2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
58 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
61 hci_conn_check_pending(hdev);
64 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
66 __u8 status = *((__u8 *) skb->data);
68 BT_DBG("%s status 0x%2.2x", hdev->name, status);
73 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%2.2x", hdev->name, status);
85 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
87 hci_conn_check_pending(hdev);
90 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
93 BT_DBG("%s", hdev->name);
96 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
98 struct hci_rp_role_discovery *rp = (void *) skb->data;
99 struct hci_conn *conn;
101 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
110 conn->role = rp->role;
112 hci_dev_unlock(hdev);
115 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 struct hci_rp_read_link_policy *rp = (void *) skb->data;
118 struct hci_conn *conn;
120 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
127 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 conn->link_policy = __le16_to_cpu(rp->policy);
131 hci_dev_unlock(hdev);
134 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 struct hci_rp_write_link_policy *rp = (void *) skb->data;
137 struct hci_conn *conn;
140 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
145 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 conn->link_policy = get_unaligned_le16(sent + 2);
155 hci_dev_unlock(hdev);
158 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 __u8 status = *((__u8 *) skb->data);
177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
182 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
189 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191 __u8 status = *((__u8 *) skb->data);
193 BT_DBG("%s status 0x%2.2x", hdev->name, status);
195 clear_bit(HCI_RESET, &hdev->flags);
200 /* Reset all non-persistent flags */
201 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
203 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
211 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
212 hdev->scan_rsp_data_len = 0;
214 hdev->le_scan_type = LE_SCAN_PASSIVE;
216 hdev->ssp_debug_mode = 0;
218 hci_bdaddr_list_clear(&hdev->le_white_list);
221 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
224 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
225 struct hci_cp_read_stored_link_key *sent;
227 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
229 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
233 if (!rp->status && sent->read_all == 0x01) {
234 hdev->stored_max_keys = rp->max_keys;
235 hdev->stored_num_keys = rp->num_keys;
239 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
242 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
244 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
249 if (rp->num_keys <= hdev->stored_num_keys)
250 hdev->stored_num_keys -= rp->num_keys;
252 hdev->stored_num_keys = 0;
255 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
257 __u8 status = *((__u8 *) skb->data);
260 BT_DBG("%s status 0x%2.2x", hdev->name, status);
262 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
268 if (hci_dev_test_flag(hdev, HCI_MGMT))
269 mgmt_set_local_name_complete(hdev, sent, status);
271 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
273 hci_dev_unlock(hdev);
276 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278 struct hci_rp_read_local_name *rp = (void *) skb->data;
280 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
285 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
286 hci_dev_test_flag(hdev, HCI_CONFIG))
287 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
290 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 status = *((__u8 *) skb->data);
295 BT_DBG("%s status 0x%2.2x", hdev->name, status);
297 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
304 __u8 param = *((__u8 *) sent);
306 if (param == AUTH_ENABLED)
307 set_bit(HCI_AUTH, &hdev->flags);
309 clear_bit(HCI_AUTH, &hdev->flags);
312 if (hci_dev_test_flag(hdev, HCI_MGMT))
313 mgmt_auth_enable_complete(hdev, status);
315 hci_dev_unlock(hdev);
318 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
320 __u8 status = *((__u8 *) skb->data);
324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
329 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
333 param = *((__u8 *) sent);
336 set_bit(HCI_ENCRYPT, &hdev->flags);
338 clear_bit(HCI_ENCRYPT, &hdev->flags);
341 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
343 __u8 status = *((__u8 *) skb->data);
347 BT_DBG("%s status 0x%2.2x", hdev->name, status);
349 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
353 param = *((__u8 *) sent);
358 hdev->discov_timeout = 0;
362 if (param & SCAN_INQUIRY)
363 set_bit(HCI_ISCAN, &hdev->flags);
365 clear_bit(HCI_ISCAN, &hdev->flags);
367 if (param & SCAN_PAGE)
368 set_bit(HCI_PSCAN, &hdev->flags);
370 clear_bit(HCI_PSCAN, &hdev->flags);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
380 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
385 memcpy(hdev->dev_class, rp->dev_class, 3);
387 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
388 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
391 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
393 __u8 status = *((__u8 *) skb->data);
396 BT_DBG("%s status 0x%2.2x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
405 memcpy(hdev->dev_class, sent, 3);
407 if (hci_dev_test_flag(hdev, HCI_MGMT))
408 mgmt_set_class_of_dev_complete(hdev, sent, status);
410 hci_dev_unlock(hdev);
413 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
415 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
418 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
423 setting = __le16_to_cpu(rp->voice_setting);
425 if (hdev->voice_setting == setting)
428 hdev->voice_setting = setting;
430 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
433 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
436 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
439 __u8 status = *((__u8 *) skb->data);
443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
448 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
452 setting = get_unaligned_le16(sent);
454 if (hdev->voice_setting == setting)
457 hdev->voice_setting = setting;
459 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
462 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
465 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
468 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
470 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
475 hdev->num_iac = rp->num_iac;
477 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
480 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
482 __u8 status = *((__u8 *) skb->data);
483 struct hci_cp_write_ssp_mode *sent;
485 BT_DBG("%s status 0x%2.2x", hdev->name, status);
487 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
495 hdev->features[1][0] |= LMP_HOST_SSP;
497 hdev->features[1][0] &= ~LMP_HOST_SSP;
500 if (hci_dev_test_flag(hdev, HCI_MGMT))
501 mgmt_ssp_enable_complete(hdev, sent->mode, status);
504 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
506 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
509 hci_dev_unlock(hdev);
512 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
514 u8 status = *((u8 *) skb->data);
515 struct hci_cp_write_sc_support *sent;
517 BT_DBG("%s status 0x%2.2x", hdev->name, status);
519 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
527 hdev->features[1][0] |= LMP_HOST_SC;
529 hdev->features[1][0] &= ~LMP_HOST_SC;
532 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
534 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
536 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
539 hci_dev_unlock(hdev);
542 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
544 struct hci_rp_read_local_version *rp = (void *) skb->data;
546 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
551 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
552 hci_dev_test_flag(hdev, HCI_CONFIG)) {
553 hdev->hci_ver = rp->hci_ver;
554 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
555 hdev->lmp_ver = rp->lmp_ver;
556 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
557 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
561 static void hci_cc_read_local_commands(struct hci_dev *hdev,
564 struct hci_rp_read_local_commands *rp = (void *) skb->data;
566 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
571 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
572 hci_dev_test_flag(hdev, HCI_CONFIG))
573 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
576 static void hci_cc_read_local_features(struct hci_dev *hdev,
579 struct hci_rp_read_local_features *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586 memcpy(hdev->features, rp->features, 8);
588 /* Adjust default settings according to features
589 * supported by device. */
591 if (hdev->features[0][0] & LMP_3SLOT)
592 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
594 if (hdev->features[0][0] & LMP_5SLOT)
595 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
597 if (hdev->features[0][1] & LMP_HV2) {
598 hdev->pkt_type |= (HCI_HV2);
599 hdev->esco_type |= (ESCO_HV2);
602 if (hdev->features[0][1] & LMP_HV3) {
603 hdev->pkt_type |= (HCI_HV3);
604 hdev->esco_type |= (ESCO_HV3);
607 if (lmp_esco_capable(hdev))
608 hdev->esco_type |= (ESCO_EV3);
610 if (hdev->features[0][4] & LMP_EV4)
611 hdev->esco_type |= (ESCO_EV4);
613 if (hdev->features[0][4] & LMP_EV5)
614 hdev->esco_type |= (ESCO_EV5);
616 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
617 hdev->esco_type |= (ESCO_2EV3);
619 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
620 hdev->esco_type |= (ESCO_3EV3);
622 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
623 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
626 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
629 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
631 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
636 if (hdev->max_page < rp->max_page)
637 hdev->max_page = rp->max_page;
639 if (rp->page < HCI_MAX_PAGES)
640 memcpy(hdev->features[rp->page], rp->features, 8);
643 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
646 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
648 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
653 hdev->flow_ctl_mode = rp->mode;
656 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
658 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
660 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
665 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
666 hdev->sco_mtu = rp->sco_mtu;
667 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
668 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
670 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
675 hdev->acl_cnt = hdev->acl_pkts;
676 hdev->sco_cnt = hdev->sco_pkts;
678 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
679 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
682 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
684 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
686 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
691 if (test_bit(HCI_INIT, &hdev->flags))
692 bacpy(&hdev->bdaddr, &rp->bdaddr);
694 if (hci_dev_test_flag(hdev, HCI_SETUP))
695 bacpy(&hdev->setup_addr, &rp->bdaddr);
698 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
701 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
703 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
708 if (test_bit(HCI_INIT, &hdev->flags)) {
709 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
710 hdev->page_scan_window = __le16_to_cpu(rp->window);
714 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
717 u8 status = *((u8 *) skb->data);
718 struct hci_cp_write_page_scan_activity *sent;
720 BT_DBG("%s status 0x%2.2x", hdev->name, status);
725 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
729 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
730 hdev->page_scan_window = __le16_to_cpu(sent->window);
733 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
736 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
743 if (test_bit(HCI_INIT, &hdev->flags))
744 hdev->page_scan_type = rp->type;
747 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
750 u8 status = *((u8 *) skb->data);
753 BT_DBG("%s status 0x%2.2x", hdev->name, status);
758 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
760 hdev->page_scan_type = *type;
763 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
766 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
768 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
773 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
774 hdev->block_len = __le16_to_cpu(rp->block_len);
775 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
777 hdev->block_cnt = hdev->num_blocks;
779 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
780 hdev->block_cnt, hdev->block_len);
783 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
785 struct hci_rp_read_clock *rp = (void *) skb->data;
786 struct hci_cp_read_clock *cp;
787 struct hci_conn *conn;
789 BT_DBG("%s", hdev->name);
791 if (skb->len < sizeof(*rp))
799 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
803 if (cp->which == 0x00) {
804 hdev->clock = le32_to_cpu(rp->clock);
808 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
810 conn->clock = le32_to_cpu(rp->clock);
811 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
815 hci_dev_unlock(hdev);
818 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
821 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
823 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 hdev->amp_status = rp->amp_status;
829 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
830 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
831 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
832 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
833 hdev->amp_type = rp->amp_type;
834 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
835 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
836 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
837 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
840 a2mp_send_getinfo_rsp(hdev);
843 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
846 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
847 struct amp_assoc *assoc = &hdev->loc_assoc;
848 size_t rem_len, frag_len;
850 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
855 frag_len = skb->len - sizeof(*rp);
856 rem_len = __le16_to_cpu(rp->rem_len);
858 if (rem_len > frag_len) {
859 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
861 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
862 assoc->offset += frag_len;
864 /* Read other fragments */
865 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
870 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
871 assoc->len = assoc->offset + rem_len;
875 /* Send A2MP Rsp when all fragments are received */
876 a2mp_send_getampassoc_rsp(hdev, rp->status);
877 a2mp_send_create_phy_link_req(hdev, rp->status);
880 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
883 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
885 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
890 hdev->inq_tx_power = rp->tx_power;
893 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
895 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
