->type) {
3006 hdev->block_cnt += block_count;
3007 if (hdev->block_cnt > hdev->num_blocks)
3008 hdev->block_cnt = hdev->num_blocks;
3012 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3017 queue_work(hdev->workqueue, &hdev->tx_work);
3020 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3022 struct hci_ev_mode_change *ev = (void *) skb->data;
3023 struct hci_conn *conn;
3025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3031 conn->mode = ev->mode;
3033 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3035 if (conn->mode == HCI_CM_ACTIVE)
3036 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3038 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3041 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3042 hci_sco_setup(conn, ev->status);
3045 hci_dev_unlock(hdev);
3048 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3050 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3051 struct hci_conn *conn;
3053 BT_DBG("%s", hdev->name);
3057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3061 if (conn->state == BT_CONNECTED) {
3062 hci_conn_hold(conn);
3063 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3064 hci_conn_drop(conn);
3067 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3068 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3069 sizeof(ev->bdaddr), &ev->bdaddr);
3070 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3073 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3078 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3082 hci_dev_unlock(hdev);
3085 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3087 struct hci_ev_link_key_req *ev = (void *) skb->data;
3088 struct hci_cp_link_key_reply cp;
3089 struct hci_conn *conn;
3090 struct link_key *key;
3092 BT_DBG("%s", hdev->name);
3094 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3099 key = hci_find_link_key(hdev, &ev->bdaddr);
3101 BT_DBG("%s link key not found for %pMR", hdev->name,
3106 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3109 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3111 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3112 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3113 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3114 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3118 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3119 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3120 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3121 BT_DBG("%s ignoring key unauthenticated for high security",
3126 conn->key_type = key->type;
3127 conn->pin_length = key->pin_len;
3130 bacpy(&cp.bdaddr, &ev->bdaddr);
3131 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3133 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3135 hci_dev_unlock(hdev);
3140 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3141 hci_dev_unlock(hdev);
3144 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3146 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3147 struct hci_conn *conn;
3148 struct link_key *key;
3152 BT_DBG("%s", hdev->name);
3156 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 hci_conn_hold(conn);
3159 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3160 pin_len = conn->pin_length;
3162 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3163 conn->key_type = ev->key_type;
3165 hci_conn_drop(conn);
3168 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3171 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3172 ev->key_type, pin_len, &persistent);
3176 mgmt_new_link_key(hdev, key, persistent);
3178 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3179 * is set. If it's not set simply remove the key from the kernel
3180 * list (we've still notified user space about it but with
3181 * store_hint being 0).
3183 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3184 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3185 list_del(&key->list);
3189 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3191 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3195 hci_dev_unlock(hdev);
3198 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3200 struct hci_ev_clock_offset *ev = (void *) skb->data;
3201 struct hci_conn *conn;
3203 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3207 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3208 if (conn && !ev->status) {
3209 struct inquiry_entry *ie;
3211 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3213 ie->data.clock_offset = ev->clock_offset;
3214 ie->timestamp = jiffies;
3218 hci_dev_unlock(hdev);
3221 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3223 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3224 struct hci_conn *conn;