896 struct hci_cp_pin_code_reply *cp;
897 struct hci_conn *conn;
899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903 if (hci_dev_test_flag(hdev, HCI_MGMT))
904 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
909 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
913 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
915 conn->pin_length = cp->pin_len;
918 hci_dev_unlock(hdev);
921 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
923 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
925 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
929 if (hci_dev_test_flag(hdev, HCI_MGMT))
930 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
933 hci_dev_unlock(hdev);
936 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
939 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
946 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
947 hdev->le_pkts = rp->le_max_pkt;
949 hdev->le_cnt = hdev->le_pkts;
951 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
954 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
957 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
959 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
964 memcpy(hdev->le_features, rp->features, 8);
967 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
970 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
972 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
977 hdev->adv_tx_power = rp->tx_power;
980 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
982 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
984 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
988 if (hci_dev_test_flag(hdev, HCI_MGMT))
989 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
992 hci_dev_unlock(hdev);
995 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
998 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1000 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1004 if (hci_dev_test_flag(hdev, HCI_MGMT))
1005 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1006 ACL_LINK, 0, rp->status);
1008 hci_dev_unlock(hdev);
1011 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1013 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1015 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1019 if (hci_dev_test_flag(hdev, HCI_MGMT))
1020 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1023 hci_dev_unlock(hdev);
1026 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1027 struct sk_buff *skb)
1029 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1031 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1035 if (hci_dev_test_flag(hdev, HCI_MGMT))
1036 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1037 ACL_LINK, 0, rp->status);
1039 hci_dev_unlock(hdev);
1042 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1045 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1047 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1050 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1052 hci_dev_unlock(hdev);
1055 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1056 struct sk_buff *skb)
1058 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1060 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1063 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1064 rp->hash256, rp->rand256,
1066 hci_dev_unlock(hdev);
1070 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1072 __u8 status = *((__u8 *) skb->data);
1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1080 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1086 bacpy(&hdev->random_addr, sent);
1088 hci_dev_unlock(hdev);
1091 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1093 __u8 *sent, status = *((__u8 *) skb->data);
1095 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1106 /* If we're doing connection initiation as peripheral. Set a
1107 * timeout in case something goes wrong.
1110 struct hci_conn *conn;
1112 hci_dev_set_flag(hdev, HCI_LE_ADV);
1114 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1116 queue_delayed_work(hdev->workqueue,
1117 &conn->le_conn_timeout,
1118 conn->conn_timeout);
1120 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1123 hci_dev_unlock(hdev);
1126 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1128 struct hci_cp_le_set_scan_param *cp;
1129 __u8 status = *((__u8 *) skb->data);
1131 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1142 hdev->le_scan_type = cp->type;
1144 hci_dev_unlock(hdev);
1147 static bool has_pending_adv_report(struct hci_dev *hdev)
1149 struct discovery_state *d = &hdev->discovery;
1151 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1154 static void clear_pending_adv_report(struct hci_dev *hdev)
1156 struct discovery_state *d = &hdev->discovery;
1158 bacpy(&d->last_adv_addr, BDADDR_ANY);
1159 d->last_adv_data_len = 0;
1162 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1163 u8 bdaddr_type, s8 rssi, u32 flags,
1166 struct discovery_state *d = &hdev->discovery;
1168 bacpy(&d->last_adv_addr, bdaddr);
1169 d->last_adv_addr_type = bdaddr_type;
1170 d->last_adv_rssi = rssi;
1171 d->last_adv_flags = flags;
1172 memcpy(d->last_adv_data, data, len);
1173 d->last_adv_data_len = len;
1176 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1179 struct hci_cp_le_set_scan_enable *cp;
1180 __u8 status = *((__u8 *) skb->data);
1182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1187 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1193 switch (cp->enable) {
1194 case LE_SCAN_ENABLE:
1195 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1196 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1197 clear_pending_adv_report(hdev);
1200 case LE_SCAN_DISABLE:
1201 /* We do this here instead of when setting DISCOVERY_STOPPED
1202 * since the latter would potentially require waiting for
1203 * inquiry to stop too.
1205 if (has_pending_adv_report(hdev)) {
1206 struct discovery_state *d = &hdev->discovery;
1208 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1209 d->last_adv_addr_type, NULL,
1210 d->last_adv_rssi, d->last_adv_flags,
1212 d->last_adv_data_len, NULL, 0);
1215 /* Cancel this timer so that we don't try to disable scanning
1216 * when it's already disabled.
1218 cancel_delayed_work(&hdev->le_scan_disable);
1220 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1222 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1223 * interrupted scanning due to a connect request. Mark
1224 * therefore discovery as stopped. If this was not
1225 * because of a connect request advertising might have
1226 * been disabled because of active scanning, so
1227 * re-enable it again if necessary.
1229 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1230 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1231 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1232 hdev->discovery.state == DISCOVERY_FINDING)
1233 mgmt_reenable_advertising(hdev);
1238 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1242 hci_dev_unlock(hdev);
1245 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1246 struct sk_buff *skb)
1248 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1250 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1255 hdev->le_white_list_size = rp->size;
1258 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1259 struct sk_buff *skb)
1261 __u8 status = *((__u8 *) skb->data);
1263 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1268 hci_bdaddr_list_clear(&hdev->le_white_list);
1271 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1272 struct sk_buff *skb)
1274 struct hci_cp_le_add_to_white_list *sent;
1275 __u8 status = *((__u8 *) skb->data);
1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1282 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1286 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1290 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1291 struct sk_buff *skb)
1293 struct hci_cp_le_del_from_white_list *sent;
1294 __u8 status = *((__u8 *) skb->data);
1296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1301 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1305 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1309 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1310 struct sk_buff *skb)
1312 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1314 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1319 memcpy(hdev->le_states, rp->le_states, 8);
1322 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1323 struct sk_buff *skb)
1325 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1327 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1332 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1333 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1336 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1337 struct sk_buff *skb)
1339 struct hci_cp_le_write_def_data_len *sent;
1340 __u8 status = *((__u8 *) skb->data);
1342 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1347 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1351 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1352 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1355 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1356 struct sk_buff *skb)
1358 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1360 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1365 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1366 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1367 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1368 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1371 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1372 struct sk_buff *skb)
1374 struct hci_cp_write_le_host_supported *sent;
1375 __u8 status = *((__u8 *) skb->data);
1377 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1382 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1389 hdev->features[1][0] |= LMP_HOST_LE;
1390 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1392 hdev->features[1][0] &= ~LMP_HOST_LE;
1393 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1394 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1398 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1400 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1402 hci_dev_unlock(hdev);
1405 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1407 struct hci_cp_le_set_adv_param *cp;
1408 u8 status = *((u8 *) skb->data);
1410 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1415 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1420 hdev->adv_addr_type = cp->own_address_type;
1421 hci_dev_unlock(hdev);
1424 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1425 struct sk_buff *skb)
1427 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1429 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1430 hdev->name, rp->status, rp->phy_handle);
1435 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1438 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1440 struct hci_rp_read_rssi *rp = (void *) skb->data;
1441 struct hci_conn *conn;
1443 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1452 conn->rssi = rp->rssi;
1454 hci_dev_unlock(hdev);
1457 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1459 struct hci_cp_read_tx_power *sent;
1460 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1461 struct hci_conn *conn;
1463 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1468 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1474 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1478 switch (sent->type) {
1480 conn->tx_power = rp->tx_power;
1483 conn->max_tx_power = rp->tx_power;
1488 hci_dev_unlock(hdev);
1491 static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1493 u8 status = *((u8 *) skb->data);
1496 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1501 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1503 hdev->ssp_debug_mode = *mode;
1506 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1508 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511 hci_conn_check_pending(hdev);
1515 set_bit(HCI_INQUIRY, &hdev->flags);
1518 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1520 struct hci_cp_create_conn *cp;
1521 struct hci_conn *conn;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1531 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1533 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1536 if (conn && conn->state == BT_CONNECT) {
1537 if (status != 0x0c || conn->attempt > 2) {
1538 conn->state = BT_CLOSED;
1539 hci_connect_cfm(conn, status);
1542 conn->state = BT_CONNECT2;
1546 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1549 BT_ERR("No memory for new connection");
1553 hci_dev_unlock(hdev);
1556 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1558 struct hci_cp_add_sco *cp;
1559 struct hci_conn *acl, *sco;
1562 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1567 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1571 handle = __le16_to_cpu(cp->handle);
1573 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1577 acl = hci_conn_hash_lookup_handle(hdev, handle);
1581 sco->state = BT_CLOSED;
1583 hci_connect_cfm(sco, status);
1588 hci_dev_unlock(hdev);
1591 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1593 struct hci_cp_auth_requested *cp;
1594 struct hci_conn *conn;
1596 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1609 if (conn->state == BT_CONFIG) {
1610 hci_connect_cfm(conn, status);
1611 hci_conn_drop(conn);
1615 hci_dev_unlock(hdev);
1618 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1620 struct hci_cp_set_conn_encrypt *cp;
1621 struct hci_conn *conn;
1623 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1628 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1634 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1636 if (conn->state == BT_CONFIG) {
1637 hci_connect_cfm(conn, status);
1638 hci_conn_drop(conn);
1642 hci_dev_unlock(hdev);
1645 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1646 struct hci_conn *conn)
1648 if (conn->state != BT_CONFIG || !conn->out)
1651 if (conn->pending_sec_level == BT_SECURITY_SDP)
1654 /* Only request authentication for SSP connections or non-SSP
1655 * devices with sec_level MEDIUM or HIGH or if MITM protection
1658 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1659 conn->pending_sec_level != BT_SECURITY_FIPS &&
1660 conn->pending_sec_level != BT_SECURITY_HIGH &&
1661 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1667 static int hci_resolve_name(struct hci_dev *hdev,
1668 struct inquiry_entry *e)
1670 struct hci_cp_remote_name_req cp;
1672 memset(&cp, 0, sizeof(cp));
1674 bacpy(&cp.bdaddr, &e->data.bdaddr);
1675 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1676 cp.pscan_mode = e->data.pscan_mode;
1677 cp.clock_offset = e->data.clock_offset;
1679 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1682 static bool hci_resolve_next_name(struct hci_dev *hdev)
1684 struct discovery_state *discov = &hdev->discovery;
1685 struct inquiry_entry *e;
1687 if (list_empty(&discov->resolve))
1690 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1694 if (hci_resolve_name(hdev, e) == 0) {
1695 e->name_state = NAME_PENDING;
1702 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1703 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1705 struct discovery_state *discov = &hdev->discovery;
1706 struct inquiry_entry *e;
1708 /* Update the mgmt connected state if necessary. Be careful with
1709 * conn objects that exist but are not (yet) connected however.
1710 * Only those in BT_CONFIG or BT_CONNECTED states can be
1711 * considered connected.
1714 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1715 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1716 mgmt_device_connected(hdev, conn, 0, name, name_len);
1718 if (discov->state == DISCOVERY_STOPPED)
1721 if (discov->state == DISCOVERY_STOPPING)
1722 goto discov_complete;
1724 if (discov->state != DISCOVERY_RESOLVING)
1727 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1728 /* If the device was not found in a list of found devices names of which
1729 * are pending. there is no need to continue resolving a next name as it
1730 * will be done upon receiving another Remote Name Request Complete
1737 e->name_state = NAME_KNOWN;
1738 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1739 e->data.rssi, name, name_len);
1741 e->name_state = NAME_NOT_KNOWN;
1744 if (hci_resolve_next_name(hdev))
1748 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1751 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1753 struct hci_cp_remote_name_req *cp;
1754 struct hci_conn *conn;
1756 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1758 /* If successful wait for the name req complete event before
1759 * checking for the need to do authentication */
1763 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1769 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1771 if (hci_dev_test_flag(hdev, HCI_MGMT))
1772 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1777 if (!hci_outgoing_auth_needed(hdev, conn))
1780 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1781 struct hci_cp_auth_requested auth_cp;
1783 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1785 auth_cp.handle = __cpu_to_le16(conn->handle);
1786 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1787 sizeof(auth_cp), &auth_cp);
1791 hci_dev_unlock(hdev);
1794 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1796 struct hci_cp_read_remote_features *cp;
1797 struct hci_conn *conn;
1799 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1804 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1812 if (conn->state == BT_CONFIG) {
1813 hci_connect_cfm(conn, status);
1814 hci_conn_drop(conn);
1818 hci_dev_unlock(hdev);
1821 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1823 struct hci_cp_read_remote_ext_features *cp;
1824 struct hci_conn *conn;
1826 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1831 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1837 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1839 if (conn->state == BT_CONFIG) {
1840 hci_connect_cfm(conn, status);
1841 hci_conn_drop(conn);
1845 hci_dev_unlock(hdev);
1848 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1850 struct hci_cp_setup_sync_conn *cp;
1851 struct hci_conn *acl, *sco;
1854 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1859 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1863 handle = __le16_to_cpu(cp->handle);
1865 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1869 acl = hci_conn_hash_lookup_handle(hdev, handle);
1873 sco->state = BT_CLOSED;
1875 hci_connect_cfm(sco, status);
1880 hci_dev_unlock(hdev);
1883 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1885 struct hci_cp_sniff_mode *cp;
1886 struct hci_conn *conn;
1888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1893 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1899 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1901 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1903 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1904 hci_sco_setup(conn, status);
1907 hci_dev_unlock(hdev);
1910 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1912 struct hci_cp_exit_sniff_mode *cp;
1913 struct hci_conn *conn;
1915 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1920 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1926 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1928 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1930 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1931 hci_sco_setup(conn, status);
1934 hci_dev_unlock(hdev);
1937 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1939 struct hci_cp_disconnect *cp;
1940 struct hci_conn *conn;
1945 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1953 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1954 conn->dst_type, status);
1956 hci_dev_unlock(hdev);
1959 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1961 struct hci_cp_create_phy_link *cp;
1963 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1965 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1972 struct hci_conn *hcon;
1974 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1978 amp_write_remote_assoc(hdev, cp->phy_handle);
1981 hci_dev_unlock(hdev);
1984 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1986 struct hci_cp_accept_phy_link *cp;
1988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1993 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1997 amp_write_remote_assoc(hdev, cp->phy_handle);
2000 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2002 struct hci_cp_le_create_conn *cp;
2003 struct hci_conn *conn;
2005 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2007 /* All connection failure handling is taken care of by the
2008 * hci_le_conn_failed function which is triggered by the HCI
2009 * request completion callbacks used for connecting.
2014 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2020 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
2024 /* Store the initiator and responder address information which
2025 * is needed for SMP. These values will not change during the
2026 * lifetime of the connection.
2028 conn->init_addr_type = cp->own_address_type;
2029 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
2030 bacpy(&conn->init_addr, &hdev->random_addr);
2032 bacpy(&conn->init_addr, &hdev->bdaddr);
2034 conn->resp_addr_type = cp->peer_addr_type;
2035 bacpy(&conn->resp_addr, &cp->peer_addr);
2037 /* We don't want the connection attempt to stick around
2038 * indefinitely since LE doesn't have a page timeout concept
2039 * like BR/EDR. Set a timer for any connection that doesn't use
2040 * the white list for connecting.
2042 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
2043 queue_delayed_work(conn->hdev->workqueue,
2044 &conn->le_conn_timeout,
2045 conn->conn_timeout);
2048 hci_dev_unlock(hdev);
2051 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2053 struct hci_cp_le_start_enc *cp;
2054 struct hci_conn *conn;
2056 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2063 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2067 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2071 if (conn->state != BT_CONNECTED)
2074 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2075 hci_conn_drop(conn);
2078 hci_dev_unlock(hdev);
2081 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2083 struct hci_cp_switch_role *cp;
2084 struct hci_conn *conn;
2086 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2091 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2097 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2099 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2101 hci_dev_unlock(hdev);
2104 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2106 __u8 status = *((__u8 *) skb->data);
2107 struct discovery_state *discov = &hdev->discovery;
2108 struct inquiry_entry *e;
2110 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2112 hci_conn_check_pending(hdev);
2114 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2117 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2118 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2120 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2125 if (discov->state != DISCOVERY_FINDING)
2128 if (list_empty(&discov->resolve)) {
2129 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2133 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2134 if (e && hci_resolve_name(hdev, e) == 0) {
2135 e->name_state = NAME_PENDING;
2136 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2138 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2142 hci_dev_unlock(hdev);
2145 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2147 struct inquiry_data data;
2148 struct inquiry_info *info = (void *) (skb->data + 1);
2149 int num_rsp = *((__u8 *) skb->data);
2151 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2156 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2161 for (; num_rsp; num_rsp--, info++) {
2164 bacpy(&data.bdaddr, &info->bdaddr);
2165 data.pscan_rep_mode = info->pscan_rep_mode;
2166 data.pscan_period_mode = info->pscan_period_mode;
2167 data.pscan_mode = info->pscan_mode;
2168 memcpy(data.dev_class, info->dev_class, 3);
2169 data.clock_offset = info->clock_offset;
2170 data.rssi = HCI_RSSI_INVALID;
2171 data.ssp_mode = 0x00;
2173 flags = hci_inquiry_cache_update(hdev, &data, false);
2175 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2176 info->dev_class, HCI_RSSI_INVALID,
2177 flags, NULL, 0, NULL, 0);
2180 hci_dev_unlock(hdev);
2183 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2185 struct hci_ev_conn_complete *ev = (void *) skb->data;
2186 struct hci_conn *conn;
2188 BT_DBG("%s", hdev->name);
2192 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2194 if (ev->link_type != SCO_LINK)
2197 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2201 conn->type = SCO_LINK;
2205 conn->handle = __le16_to_cpu(ev->handle);
2207 if (conn->type == ACL_LINK) {
2208 conn->state = BT_CONFIG;
2209 hci_conn_hold(conn);
2211 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2212 !hci_find_link_key(hdev, &ev->bdaddr))
2213 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2215 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2217 conn->state = BT_CONNECTED;
2219 hci_debugfs_create_conn(conn);
2220 hci_conn_add_sysfs(conn);
2222 if (test_bit(HCI_AUTH, &hdev->flags))
2223 set_bit(HCI_CONN_AUTH, &conn->flags);
2225 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2226 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2228 /* Get remote features */
2229 if (conn->type == ACL_LINK) {
2230 struct hci_cp_read_remote_features cp;
2231 cp.handle = ev->handle;
2232 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2235 hci_update_page_scan(hdev);
2238 /* Set packet type for incoming connection */
2239 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2240 struct hci_cp_change_conn_ptype cp;
2241 cp.handle = ev->handle;
2242 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2243 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2247 conn->state = BT_CLOSED;
2248 if (conn->type == ACL_LINK)
2249 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2250 conn->dst_type, ev->status);
2253 if (conn->type == ACL_LINK)
2254 hci_sco_setup(conn, ev->status);
2257 hci_connect_cfm(conn, ev->status);
2259 } else if (ev->link_type != ACL_LINK)
2260 hci_connect_cfm(conn, ev->status);
2263 hci_dev_unlock(hdev);
2265 hci_conn_check_pending(hdev);
2268 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2270 struct hci_cp_reject_conn_req cp;
2272 bacpy(&cp.bdaddr, bdaddr);
2273 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2274 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2277 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2279 struct hci_ev_conn_request *ev = (void *) skb->data;
2280 int mask = hdev->link_mode;
2281 struct inquiry_entry *ie;
2282 struct hci_conn *conn;
2285 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2288 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2291 if (!(mask & HCI_LM_ACCEPT)) {
2292 hci_reject_conn(hdev, &ev->bdaddr);
2296 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2298 hci_reject_conn(hdev, &ev->bdaddr);
2302 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2303 * connection. These features are only touched through mgmt so
2304 * only do the checks if HCI_MGMT is set.