3226 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3230 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3231 if (conn && !ev->status)
3232 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3234 hci_dev_unlock(hdev);
3237 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3239 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3240 struct inquiry_entry *ie;
3242 BT_DBG("%s", hdev->name);
3246 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3248 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3249 ie->timestamp = jiffies;
3252 hci_dev_unlock(hdev);
3255 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
3258 struct inquiry_data data;
3259 int num_rsp = *((__u8 *) skb->data);
3260 bool name_known, ssp;
3262 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3267 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3272 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3273 struct inquiry_info_with_rssi_and_pscan_mode *info;
3274 info = (void *) (skb->data + 1);
3276 for (; num_rsp; num_rsp--, info++) {
3277 bacpy(&data.bdaddr, &info->bdaddr);
3278 data.pscan_rep_mode = info->pscan_rep_mode;
3279 data.pscan_period_mode = info->pscan_period_mode;
3280 data.pscan_mode = info->pscan_mode;
3281 memcpy(data.dev_class, info->dev_class, 3);
3282 data.clock_offset = info->clock_offset;
3283 data.rssi = info->rssi;
3284 data.ssp_mode = 0x00;
3286 name_known = hci_inquiry_cache_update(hdev, &data,
3288 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3289 info->dev_class, info->rssi,
3290 !name_known, ssp, NULL, 0, NULL, 0);
3293 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3295 for (; num_rsp; num_rsp--, info++) {
3296 bacpy(&data.bdaddr, &info->bdaddr);
3297 data.pscan_rep_mode = info->pscan_rep_mode;
3298 data.pscan_period_mode = info->pscan_period_mode;
3299 data.pscan_mode = 0x00;
3300 memcpy(data.dev_class, info->dev_class, 3);
3301 data.clock_offset = info->clock_offset;
3302 data.rssi = info->rssi;
3303 data.ssp_mode = 0x00;
3304 name_known = hci_inquiry_cache_update(hdev, &data,
3306 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3307 info->dev_class, info->rssi,
3308 !name_known, ssp, NULL, 0, NULL, 0);
3312 hci_dev_unlock(hdev);
3315 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3316 struct sk_buff *skb)
3318 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3319 struct hci_conn *conn;
3321 BT_DBG("%s", hdev->name);
3325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3329 if (ev->page < HCI_MAX_PAGES)
3330 memcpy(conn->features[ev->page], ev->features, 8);
3332 if (!ev->status && ev->page == 0x01) {
3333 struct inquiry_entry *ie;
3335 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3337 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3339 if (ev->features[0] & LMP_HOST_SSP) {
3340 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3342 /* It is mandatory by the Bluetooth specification that
3343 * Extended Inquiry Results are only used when Secure
3344 * Simple Pairing is enabled, but some devices violate
3347 * To make these devices work, the internal SSP
3348 * enabled flag needs to be cleared if the remote host
3349 * features do not indicate SSP support */
3350 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3353 if (ev->features[0] & LMP_HOST_SC)
3354 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3357 if (conn->state != BT_CONFIG)
3360 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3361 struct hci_cp_remote_name_req cp;
3362 memset(&cp, 0, sizeof(cp));
3363 bacpy(&cp.bdaddr, &conn->dst);
3364 cp.pscan_rep_mode = 0x02;
3365 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3366 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3367 mgmt_device_connected(hdev, &conn->dst, conn->type,
3368 conn->dst_type, 0, NULL, 0,
3371 if (!hci_outgoing_auth_needed(hdev, conn)) {
3372 conn->state = BT_CONNECTED;
3373 hci_proto_connect_cfm(conn, ev->status);
3374 hci_conn_drop(conn);
3378 hci_dev_unlock(hdev);
3381 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3382 struct sk_buff *skb)
3384 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3385 struct hci_conn *conn;
3387 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3391 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3393 if (ev->link_type == ESCO_LINK)
3396 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3400 conn->type = SCO_LINK;
3403 switch (ev->status) {
3405 conn->handle = __le16_to_cpu(ev->handle);
3406 conn->state = BT_CONNECTED;
3408 hci_conn_add_sysfs(conn);
3411 case 0x10: /* Connection Accept Timeout */