2306 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2307 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2308 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2310 hci_reject_conn(hdev, &ev->bdaddr);
2314 /* Connection accepted */
2318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2320 memcpy(ie->data.dev_class, ev->dev_class, 3);
2322 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2325 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2328 BT_ERR("No memory for new connection");
2329 hci_dev_unlock(hdev);
2334 memcpy(conn->dev_class, ev->dev_class, 3);
2336 hci_dev_unlock(hdev);
2338 if (ev->link_type == ACL_LINK ||
2339 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2340 struct hci_cp_accept_conn_req cp;
2341 conn->state = BT_CONNECT;
2343 bacpy(&cp.bdaddr, &ev->bdaddr);
2345 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2346 cp.role = 0x00; /* Become master */
2348 cp.role = 0x01; /* Remain slave */
2350 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2351 } else if (!(flags & HCI_PROTO_DEFER)) {
2352 struct hci_cp_accept_sync_conn_req cp;
2353 conn->state = BT_CONNECT;
2355 bacpy(&cp.bdaddr, &ev->bdaddr);
2356 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2358 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2359 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2360 cp.max_latency = cpu_to_le16(0xffff);
2361 cp.content_format = cpu_to_le16(hdev->voice_setting);
2362 cp.retrans_effort = 0xff;
2364 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2367 conn->state = BT_CONNECT2;
2368 hci_connect_cfm(conn, 0);
2372 static u8 hci_to_mgmt_reason(u8 err)
2375 case HCI_ERROR_CONNECTION_TIMEOUT:
2376 return MGMT_DEV_DISCONN_TIMEOUT;
2377 case HCI_ERROR_REMOTE_USER_TERM:
2378 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2379 case HCI_ERROR_REMOTE_POWER_OFF:
2380 return MGMT_DEV_DISCONN_REMOTE;
2381 case HCI_ERROR_LOCAL_HOST_TERM:
2382 return MGMT_DEV_DISCONN_LOCAL_HOST;
2384 return MGMT_DEV_DISCONN_UNKNOWN;
2388 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2390 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2391 u8 reason = hci_to_mgmt_reason(ev->reason);
2392 struct hci_conn_params *params;
2393 struct hci_conn *conn;
2394 bool mgmt_connected;
2397 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2406 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2407 conn->dst_type, ev->status);
2411 conn->state = BT_CLOSED;
2413 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2414 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2415 reason, mgmt_connected);
2417 if (conn->type == ACL_LINK) {
2418 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2419 hci_remove_link_key(hdev, &conn->dst);
2421 hci_update_page_scan(hdev);
2424 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2426 switch (params->auto_connect) {
2427 case HCI_AUTO_CONN_LINK_LOSS:
2428 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2432 case HCI_AUTO_CONN_DIRECT:
2433 case HCI_AUTO_CONN_ALWAYS:
2434 list_del_init(¶ms->action);
2435 list_add(¶ms->action, &hdev->pend_le_conns);
2436 hci_update_background_scan(hdev);
2446 hci_disconn_cfm(conn, ev->reason);
2449 /* Re-enable advertising if necessary, since it might
2450 * have been disabled by the connection. From the
2451 * HCI_LE_Set_Advertise_Enable command description in
2452 * the core specification (v4.0):
2453 * "The Controller shall continue advertising until the Host
2454 * issues an LE_Set_Advertise_Enable command with
2455 * Advertising_Enable set to 0x00 (Advertising is disabled)
2456 * or until a connection is created or until the Advertising
2457 * is timed out due to Directed Advertising."
2459 if (type == LE_LINK)
2460 mgmt_reenable_advertising(hdev);
2463 hci_dev_unlock(hdev);
2466 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2468 struct hci_ev_auth_complete *ev = (void *) skb->data;
2469 struct hci_conn *conn;
2471 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2475 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2480 if (!hci_conn_ssp_enabled(conn) &&
2481 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2482 BT_INFO("re-auth of legacy device is not possible.");
2484 set_bit(HCI_CONN_AUTH, &conn->flags);
2485 conn->sec_level = conn->pending_sec_level;
2488 mgmt_auth_failed(conn, ev->status);
2491 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2492 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2494 if (conn->state == BT_CONFIG) {
2495 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2496 struct hci_cp_set_conn_encrypt cp;
2497 cp.handle = ev->handle;
2499 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2502 conn->state = BT_CONNECTED;
2503 hci_connect_cfm(conn, ev->status);
2504 hci_conn_drop(conn);
2507 hci_auth_cfm(conn, ev->status);
2509 hci_conn_hold(conn);
2510 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2511 hci_conn_drop(conn);
2514 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2516 struct hci_cp_set_conn_encrypt cp;
2517 cp.handle = ev->handle;
2519 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2522 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2523 hci_encrypt_cfm(conn, ev->status, 0x00);
2528 hci_dev_unlock(hdev);
2531 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2533 struct hci_ev_remote_name *ev = (void *) skb->data;
2534 struct hci_conn *conn;
2536 BT_DBG("%s", hdev->name);
2538 hci_conn_check_pending(hdev);
2542 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2544 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2547 if (ev->status == 0)
2548 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2549 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2551 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2557 if (!hci_outgoing_auth_needed(hdev, conn))
2560 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2561 struct hci_cp_auth_requested cp;
2563 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2565 cp.handle = __cpu_to_le16(conn->handle);
2566 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2570 hci_dev_unlock(hdev);
2573 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2575 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2576 struct hci_conn *conn;
2578 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2588 /* Encryption implies authentication */
2589 set_bit(HCI_CONN_AUTH, &conn->flags);
2590 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2591 conn->sec_level = conn->pending_sec_level;
2593 /* P-256 authentication key implies FIPS */
2594 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2595 set_bit(HCI_CONN_FIPS, &conn->flags);
2597 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2598 conn->type == LE_LINK)
2599 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2601 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2602 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2606 /* We should disregard the current RPA and generate a new one
2607 * whenever the encryption procedure fails.
2609 if (ev->status && conn->type == LE_LINK)
2610 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2612 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2614 if (ev->status && conn->state == BT_CONNECTED) {
2615 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2616 hci_conn_drop(conn);
2620 if (conn->state == BT_CONFIG) {
2622 conn->state = BT_CONNECTED;
2624 /* In Secure Connections Only mode, do not allow any
2625 * connections that are not encrypted with AES-CCM
2626 * using a P-256 authenticated combination key.