3412 case 0x0d: /* Connection Rejected due to Limited Resources */
3413 case 0x11: /* Unsupported Feature or Parameter Value */
3414 case 0x1c: /* SCO interval rejected */
3415 case 0x1a: /* Unsupported Remote Feature */
3416 case 0x1f: /* Unspecified error */
3417 case 0x20: /* Unsupported LMP Parameter value */
3419 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3420 (hdev->esco_type & EDR_ESCO_MASK);
3421 if (hci_setup_sync(conn, conn->link->handle))
3427 conn->state = BT_CLOSED;
3431 hci_proto_connect_cfm(conn, ev->status);
3436 hci_dev_unlock(hdev);
3439 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3443 while (parsed < eir_len) {
3444 u8 field_len = eir[0];
3449 parsed += field_len + 1;
3450 eir += field_len + 1;
3456 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3457 struct sk_buff *skb)
3459 struct inquiry_data data;
3460 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3461 int num_rsp = *((__u8 *) skb->data);
3464 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3469 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3474 for (; num_rsp; num_rsp--, info++) {
3475 bool name_known, ssp;
3477 bacpy(&data.bdaddr, &info->bdaddr);
3478 data.pscan_rep_mode = info->pscan_rep_mode;
3479 data.pscan_period_mode = info->pscan_period_mode;
3480 data.pscan_mode = 0x00;
3481 memcpy(data.dev_class, info->dev_class, 3);
3482 data.clock_offset = info->clock_offset;
3483 data.rssi = info->rssi;
3484 data.ssp_mode = 0x01;
3486 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3487 name_known = eir_has_data_type(info->data,
3493 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3495 eir_len = eir_get_length(info->data, sizeof(info->data));
3496 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3497 info->dev_class, info->rssi, !name_known,
3498 ssp, info->data, eir_len, NULL, 0);
3501 hci_dev_unlock(hdev);
3504 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3505 struct sk_buff *skb)
3507 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3508 struct hci_conn *conn;
3510 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3511 __le16_to_cpu(ev->handle));
3515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3519 /* For BR/EDR the necessary steps are taken through the
3520 * auth_complete event.
3522 if (conn->type != LE_LINK)
3526 conn->sec_level = conn->pending_sec_level;
3528 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3530 if (ev->status && conn->state == BT_CONNECTED) {
3531 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3532 hci_conn_drop(conn);
3536 if (conn->state == BT_CONFIG) {
3538 conn->state = BT_CONNECTED;
3540 hci_proto_connect_cfm(conn, ev->status);
3541 hci_conn_drop(conn);
3543 hci_auth_cfm(conn, ev->status);
3545 hci_conn_hold(conn);
3546 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3547 hci_conn_drop(conn);
3551 hci_dev_unlock(hdev);
3554 static u8 hci_get_auth_req(struct hci_conn *conn)
3556 /* If remote requests no-bonding follow that lead */
3557 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3558 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3559 return conn->remote_auth | (conn->auth_type & 0x01);
3561 /* If both remote and local have enough IO capabilities, require
3564 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3565 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3566 return conn->remote_auth | 0x01;
3568 /* No MITM protection possible so ignore remote requirement */
3569 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3572 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3574 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3575 struct hci_conn *conn;
3577 BT_DBG("%s", hdev->name);
3581 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3585 hci_conn_hold(conn);
3587 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3590 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3591 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3592 struct hci_cp_io_capability_reply cp;
3594 bacpy(&cp.bdaddr, &ev->bdaddr);
3595 /* Change the IO capability from KeyboardDisplay
3596 * to DisplayYesNo as it is not supported by BT spec. */
3597 cp.capability = (conn->io_capability == 0x04) ?
3598 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3600 /* If we are initiators, there is no remote information yet */
3601 if (conn->remote_auth == 0xff) {
3602 cp.authentication = conn->auth_type;
3604 /* Request MITM protection if our IO caps allow it
3605 * except for the no-bonding case.
3606 * conn->auth_type is not updated here since
3607 * that might cause the user confirmation to be
3608 * rejected in case the remote doesn't have the
3609 * IO capabilities for MITM.