2628 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
2629 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2630 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2631 hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2632 hci_conn_drop(conn);
2636 hci_connect_cfm(conn, ev->status);
2637 hci_conn_drop(conn);
2639 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2642 hci_dev_unlock(hdev);
2645 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2646 struct sk_buff *skb)
2648 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2649 struct hci_conn *conn;
2651 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2655 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2658 set_bit(HCI_CONN_SECURE, &conn->flags);
2660 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2662 hci_key_change_cfm(conn, ev->status);
2665 hci_dev_unlock(hdev);
2668 static void hci_remote_features_evt(struct hci_dev *hdev,
2669 struct sk_buff *skb)
2671 struct hci_ev_remote_features *ev = (void *) skb->data;
2672 struct hci_conn *conn;
2674 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2678 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2683 memcpy(conn->features[0], ev->features, 8);
2685 if (conn->state != BT_CONFIG)
2688 if (!ev->status && lmp_ext_feat_capable(hdev) &&
2689 lmp_ext_feat_capable(conn)) {
2690 struct hci_cp_read_remote_ext_features cp;
2691 cp.handle = ev->handle;
2693 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2698 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2699 struct hci_cp_remote_name_req cp;
2700 memset(&cp, 0, sizeof(cp));
2701 bacpy(&cp.bdaddr, &conn->dst);
2702 cp.pscan_rep_mode = 0x02;
2703 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2704 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2705 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2707 if (!hci_outgoing_auth_needed(hdev, conn)) {
2708 conn->state = BT_CONNECTED;
2709 hci_connect_cfm(conn, ev->status);
2710 hci_conn_drop(conn);
2714 hci_dev_unlock(hdev);
2717 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2719 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2720 u8 status = skb->data[sizeof(*ev)];
2723 skb_pull(skb, sizeof(*ev));
2725 opcode = __le16_to_cpu(ev->opcode);
2728 case HCI_OP_INQUIRY_CANCEL:
2729 hci_cc_inquiry_cancel(hdev, skb);
2732 case HCI_OP_PERIODIC_INQ:
2733 hci_cc_periodic_inq(hdev, skb);
2736 case HCI_OP_EXIT_PERIODIC_INQ:
2737 hci_cc_exit_periodic_inq(hdev, skb);
2740 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2741 hci_cc_remote_name_req_cancel(hdev, skb);
2744 case HCI_OP_ROLE_DISCOVERY:
2745 hci_cc_role_discovery(hdev, skb);
2748 case HCI_OP_READ_LINK_POLICY:
2749 hci_cc_read_link_policy(hdev, skb);
2752 case HCI_OP_WRITE_LINK_POLICY:
2753 hci_cc_write_link_policy(hdev, skb);
2756 case HCI_OP_READ_DEF_LINK_POLICY:
2757 hci_cc_read_def_link_policy(hdev, skb);
2760 case HCI_OP_WRITE_DEF_LINK_POLICY:
2761 hci_cc_write_def_link_policy(hdev, skb);
2765 hci_cc_reset(hdev, skb);
2768 case HCI_OP_READ_STORED_LINK_KEY:
2769 hci_cc_read_stored_link_key(hdev, skb);
2772 case HCI_OP_DELETE_STORED_LINK_KEY:
2773 hci_cc_delete_stored_link_key(hdev, skb);
2776 case HCI_OP_WRITE_LOCAL_NAME:
2777 hci_cc_write_local_name(hdev, skb);
2780 case HCI_OP_READ_LOCAL_NAME:
2781 hci_cc_read_local_name(hdev, skb);
2784 case HCI_OP_WRITE_AUTH_ENABLE:
2785 hci_cc_write_auth_enable(hdev, skb);
2788 case HCI_OP_WRITE_ENCRYPT_MODE:
2789 hci_cc_write_encrypt_mode(hdev, skb);
2792 case HCI_OP_WRITE_SCAN_ENABLE:
2793 hci_cc_write_scan_enable(hdev, skb);
2796 case HCI_OP_READ_CLASS_OF_DEV:
2797 hci_cc_read_class_of_dev(hdev, skb);
2800 case HCI_OP_WRITE_CLASS_OF_DEV:
2801 hci_cc_write_class_of_dev(hdev, skb);
2804 case HCI_OP_READ_VOICE_SETTING:
2805 hci_cc_read_voice_setting(hdev, skb);
2808 case HCI_OP_WRITE_VOICE_SETTING:
2809 hci_cc_write_voice_setting(hdev, skb);
2812 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2813 hci_cc_read_num_supported_iac(hdev, skb);
2816 case HCI_OP_WRITE_SSP_MODE:
2817 hci_cc_write_ssp_mode(hdev, skb);
2820 case HCI_OP_WRITE_SC_SUPPORT:
2821 hci_cc_write_sc_support(hdev, skb);
2824 case HCI_OP_READ_LOCAL_VERSION:
2825 hci_cc_read_local_version(hdev, skb);
2828 case HCI_OP_READ_LOCAL_COMMANDS:
2829 hci_cc_read_local_commands(hdev, skb);
2832 case HCI_OP_READ_LOCAL_FEATURES:
2833 hci_cc_read_local_features(hdev, skb);
2836 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2837 hci_cc_read_local_ext_features(hdev, skb);
2840 case HCI_OP_READ_BUFFER_SIZE:
2841 hci_cc_read_buffer_size(hdev, skb);
2844 case HCI_OP_READ_BD_ADDR:
2845 hci_cc_read_bd_addr(hdev, skb);
2848 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2849 hci_cc_read_page_scan_activity(hdev, skb);
2852 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2853 hci_cc_write_page_scan_activity(hdev, skb);
2856 case HCI_OP_READ_PAGE_SCAN_TYPE:
2857 hci_cc_read_page_scan_type(hdev, skb);
2860 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2861 hci_cc_write_page_scan_type(hdev, skb);
2864 case HCI_OP_READ_DATA_BLOCK_SIZE:
2865 hci_cc_read_data_block_size(hdev, skb);
2868 case HCI_OP_READ_FLOW_CONTROL_MODE:
2869 hci_cc_read_flow_control_mode(hdev, skb);
2872 case HCI_OP_READ_LOCAL_AMP_INFO:
2873 hci_cc_read_local_amp_info(hdev, skb);
2876 case HCI_OP_READ_CLOCK:
2877 hci_cc_read_clock(hdev, skb);
2880 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2881 hci_cc_read_local_amp_assoc(hdev, skb);
2884 case HCI_OP_READ_INQ_RSP_TX_POWER:
2885 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2888 case HCI_OP_PIN_CODE_REPLY:
2889 hci_cc_pin_code_reply(hdev, skb);
2892 case HCI_OP_PIN_CODE_NEG_REPLY:
2893 hci_cc_pin_code_neg_reply(hdev, skb);
2896 case HCI_OP_READ_LOCAL_OOB_DATA:
2897 hci_cc_read_local_oob_data(hdev, skb);
2900 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2901 hci_cc_read_local_oob_ext_data(hdev, skb);
2904 case HCI_OP_LE_READ_BUFFER_SIZE:
2905 hci_cc_le_read_buffer_size(hdev, skb);
2908 case HCI_OP_LE_READ_LOCAL_FEATURES:
2909 hci_cc_le_read_local_features(hdev, skb);
2912 case HCI_OP_LE_READ_ADV_TX_POWER:
2913 hci_cc_le_read_adv_tx_power(hdev, skb);
2916 case HCI_OP_USER_CONFIRM_REPLY:
2917 hci_cc_user_confirm_reply(hdev, skb);
2920 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2921 hci_cc_user_confirm_neg_reply(hdev, skb);
2924 case HCI_OP_USER_PASSKEY_REPLY:
2925 hci_cc_user_passkey_reply(hdev, skb);
2928 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2929 hci_cc_user_passkey_neg_reply(hdev, skb);
2932 case HCI_OP_LE_SET_RANDOM_ADDR:
2933 hci_cc_le_set_random_addr(hdev, skb);
2936 case HCI_OP_LE_SET_ADV_ENABLE:
2937 hci_cc_le_set_adv_enable(hdev, skb);
2940 case HCI_OP_LE_SET_SCAN_PARAM:
2941 hci_cc_le_set_scan_param(hdev, skb);
2944 case HCI_OP_LE_SET_SCAN_ENABLE:
2945 hci_cc_le_set_scan_enable(hdev, skb);
2948 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2949 hci_cc_le_read_white_list_size(hdev, skb);
2952 case HCI_OP_LE_CLEAR_WHITE_LIST:
2953 hci_cc_le_clear_white_list(hdev, skb);
2956 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2957 hci_cc_le_add_to_white_list(hdev, skb);
2960 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2961 hci_cc_le_del_from_white_list(hdev, skb);
2964 case HCI_OP_LE_READ_SUPPORTED_STATES:
2965 hci_cc_le_read_supported_states(hdev, skb);
2968 case HCI_OP_LE_READ_DEF_DATA_LEN:
2969 hci_cc_le_read_def_data_len(hdev, skb);
2972 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
2973 hci_cc_le_write_def_data_len(hdev, skb);
2976 case HCI_OP_LE_READ_MAX_DATA_LEN:
2977 hci_cc_le_read_max_data_len(hdev, skb);
2980 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2981 hci_cc_write_le_host_supported(hdev, skb);
2984 case HCI_OP_LE_SET_ADV_PARAM:
2985 hci_cc_set_adv_param(hdev, skb);
2988 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2989 hci_cc_write_remote_amp_assoc(hdev, skb);
2992 case HCI_OP_READ_RSSI:
2993 hci_cc_read_rssi(hdev, skb);
2996 case HCI_OP_READ_TX_POWER:
2997 hci_cc_read_tx_power(hdev, skb);
3000 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3001 hci_cc_write_ssp_debug_mode(hdev, skb);
3005 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3009 if (opcode != HCI_OP_NOP)
3010 cancel_delayed_work(&hdev->cmd_timer);
3012 hci_req_cmd_complete(hdev, opcode, status);
3014 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3015 atomic_set(&hdev->cmd_cnt, 1);
3016 if (!skb_queue_empty(&hdev->cmd_q))
3017 queue_work(hdev->workqueue, &hdev->cmd_work);
3021 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
3023 struct hci_ev_cmd_status *ev = (void *) skb->data;
3026 skb_pull(skb, sizeof(*ev));
3028 opcode = __le16_to_cpu(ev->opcode);
3031 case HCI_OP_INQUIRY:
3032 hci_cs_inquiry(hdev, ev->status);
3035 case HCI_OP_CREATE_CONN:
3036 hci_cs_create_conn(hdev, ev->status);
3039 case HCI_OP_DISCONNECT:
3040 hci_cs_disconnect(hdev, ev->status);
3043 case HCI_OP_ADD_SCO:
3044 hci_cs_add_sco(hdev, ev->status);
3047 case HCI_OP_AUTH_REQUESTED:
3048 hci_cs_auth_requested(hdev, ev->status);
3051 case HCI_OP_SET_CONN_ENCRYPT:
3052 hci_cs_set_conn_encrypt(hdev, ev->status);
3055 case HCI_OP_REMOTE_NAME_REQ:
3056 hci_cs_remote_name_req(hdev, ev->status);