3611 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3612 cp.authentication != HCI_AT_NO_BONDING)
3613 cp.authentication |= 0x01;
3615 conn->auth_type = hci_get_auth_req(conn);
3616 cp.authentication = conn->auth_type;
3619 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3620 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3625 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3628 struct hci_cp_io_capability_neg_reply cp;
3630 bacpy(&cp.bdaddr, &ev->bdaddr);
3631 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3633 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3638 hci_dev_unlock(hdev);
3641 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3643 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3644 struct hci_conn *conn;
3646 BT_DBG("%s", hdev->name);
3650 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3654 conn->remote_cap = ev->capability;
3655 conn->remote_auth = ev->authentication;
3657 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3660 hci_dev_unlock(hdev);
3663 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3664 struct sk_buff *skb)
3666 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3667 int loc_mitm, rem_mitm, confirm_hint = 0;
3668 struct hci_conn *conn;
3670 BT_DBG("%s", hdev->name);
3674 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3677 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3681 loc_mitm = (conn->auth_type & 0x01);
3682 rem_mitm = (conn->remote_auth & 0x01);
3684 /* If we require MITM but the remote device can't provide that
3685 * (it has NoInputNoOutput) then reject the confirmation request
3687 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3688 BT_DBG("Rejecting request: remote device can't provide MITM");
3689 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3690 sizeof(ev->bdaddr), &ev->bdaddr);
3694 /* If no side requires MITM protection; auto-accept */
3695 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3696 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3698 /* If we're not the initiators request authorization to
3699 * proceed from user space (mgmt_user_confirm with
3700 * confirm_hint set to 1). The exception is if neither
3701 * side had MITM in which case we do auto-accept.
3703 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3704 (loc_mitm || rem_mitm)) {
3705 BT_DBG("Confirming auto-accept as acceptor");
3710 BT_DBG("Auto-accept of user confirmation with %ums delay",
3711 hdev->auto_accept_delay);
3713 if (hdev->auto_accept_delay > 0) {
3714 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3715 queue_delayed_work(conn->hdev->workqueue,
3716 &conn->auto_accept_work, delay);
3720 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3721 sizeof(ev->bdaddr), &ev->bdaddr);
3726 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3727 le32_to_cpu(ev->passkey), confirm_hint);
3730 hci_dev_unlock(hdev);
3733 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3734 struct sk_buff *skb)
3736 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3738 BT_DBG("%s", hdev->name);
3740 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3741 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3744 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3745 struct sk_buff *skb)
3747 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3748 struct hci_conn *conn;
3750 BT_DBG("%s", hdev->name);
3752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3756 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3757 conn->passkey_entered = 0;
3759 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3760 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3761 conn->dst_type, conn->passkey_notify,
3762 conn->passkey_entered);
3765 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3767 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3768 struct hci_conn *conn;
3770 BT_DBG("%s", hdev->name);
3772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3777 case HCI_KEYPRESS_STARTED:
3778 conn->passkey_entered = 0;
3781 case HCI_KEYPRESS_ENTERED:
3782 conn->passkey_entered++;
3785 case HCI_KEYPRESS_ERASED:
3786 conn->passkey_entered--;
3789 case HCI_KEYPRESS_CLEARED:
3790 conn->passkey_entered = 0;
3793 case HCI_KEYPRESS_COMPLETED:
3797 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3798 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3799 conn->dst_type, conn->passkey_notify,
3800 conn->passkey_entered);
3803 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3804 struct sk_buff *skb)
3806 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3807 struct hci_conn *conn;
3809 BT_DBG("%s", hdev->name);
3813 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3817 /* To avoid duplicate auth_failed events to user space we check
3818 * the HCI_CONN_AUTH_PEND flag which will be set if we
3819 * initiated the authentication. A traditional auth_complete
3820 * event gets always produced as initiator and is also mapped to
3821 * the mgmt_auth_failed event */
3822 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3823 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3826 hci_conn_drop(conn);
3829 hci_dev_unlock(hdev);
3832 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3833 struct sk_buff *skb)
3835 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3836 struct inquiry_entry *ie;
3837 struct hci_conn *conn;
3839 BT_DBG("%s", hdev->name);
3843 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3845 memcpy(conn->features[1], ev->features, 8);
3847 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3849 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3851 hci_dev_unlock(hdev);
3854 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3855 struct sk_buff *skb)
3857 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3858 struct oob_data *data;
3860 BT_DBG("%s", hdev->name);
3864 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3867 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3869 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3870 struct hci_cp_remote_oob_ext_data_reply cp;
3872 bacpy(&cp.bdaddr, &ev->bdaddr);
3873 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3874 memcpy(cp.randomizer192, data->randomizer192,
3875 sizeof(cp.randomizer192));
3876 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3877 memcpy(cp.randomizer256, data->randomizer256,
3878 sizeof(cp.randomizer256));
3880 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3883 struct hci_cp_remote_oob_data_reply cp;
3885 bacpy(&cp.bdaddr, &ev->bdaddr);
3886 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3887 memcpy(cp.randomizer, data->randomizer192,
3888 sizeof(cp.randomizer));
3890 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3894 struct hci_cp_remote_oob_data_neg_reply cp;
3896 bacpy(&cp.bdaddr, &ev->bdaddr);
3897 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3902 hci_dev_unlock(hdev);
3905 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3906 struct sk_buff *skb)
3908 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3909 struct hci_conn *hcon, *bredr_hcon;
3911 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3916 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3918 hci_dev_unlock(hdev);
3924 hci_dev_unlock(hdev);
3928 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3930 hcon->state = BT_CONNECTED;
3931 bacpy(&hcon->dst, &bredr_hcon->dst);
3933 hci_conn_hold(hcon);
3934 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3935 hci_conn_drop(hcon);
3937 hci_conn_add_sysfs(hcon);
3939 amp_physical_cfm(bredr_hcon, hcon);
3941 hci_dev_unlock(hdev);
3944 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3946 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3947 struct hci_conn *hcon;
3948 struct hci_chan *hchan;
3949 struct amp_mgr *mgr;
3951 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3952 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3955 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3959 /* Create AMP hchan */
3960 hchan = hci_chan_create(hcon);
3964 hchan->handle = le16_to_cpu(ev->handle);
3966 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3968 mgr = hcon->amp_mgr;
3969 if (mgr && mgr->bredr_chan) {
3970 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3972 l2cap_chan_lock(bredr_chan);
3974 bredr_chan->conn->mtu = hdev->block_mtu;
3975 l2cap_logical_cfm(bredr_chan, hchan, 0);
3976 hci_conn_hold(hcon);
3978 l2cap_chan_unlock(bredr_chan);
3982 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3983 struct sk_buff *skb)
3985 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3986 struct hci_chan *hchan;
3988 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3989 le16_to_cpu(ev->handle), ev->status);
3996 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4000 amp_destroy_logical_link(hchan, ev->reason);
4003 hci_dev_unlock(hdev);
4006 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4007 struct sk_buff *skb)
4009 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4010 struct hci_conn *hcon;
4012 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4019 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4021 hcon->state = BT_CLOSED;
4025 hci_dev_unlock(hdev);
4028 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4030 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4031 struct hci_conn *conn;
4032 struct smp_irk *irk;
4034 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4038 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4040 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4042 BT_ERR("No memory for new connection");
4046 conn->dst_type = ev->bdaddr_type;
4048 if (ev->role == LE_CONN_ROLE_MASTER) {
4050 set_bit(HCI_CONN_MASTER, &conn->flags);
4053 /* If we didn't have a hci_conn object previously
4054 * but we're in master role this must be something
4055 * initiated using a white list. Since white list based
4056 * connections are not "first class citizens" we don't
4057 * have full tracking of them. Therefore, we go ahead
4058 * with a "best effort" approach of determining the
4059 * initiator address based on the HCI_PRIVACY flag.
4062 conn->resp_addr_type = ev->bdaddr_type;
4063 bacpy(&conn->resp_addr, &ev->bdaddr);
4064 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4065 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4066 bacpy(&conn->init_addr, &hdev->rpa);
4068 hci_copy_identity_address(hdev,
4070 &conn->init_addr_type);
4074 cancel_delayed_work(&conn->le_conn_timeout);
4078 /* Set the responder (our side) address type based on
4079 * the advertising address type.