3059 case HCI_OP_READ_REMOTE_FEATURES:
3060 hci_cs_read_remote_features(hdev, ev->status);
3063 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3064 hci_cs_read_remote_ext_features(hdev, ev->status);
3067 case HCI_OP_SETUP_SYNC_CONN:
3068 hci_cs_setup_sync_conn(hdev, ev->status);
3071 case HCI_OP_CREATE_PHY_LINK:
3072 hci_cs_create_phylink(hdev, ev->status);
3075 case HCI_OP_ACCEPT_PHY_LINK:
3076 hci_cs_accept_phylink(hdev, ev->status);
3079 case HCI_OP_SNIFF_MODE:
3080 hci_cs_sniff_mode(hdev, ev->status);
3083 case HCI_OP_EXIT_SNIFF_MODE:
3084 hci_cs_exit_sniff_mode(hdev, ev->status);
3087 case HCI_OP_SWITCH_ROLE:
3088 hci_cs_switch_role(hdev, ev->status);
3091 case HCI_OP_LE_CREATE_CONN:
3092 hci_cs_le_create_conn(hdev, ev->status);
3095 case HCI_OP_LE_START_ENC:
3096 hci_cs_le_start_enc(hdev, ev->status);
3100 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3104 if (opcode != HCI_OP_NOP)
3105 cancel_delayed_work(&hdev->cmd_timer);
3108 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req_event))
3109 hci_req_cmd_complete(hdev, opcode, ev->status);
3111 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3112 atomic_set(&hdev->cmd_cnt, 1);
3113 if (!skb_queue_empty(&hdev->cmd_q))
3114 queue_work(hdev->workqueue, &hdev->cmd_work);
3118 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3120 struct hci_ev_hardware_error *ev = (void *) skb->data;
3122 hdev->hw_error_code = ev->code;
3124 queue_work(hdev->req_workqueue, &hdev->error_reset);
3127 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3129 struct hci_ev_role_change *ev = (void *) skb->data;
3130 struct hci_conn *conn;
3132 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3136 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3139 conn->role = ev->role;
3141 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3143 hci_role_switch_cfm(conn, ev->status, ev->role);
3146 hci_dev_unlock(hdev);
3149 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3151 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3154 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3155 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3159 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3160 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3161 BT_DBG("%s bad parameters", hdev->name);
3165 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3167 for (i = 0; i < ev->num_hndl; i++) {
3168 struct hci_comp_pkts_info *info = &ev->handles[i];
3169 struct hci_conn *conn;
3170 __u16 handle, count;
3172 handle = __le16_to_cpu(info->handle);
3173 count = __le16_to_cpu(info->count);
3175 conn = hci_conn_hash_lookup_handle(hdev, handle);
3179 conn->sent -= count;
3181 switch (conn->type) {
3183 hdev->acl_cnt += count;
3184 if (hdev->acl_cnt > hdev->acl_pkts)
3185 hdev->acl_cnt = hdev->acl_pkts;
3189 if (hdev->le_pkts) {
3190 hdev->le_cnt += count;
3191 if (hdev->le_cnt > hdev->le_pkts)
3192 hdev->le_cnt = hdev->le_pkts;
3194 hdev->acl_cnt += count;
3195 if (hdev->acl_cnt > hdev->acl_pkts)
3196 hdev->acl_cnt = hdev->acl_pkts;
3201 hdev->sco_cnt += count;
3202 if (hdev->sco_cnt > hdev->sco_pkts)
3203 hdev->sco_cnt = hdev->sco_pkts;
3207 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3212 queue_work(hdev->workqueue, &hdev->tx_work);
3215 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3218 struct hci_chan *chan;
3220 switch (hdev->dev_type) {
3222 return hci_conn_hash_lookup_handle(hdev, handle);
3224 chan = hci_chan_lookup_handle(hdev, handle);
3229 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3236 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3238 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3241 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3242 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3246 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3247 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3248 BT_DBG("%s bad parameters", hdev->name);
3252 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3255 for (i = 0; i < ev->num_hndl; i++) {
3256 struct hci_comp_blocks_info *info = &ev->handles[i];
3257 struct hci_conn *conn = NULL;
3258 __u16 handle, block_count;
3260 handle = __le16_to_cpu(info->handle);
3261 block_count = __le16_to_cpu(info->blocks);
3263 conn = __hci_conn_lookup_handle(hdev, handle);
3267 conn->sent -= block_count;
3269 switch (conn->type) {
3272 hdev->block_cnt += block_count;
3273 if (hdev->block_cnt > hdev->num_blocks)
3274 hdev->block_cnt = hdev->num_blocks;
3278 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3283 queue_work(hdev->workqueue, &hdev->tx_work);
3286 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3288 struct hci_ev_mode_change *ev = (void *) skb->data;
3289 struct hci_conn *conn;
3291 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3297 conn->mode = ev->mode;
3299 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3301 if (conn->mode == HCI_CM_ACTIVE)
3302 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3304 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3307 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3308 hci_sco_setup(conn, ev->status);
3311 hci_dev_unlock(hdev);
3314 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3316 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3317 struct hci_conn *conn;
3319 BT_DBG("%s", hdev->name);
3323 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3327 if (conn->state == BT_CONNECTED) {
3328 hci_conn_hold(conn);
3329 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3330 hci_conn_drop(conn);
3333 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3334 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3335 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3336 sizeof(ev->bdaddr), &ev->bdaddr);
3337 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3340 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3345 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3349 hci_dev_unlock(hdev);
3352 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3354 if (key_type == HCI_LK_CHANGED_COMBINATION)
3357 conn->pin_length = pin_len;
3358 conn->key_type = key_type;
3361 case HCI_LK_LOCAL_UNIT:
3362 case HCI_LK_REMOTE_UNIT:
3363 case HCI_LK_DEBUG_COMBINATION:
3365 case HCI_LK_COMBINATION:
3367 conn->pending_sec_level = BT_SECURITY_HIGH;
3369 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3371 case HCI_LK_UNAUTH_COMBINATION_P192:
3372 case HCI_LK_UNAUTH_COMBINATION_P256:
3373 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3375 case HCI_LK_AUTH_COMBINATION_P192:
3376 conn->pending_sec_level = BT_SECURITY_HIGH;
3378 case HCI_LK_AUTH_COMBINATION_P256:
3379 conn->pending_sec_level = BT_SECURITY_FIPS;
3384 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3386 struct hci_ev_link_key_req *ev = (void *) skb->data;
3387 struct hci_cp_link_key_reply cp;
3388 struct hci_conn *conn;
3389 struct link_key *key;
3391 BT_DBG("%s", hdev->name);
3393 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3398 key = hci_find_link_key(hdev, &ev->bdaddr);
3400 BT_DBG("%s link key not found for %pMR", hdev->name,
3405 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3410 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3412 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3413 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3414 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3415 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3419 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3420 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3421 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3422 BT_DBG("%s ignoring key unauthenticated for high security",
3427 conn_set_key(conn, key->type, key->pin_len);
3430 bacpy(&cp.bdaddr, &ev->bdaddr);
3431 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3433 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3435 hci_dev_unlock(hdev);
3440 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3441 hci_dev_unlock(hdev);
3444 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3446 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3447 struct hci_conn *conn;
3448 struct link_key *key;
3452 BT_DBG("%s", hdev->name);
3456 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3460 hci_conn_hold(conn);
3461 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3462 hci_conn_drop(conn);
3464 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3465 conn_set_key(conn, ev->key_type, conn->pin_length);
3467 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3470 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3471 ev->key_type, pin_len, &persistent);
3475 /* Update connection information since adding the key will have
3476 * fixed up the type in the case of changed combination keys.
3478 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3479 conn_set_key(conn, key->type, key->pin_len);
3481 mgmt_new_link_key(hdev, key, persistent);
3483 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3484 * is set. If it's not set simply remove the key from the kernel
3485 * list (we've still notified user space about it but with
3486 * store_hint being 0).