4081 conn->resp_addr_type = hdev->adv_addr_type;
4082 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4083 bacpy(&conn->resp_addr, &hdev->random_addr);
4085 bacpy(&conn->resp_addr, &hdev->bdaddr);
4087 conn->init_addr_type = ev->bdaddr_type;
4088 bacpy(&conn->init_addr, &ev->bdaddr);
4090 /* For incoming connections, set the default minimum
4091 * and maximum connection interval. They will be used
4092 * to check if the parameters are in range and if not
4093 * trigger the connection update procedure.
4095 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4096 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4099 /* Lookup the identity address from the stored connection
4100 * address and address type.
4102 * When establishing connections to an identity address, the
4103 * connection procedure will store the resolvable random
4104 * address first. Now if it can be converted back into the
4105 * identity address, start using the identity address from
4108 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4110 bacpy(&conn->dst, &irk->bdaddr);
4111 conn->dst_type = irk->addr_type;
4115 hci_le_conn_failed(conn, ev->status);
4119 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4120 mgmt_device_connected(hdev, &conn->dst, conn->type,
4121 conn->dst_type, 0, NULL, 0, NULL);
4123 conn->sec_level = BT_SECURITY_LOW;
4124 conn->handle = __le16_to_cpu(ev->handle);
4125 conn->state = BT_CONNECTED;
4127 conn->le_conn_interval = le16_to_cpu(ev->interval);
4128 conn->le_conn_latency = le16_to_cpu(ev->latency);
4129 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4131 hci_conn_add_sysfs(conn);
4133 hci_proto_connect_cfm(conn, ev->status);
4135 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4138 hci_dev_unlock(hdev);
4141 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4142 struct sk_buff *skb)
4144 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4145 struct hci_conn *conn;
4147 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4156 conn->le_conn_interval = le16_to_cpu(ev->interval);
4157 conn->le_conn_latency = le16_to_cpu(ev->latency);
4158 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4161 hci_dev_unlock(hdev);
4164 /* This function requires the caller holds hdev->lock */
4165 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4168 struct hci_conn *conn;
4169 struct smp_irk *irk;
4171 /* If this is a resolvable address, we should resolve it and then
4172 * update address and address type variables.
4174 irk = hci_get_irk(hdev, addr, addr_type);
4176 addr = &irk->bdaddr;
4177 addr_type = irk->addr_type;
4180 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4183 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4188 switch (PTR_ERR(conn)) {
4190 /* If hci_connect() returns -EBUSY it means there is already
4191 * an LE connection attempt going on. Since controllers don't
4192 * support more than one connection attempt at the time, we
4193 * don't consider this an error case.
4197 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4201 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4202 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4204 struct discovery_state *d = &hdev->discovery;
4207 /* Passive scanning shouldn't trigger any device found events */
4208 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4209 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4210 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4214 /* If there's nothing pending either store the data from this
4215 * event or send an immediate device found event if the data
4216 * should not be stored for later.
4218 if (!has_pending_adv_report(hdev)) {
4219 /* If the report will trigger a SCAN_REQ store it for
4222 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4223 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4228 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4229 rssi, 0, 1, data, len, NULL, 0);
4233 /* Check if the pending report is for the same device as the new one */
4234 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4235 bdaddr_type == d->last_adv_addr_type);
4237 /* If the pending data doesn't match this report or this isn't a
4238 * scan response (e.g. we got a duplicate ADV_IND) then force
4239 * sending of the pending data.
4241 if (type != LE_ADV_SCAN_RSP || !match) {
4242 /* Send out whatever is in the cache, but skip duplicates */
4244 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4245 d->last_adv_addr_type, NULL,
4246 d->last_adv_rssi, 0, 1,
4248 d->last_adv_data_len, NULL, 0);
4250 /* If the new report will trigger a SCAN_REQ store it for
4253 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4254 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4259 /* The advertising reports cannot be merged, so clear
4260 * the pending report and send out a device found event.
4262 clear_pending_adv_report(hdev);
4263 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4264 rssi, 0, 1, data, len, NULL, 0);
4268 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4269 * the new event is a SCAN_RSP. We can therefore proceed with
4270 * sending a merged device found event.
4272 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4273 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4274 d->last_adv_data, d->last_adv_data_len);
4275 clear_pending_adv_report(hdev);
4278 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4280 u8 num_reports = skb->data[0];
4281 void *ptr = &skb->data[1];
4285 while (num_reports--) {
4286 struct hci_ev_le_advertising_info *ev = ptr;
4289 rssi = ev->data[ev->length];
4290 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4291 ev->bdaddr_type, rssi, ev->data, ev->length);
4293 ptr += sizeof(*ev) + ev->length + 1;
4296 hci_dev_unlock(hdev);
4299 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4301 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4302 struct hci_cp_le_ltk_reply cp;
4303 struct hci_cp_le_ltk_neg_reply neg;
4304 struct hci_conn *conn;
4305 struct smp_ltk *ltk;
4307 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4311 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4315 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4319 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4320 cp.handle = cpu_to_le16(conn->handle);
4322 if (ltk->authenticated)
4323 conn->pending_sec_level = BT_SECURITY_HIGH;
4325 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4327 conn->enc_key_size = ltk->enc_size;
4329 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4331 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4332 * temporary key used to encrypt a connection following
4333 * pairing. It is used during the Encrypted Session Setup to
4334 * distribute the keys. Later, security can be re-established
4335 * using a distributed LTK.
4337 if (ltk->type == SMP_STK) {
4338 list_del(<k->list);
4342 hci_dev_unlock(hdev);
4347 neg.handle = ev->handle;
4348 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4349 hci_dev_unlock(hdev);
4352 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4354 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4356 skb_pull(skb, sizeof(*le_ev));
4358 switch (le_ev->subevent) {
4359 case HCI_EV_LE_CONN_COMPLETE:
4360 hci_le_conn_complete_evt(hdev, skb);
4363 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4364 hci_le_conn_update_complete_evt(hdev, skb);
4367 case HCI_EV_LE_ADVERTISING_REPORT:
4368 hci_le_adv_report_evt(hdev, skb);
4371 case HCI_EV_LE_LTK_REQ:
4372 hci_le_ltk_request_evt(hdev, skb);
4380 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4382 struct hci_ev_channel_selected *ev = (void *) skb->data;
4383 struct hci_conn *hcon;
4385 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4387 skb_pull(skb, sizeof(*ev));
4389 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4393 amp_read_loc_assoc_final_data(hdev, hcon);
4396 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4398 struct hci_event_hdr *hdr = (void *) skb->data;
4399 __u8 event = hdr->evt;
4403 /* Received events are (currently) only needed when a request is
4404 * ongoing so avoid unnecessary memory allocation.
4406 if (hdev->req_status == HCI_REQ_PEND) {
4407 kfree_skb(hdev->recv_evt);
4408 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4411 hci_dev_unlock(hdev);
4413 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4415 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4416 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4417 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4419 hci_req_cmd_complete(hdev, opcode, 0);