3488 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3489 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
3490 list_del_rcu(&key->list);
3491 kfree_rcu(key, rcu);
3496 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3498 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3501 hci_dev_unlock(hdev);
3504 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3506 struct hci_ev_clock_offset *ev = (void *) skb->data;
3507 struct hci_conn *conn;
3509 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3514 if (conn && !ev->status) {
3515 struct inquiry_entry *ie;
3517 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3519 ie->data.clock_offset = ev->clock_offset;
3520 ie->timestamp = jiffies;
3524 hci_dev_unlock(hdev);
3527 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3529 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3530 struct hci_conn *conn;
3532 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3536 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3537 if (conn && !ev->status)
3538 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3540 hci_dev_unlock(hdev);
3543 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3545 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3546 struct inquiry_entry *ie;
3548 BT_DBG("%s", hdev->name);
3552 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3554 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3555 ie->timestamp = jiffies;
3558 hci_dev_unlock(hdev);
3561 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3562 struct sk_buff *skb)
3564 struct inquiry_data data;
3565 int num_rsp = *((__u8 *) skb->data);
3567 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3572 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3577 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3578 struct inquiry_info_with_rssi_and_pscan_mode *info;
3579 info = (void *) (skb->data + 1);
3581 for (; num_rsp; num_rsp--, info++) {
3584 bacpy(&data.bdaddr, &info->bdaddr);
3585 data.pscan_rep_mode = info->pscan_rep_mode;
3586 data.pscan_period_mode = info->pscan_period_mode;
3587 data.pscan_mode = info->pscan_mode;
3588 memcpy(data.dev_class, info->dev_class, 3);
3589 data.clock_offset = info->clock_offset;
3590 data.rssi = info->rssi;
3591 data.ssp_mode = 0x00;
3593 flags = hci_inquiry_cache_update(hdev, &data, false);
3595 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3596 info->dev_class, info->rssi,
3597 flags, NULL, 0, NULL, 0);
3600 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3602 for (; num_rsp; num_rsp--, info++) {
3605 bacpy(&data.bdaddr, &info->bdaddr);
3606 data.pscan_rep_mode = info->pscan_rep_mode;
3607 data.pscan_period_mode = info->pscan_period_mode;
3608 data.pscan_mode = 0x00;
3609 memcpy(data.dev_class, info->dev_class, 3);
3610 data.clock_offset = info->clock_offset;
3611 data.rssi = info->rssi;
3612 data.ssp_mode = 0x00;
3614 flags = hci_inquiry_cache_update(hdev, &data, false);
3616 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3617 info->dev_class, info->rssi,
3618 flags, NULL, 0, NULL, 0);
3622 hci_dev_unlock(hdev);
3625 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3626 struct sk_buff *skb)
3628 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3629 struct hci_conn *conn;
3631 BT_DBG("%s", hdev->name);
3635 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3639 if (ev->page < HCI_MAX_PAGES)
3640 memcpy(conn->features[ev->page], ev->features, 8);
3642 if (!ev->status && ev->page == 0x01) {
3643 struct inquiry_entry *ie;
3645 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3647 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3649 if (ev->features[0] & LMP_HOST_SSP) {
3650 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3652 /* It is mandatory by the Bluetooth specification that
3653 * Extended Inquiry Results are only used when Secure
3654 * Simple Pairing is enabled, but some devices violate
3657 * To make these devices work, the internal SSP
3658 * enabled flag needs to be cleared if the remote host
3659 * features do not indicate SSP support */
3660 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3663 if (ev->features[0] & LMP_HOST_SC)
3664 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3667 if (conn->state != BT_CONFIG)
3670 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3671 struct hci_cp_remote_name_req cp;
3672 memset(&cp, 0, sizeof(cp));
3673 bacpy(&cp.bdaddr, &conn->dst);
3674 cp.pscan_rep_mode = 0x02;
3675 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3676 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3677 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3679 if (!hci_outgoing_auth_needed(hdev, conn)) {
3680 conn->state = BT_CONNECTED;
3681 hci_connect_cfm(conn, ev->status);
3682 hci_conn_drop(conn);
3686 hci_dev_unlock(hdev);
3689 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3690 struct sk_buff *skb)
3692 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3693 struct hci_conn *conn;
3695 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3699 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3701 if (ev->link_type == ESCO_LINK)
3704 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3708 conn->type = SCO_LINK;
3711 switch (ev->status) {
3713 conn->handle = __le16_to_cpu(ev->handle);
3714 conn->state = BT_CONNECTED;
3716 hci_debugfs_create_conn(conn);
3717 hci_conn_add_sysfs(conn);
3720 case 0x10: /* Connection Accept Timeout */
3721 case 0x0d: /* Connection Rejected due to Limited Resources */
3722 case 0x11: /* Unsupported Feature or Parameter Value */
3723 case 0x1c: /* SCO interval rejected */
3724 case 0x1a: /* Unsupported Remote Feature */
3725 case 0x1f: /* Unspecified error */
3726 case 0x20: /* Unsupported LMP Parameter value */
3728 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3729 (hdev->esco_type & EDR_ESCO_MASK);
3730 if (hci_setup_sync(conn, conn->link->handle))
3736 conn->state = BT_CLOSED;
3740 hci_connect_cfm(conn, ev->status);
3745 hci_dev_unlock(hdev);
3748 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3752 while (parsed < eir_len) {
3753 u8 field_len = eir[0];
3758 parsed += field_len + 1;
3759 eir += field_len + 1;
3765 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3766 struct sk_buff *skb)
3768 struct inquiry_data data;
3769 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3770 int num_rsp = *((__u8 *) skb->data);
3773 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3778 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3783 for (; num_rsp; num_rsp--, info++) {
3787 bacpy(&data.bdaddr, &info->bdaddr);
3788 data.pscan_rep_mode = info->pscan_rep_mode;
3789 data.pscan_period_mode = info->pscan_period_mode;
3790 data.pscan_mode = 0x00;
3791 memcpy(data.dev_class, info->dev_class, 3);
3792 data.clock_offset = info->clock_offset;
3793 data.rssi = info->rssi;
3794 data.ssp_mode = 0x01;
3796 if (hci_dev_test_flag(hdev, HCI_MGMT))
3797 name_known = eir_has_data_type(info->data,
3803 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3805 eir_len = eir_get_length(info->data, sizeof(info->data));
3807 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3808 info->dev_class, info->rssi,
3809 flags, info->data, eir_len, NULL, 0);
3812 hci_dev_unlock(hdev);
3815 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3816 struct sk_buff *skb)
3818 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3819 struct hci_conn *conn;
3821 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3822 __le16_to_cpu(ev->handle));
3826 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3830 /* For BR/EDR the necessary steps are taken through the
3831 * auth_complete event.
3833 if (conn->type != LE_LINK)
3837 conn->sec_level = conn->pending_sec_level;
3839 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3841 if (ev->status && conn->state == BT_CONNECTED) {
3842 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3843 hci_conn_drop(conn);
3847 if (conn->state == BT_CONFIG) {
3849 conn->state = BT_CONNECTED;
3851 hci_connect_cfm(conn, ev->status);
3852 hci_conn_drop(conn);
3854 hci_auth_cfm(conn, ev->status);
3856 hci_conn_hold(conn);
3857 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3858 hci_conn_drop(conn);
3862 hci_dev_unlock(hdev);
3865 static u8 hci_get_auth_req(struct hci_conn *conn)
3867 /* If remote requests no-bonding follow that lead */
3868 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3869 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3870 return conn->remote_auth | (conn->auth_type & 0x01);
3872 /* If both remote and local have enough IO capabilities, require
3875 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3876 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3877 return conn->remote_auth | 0x01;
3879 /* No MITM protection possible so ignore remote requirement */
3880 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3883 static u8 bredr_oob_data_present(struct hci_conn *conn)
3885 struct hci_dev *hdev = conn->hdev;
3886 struct oob_data *data;
3888 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
3892 if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) {
3893 if (bredr_sc_enabled(hdev)) {
3894 /* When Secure Connections is enabled, then just
3895 * return the present value stored with the OOB
3896 * data. The stored value contains the right present
3897 * information. However it can only be trusted when
3898 * not in Secure Connection Only mode.
3900 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
3901 return data->present;
3903 /* When Secure Connections Only mode is enabled, then
3904 * the P-256 values are required. If they are not
3905 * available, then do not declare that OOB data is
3908 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
3909 !memcmp(data->hash256, ZERO_KEY, 16))
3915 /* When Secure Connections is not enabled or actually
3916 * not supported by the hardware, then check that if
3917 * P-192 data values are present.
3919 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
3920 !memcmp(data->hash192, ZERO_KEY, 16))
3929 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3931 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3932 struct hci_conn *conn;
3934 BT_DBG("%s", hdev->name);
3938 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3942 hci_conn_hold(conn);
3944 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3947 /* Allow pairing if we're pairable, the initiators of the
3948 * pairing or if the remote is not requesting bonding.
3950 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
3951 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
3952 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3953 struct hci_cp_io_capability_reply cp;
3955 bacpy(&cp.bdaddr, &ev->bdaddr);
3956 /* Change the IO capability from KeyboardDisplay
3957 * to DisplayYesNo as it is not supported by BT spec. */
3958 cp.capability = (conn->io_capability == 0x04) ?
3959 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3961 /* If we are initiators, there is no remote information yet */
3962 if (conn->remote_auth == 0xff) {
3963 /* Request MITM protection if our IO caps allow it
3964 * except for the no-bonding case.
3966 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3967 conn->auth_type != HCI_AT_NO_BONDING)
3968 conn->auth_type |= 0x01;
3970 conn->auth_type = hci_get_auth_req(conn);
3973 /* If we're not bondable, force one of the non-bondable
3974 * authentication requirement values.
3976 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
3977 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
3979 cp.authentication = conn->auth_type;
3980 cp.oob_data = bredr_oob_data_present(conn);
3982 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3985 struct hci_cp_io_capability_neg_reply cp;
3987 bacpy(&cp.bdaddr, &ev->bdaddr);
3988 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3990 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3995 hci_dev_unlock(hdev);
3998 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4000 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4001 struct hci_conn *conn;
4003 BT_DBG("%s", hdev->name);
4007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4011 conn->remote_cap = ev->capability;
4012 conn->remote_auth = ev->authentication;
4014 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
4017 hci_dev_unlock(hdev);
4020 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4021 struct sk_buff *skb)
4023 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4024 int loc_mitm, rem_mitm, confirm_hint = 0;
4025 struct hci_conn *conn;
4027 BT_DBG("%s", hdev->name);
4031 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4034 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4038 loc_mitm = (conn->auth_type & 0x01);
4039 rem_mitm = (conn->remote_auth & 0x01);
4041 /* If we require MITM but the remote device can't provide that
4042 * (it has NoInputNoOutput) then reject the confirmation
4043 * request. We check the security level here since it doesn't
4044 * necessarily match conn->auth_type.