4423 case HCI_EV_INQUIRY_COMPLETE:
4424 hci_inquiry_complete_evt(hdev, skb);
4427 case HCI_EV_INQUIRY_RESULT:
4428 hci_inquiry_result_evt(hdev, skb);
4431 case HCI_EV_CONN_COMPLETE:
4432 hci_conn_complete_evt(hdev, skb);
4435 case HCI_EV_CONN_REQUEST:
4436 hci_conn_request_evt(hdev, skb);
4439 case HCI_EV_DISCONN_COMPLETE:
4440 hci_disconn_complete_evt(hdev, skb);
4443 case HCI_EV_AUTH_COMPLETE:
4444 hci_auth_complete_evt(hdev, skb);
4447 case HCI_EV_REMOTE_NAME:
4448 hci_remote_name_evt(hdev, skb);
4451 case HCI_EV_ENCRYPT_CHANGE:
4452 hci_encrypt_change_evt(hdev, skb);
4455 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4456 hci_change_link_key_complete_evt(hdev, skb);
4459 case HCI_EV_REMOTE_FEATURES:
4460 hci_remote_features_evt(hdev, skb);
4463 case HCI_EV_CMD_COMPLETE:
4464 hci_cmd_complete_evt(hdev, skb);
4467 case HCI_EV_CMD_STATUS:
4468 hci_cmd_status_evt(hdev, skb);
4471 case HCI_EV_ROLE_CHANGE:
4472 hci_role_change_evt(hdev, skb);
4475 case HCI_EV_NUM_COMP_PKTS:
4476 hci_num_comp_pkts_evt(hdev, skb);
4479 case HCI_EV_MODE_CHANGE:
4480 hci_mode_change_evt(hdev, skb);
4483 case HCI_EV_PIN_CODE_REQ:
4484 hci_pin_code_request_evt(hdev, skb);
4487 case HCI_EV_LINK_KEY_REQ:
4488 hci_link_key_request_evt(hdev, skb);
4491 case HCI_EV_LINK_KEY_NOTIFY:
4492 hci_link_key_notify_evt(hdev, skb);
4495 case HCI_EV_CLOCK_OFFSET:
4496 hci_clock_offset_evt(hdev, skb);
4499 case HCI_EV_PKT_TYPE_CHANGE:
4500 hci_pkt_type_change_evt(hdev, skb);
4503 case HCI_EV_PSCAN_REP_MODE:
4504 hci_pscan_rep_mode_evt(hdev, skb);
4507 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4508 hci_inquiry_result_with_rssi_evt(hdev, skb);
4511 case HCI_EV_REMOTE_EXT_FEATURES:
4512 hci_remote_ext_features_evt(hdev, skb);
4515 case HCI_EV_SYNC_CONN_COMPLETE:
4516 hci_sync_conn_complete_evt(hdev, skb);
4519 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4520 hci_extended_inquiry_result_evt(hdev, skb);
4523 case HCI_EV_KEY_REFRESH_COMPLETE:
4524 hci_key_refresh_complete_evt(hdev, skb);
4527 case HCI_EV_IO_CAPA_REQUEST:
4528 hci_io_capa_request_evt(hdev, skb);
4531 case HCI_EV_IO_CAPA_REPLY:
4532 hci_io_capa_reply_evt(hdev, skb);
4535 case HCI_EV_USER_CONFIRM_REQUEST:
4536 hci_user_confirm_request_evt(hdev, skb);
4539 case HCI_EV_USER_PASSKEY_REQUEST:
4540 hci_user_passkey_request_evt(hdev, skb);
4543 case HCI_EV_USER_PASSKEY_NOTIFY:
4544 hci_user_passkey_notify_evt(hdev, skb);
4547 case HCI_EV_KEYPRESS_NOTIFY:
4548 hci_keypress_notify_evt(hdev, skb);
4551 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4552 hci_simple_pair_complete_evt(hdev, skb);
4555 case HCI_EV_REMOTE_HOST_FEATURES:
4556 hci_remote_host_features_evt(hdev, skb);
4559 case HCI_EV_LE_META:
4560 hci_le_meta_evt(hdev, skb);
4563 case HCI_EV_CHANNEL_SELECTED:
4564 hci_chan_selected_evt(hdev, skb);
4567 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4568 hci_remote_oob_data_request_evt(hdev, skb);
4571 case HCI_EV_PHY_LINK_COMPLETE:
4572 hci_phy_link_complete_evt(hdev, skb);
4575 case HCI_EV_LOGICAL_LINK_COMPLETE:
4576 hci_loglink_complete_evt(hdev, skb);
4579 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4580 hci_disconn_loglink_complete_evt(hdev, skb);
4583 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4584 hci_disconn_phylink_complete_evt(hdev, skb);
4587 case HCI_EV_NUM_COMP_BLOCKS:
4588 hci_num_comp_blocks_evt(hdev, skb);
4592 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4597 hdev->stat.evt_rx++;