4046 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4047 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4048 BT_DBG("Rejecting request: remote device can't provide MITM");
4049 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4050 sizeof(ev->bdaddr), &ev->bdaddr);
4054 /* If no side requires MITM protection; auto-accept */
4055 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4056 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4058 /* If we're not the initiators request authorization to
4059 * proceed from user space (mgmt_user_confirm with
4060 * confirm_hint set to 1). The exception is if neither
4061 * side had MITM or if the local IO capability is
4062 * NoInputNoOutput, in which case we do auto-accept
4064 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4065 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4066 (loc_mitm || rem_mitm)) {
4067 BT_DBG("Confirming auto-accept as acceptor");
4072 BT_DBG("Auto-accept of user confirmation with %ums delay",
4073 hdev->auto_accept_delay);
4075 if (hdev->auto_accept_delay > 0) {
4076 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4077 queue_delayed_work(conn->hdev->workqueue,
4078 &conn->auto_accept_work, delay);
4082 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4083 sizeof(ev->bdaddr), &ev->bdaddr);
4088 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4089 le32_to_cpu(ev->passkey), confirm_hint);
4092 hci_dev_unlock(hdev);
4095 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4096 struct sk_buff *skb)
4098 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4100 BT_DBG("%s", hdev->name);
4102 if (hci_dev_test_flag(hdev, HCI_MGMT))
4103 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4106 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4107 struct sk_buff *skb)
4109 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4110 struct hci_conn *conn;
4112 BT_DBG("%s", hdev->name);
4114 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4118 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4119 conn->passkey_entered = 0;
4121 if (hci_dev_test_flag(hdev, HCI_MGMT))
4122 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4123 conn->dst_type, conn->passkey_notify,
4124 conn->passkey_entered);
4127 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4129 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4130 struct hci_conn *conn;
4132 BT_DBG("%s", hdev->name);
4134 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4139 case HCI_KEYPRESS_STARTED:
4140 conn->passkey_entered = 0;
4143 case HCI_KEYPRESS_ENTERED:
4144 conn->passkey_entered++;
4147 case HCI_KEYPRESS_ERASED:
4148 conn->passkey_entered--;
4151 case HCI_KEYPRESS_CLEARED:
4152 conn->passkey_entered = 0;
4155 case HCI_KEYPRESS_COMPLETED:
4159 if (hci_dev_test_flag(hdev, HCI_MGMT))
4160 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4161 conn->dst_type, conn->passkey_notify,
4162 conn->passkey_entered);
4165 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4166 struct sk_buff *skb)
4168 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4169 struct hci_conn *conn;
4171 BT_DBG("%s", hdev->name);
4175 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4179 /* Reset the authentication requirement to unknown */
4180 conn->remote_auth = 0xff;
4182 /* To avoid duplicate auth_failed events to user space we check
4183 * the HCI_CONN_AUTH_PEND flag which will be set if we
4184 * initiated the authentication. A traditional auth_complete
4185 * event gets always produced as initiator and is also mapped to
4186 * the mgmt_auth_failed event */
4187 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4188 mgmt_auth_failed(conn, ev->status);
4190 hci_conn_drop(conn);
4193 hci_dev_unlock(hdev);
4196 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4197 struct sk_buff *skb)
4199 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4200 struct inquiry_entry *ie;
4201 struct hci_conn *conn;
4203 BT_DBG("%s", hdev->name);
4207 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4209 memcpy(conn->features[1], ev->features, 8);
4211 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4213 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4215 hci_dev_unlock(hdev);
4218 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4219 struct sk_buff *skb)
4221 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4222 struct oob_data *data;
4224 BT_DBG("%s", hdev->name);
4228 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4231 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4233 struct hci_cp_remote_oob_data_neg_reply cp;
4235 bacpy(&cp.bdaddr, &ev->bdaddr);
4236 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4241 if (bredr_sc_enabled(hdev)) {
4242 struct hci_cp_remote_oob_ext_data_reply cp;
4244 bacpy(&cp.bdaddr, &ev->bdaddr);
4245 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4246 memset(cp.hash192, 0, sizeof(cp.hash192));
4247 memset(cp.rand192, 0, sizeof(cp.rand192));
4249 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4250 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4252 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4253 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4255 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4258 struct hci_cp_remote_oob_data_reply cp;
4260 bacpy(&cp.bdaddr, &ev->bdaddr);
4261 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4262 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4264 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4269 hci_dev_unlock(hdev);
4272 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4273 struct sk_buff *skb)
4275 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4276 struct hci_conn *hcon, *bredr_hcon;
4278 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4283 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4285 hci_dev_unlock(hdev);
4291 hci_dev_unlock(hdev);
4295 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4297 hcon->state = BT_CONNECTED;
4298 bacpy(&hcon->dst, &bredr_hcon->dst);
4300 hci_conn_hold(hcon);
4301 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4302 hci_conn_drop(hcon);
4304 hci_debugfs_create_conn(hcon);
4305 hci_conn_add_sysfs(hcon);
4307 amp_physical_cfm(bredr_hcon, hcon);
4309 hci_dev_unlock(hdev);
4312 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4314 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4315 struct hci_conn *hcon;
4316 struct hci_chan *hchan;
4317 struct amp_mgr *mgr;
4319 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4320 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4323 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4327 /* Create AMP hchan */
4328 hchan = hci_chan_create(hcon);
4332 hchan->handle = le16_to_cpu(ev->handle);
4334 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4336 mgr = hcon->amp_mgr;
4337 if (mgr && mgr->bredr_chan) {
4338 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4340 l2cap_chan_lock(bredr_chan);
4342 bredr_chan->conn->mtu = hdev->block_mtu;
4343 l2cap_logical_cfm(bredr_chan, hchan, 0);
4344 hci_conn_hold(hcon);
4346 l2cap_chan_unlock(bredr_chan);
4350 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4351 struct sk_buff *skb)
4353 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4354 struct hci_chan *hchan;
4356 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4357 le16_to_cpu(ev->handle), ev->status);
4364 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4368 amp_destroy_logical_link(hchan, ev->reason);
4371 hci_dev_unlock(hdev);
4374 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4375 struct sk_buff *skb)
4377 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4378 struct hci_conn *hcon;
4380 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4387 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4389 hcon->state = BT_CLOSED;
4393 hci_dev_unlock(hdev);
4396 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4398 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4399 struct hci_conn_params *params;
4400 struct hci_conn *conn;
4401 struct smp_irk *irk;
4404 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4408 /* All controllers implicitly stop advertising in the event of a
4409 * connection, so ensure that the state bit is cleared.
4411 hci_dev_clear_flag(hdev, HCI_LE_ADV);
4413 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4415 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4417 BT_ERR("No memory for new connection");
4421 conn->dst_type = ev->bdaddr_type;
4423 /* If we didn't have a hci_conn object previously
4424 * but we're in master role this must be something
4425 * initiated using a white list. Since white list based
4426 * connections are not "first class citizens" we don't
4427 * have full tracking of them. Therefore, we go ahead
4428 * with a "best effort" approach of determining the
4429 * initiator address based on the HCI_PRIVACY flag.
4432 conn->resp_addr_type = ev->bdaddr_type;
4433 bacpy(&conn->resp_addr, &ev->bdaddr);
4434 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4435 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4436 bacpy(&conn->init_addr, &hdev->rpa);
4438 hci_copy_identity_address(hdev,
4440 &conn->init_addr_type);
4444 cancel_delayed_work(&conn->le_conn_timeout);
4448 /* Set the responder (our side) address type based on
4449 * the advertising address type.
4451 conn->resp_addr_type = hdev->adv_addr_type;
4452 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4453 bacpy(&conn->resp_addr, &hdev->random_addr);
4455 bacpy(&conn->resp_addr, &hdev->bdaddr);
4457 conn->init_addr_type = ev->bdaddr_type;
4458 bacpy(&conn->init_addr, &ev->bdaddr);
4460 /* For incoming connections, set the default minimum
4461 * and maximum connection interval. They will be used
4462 * to check if the parameters are in range and if not
4463 * trigger the connection update procedure.
4465 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4466 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4469 /* Lookup the identity address from the stored connection
4470 * address and address type.
4472 * When establishing connections to an identity address, the
4473 * connection procedure will store the resolvable random
4474 * address first. Now if it can be converted back into the
4475 * identity address, start using the identity address from
4478 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4480 bacpy(&conn->dst, &irk->bdaddr);
4481 conn->dst_type = irk->addr_type;
4485 hci_le_conn_failed(conn, ev->status);
4489 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4490 addr_type = BDADDR_LE_PUBLIC;
4492 addr_type = BDADDR_LE_RANDOM;
4494 /* Drop the connection if the device is blocked */
4495 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4496 hci_conn_drop(conn);
4500 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4501 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4503 conn->sec_level = BT_SECURITY_LOW;
4504 conn->handle = __le16_to_cpu(ev->handle);
4505 conn->state = BT_CONNECTED;
4507 conn->le_conn_interval = le16_to_cpu(ev->interval);
4508 conn->le_conn_latency = le16_to_cpu(ev->latency);
4509 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4511 hci_debugfs_create_conn(conn);
4512 hci_conn_add_sysfs(conn);
4514 hci_connect_cfm(conn, ev->status);
4516 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4519 list_del_init(¶ms->action);
4521 hci_conn_drop(params->conn);
4522 hci_conn_put(params->conn);
4523 params->conn = NULL;
4528 hci_update_background_scan(hdev);
4529 hci_dev_unlock(hdev);
4532 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4533 struct sk_buff *skb)
4535 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4536 struct hci_conn *conn;
4538 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4547 conn->le_conn_interval = le16_to_cpu(ev->interval);
4548 conn->le_conn_latency = le16_to_cpu(ev->latency);
4549 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4552 hci_dev_unlock(hdev);
4555 /* This function requires the caller holds hdev->lock */
4556 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4558 u8 addr_type, u8 adv_type)
4560 struct hci_conn *conn;
4561 struct hci_conn_params *params;
4563 /* If the event is not connectable don't proceed further */
4564 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4567 /* Ignore if the device is blocked */
4568 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4571 /* Most controller will fail if we try to create new connections
4572 * while we have an existing one in slave role.
4574 if (hdev->conn_hash.le_num_slave > 0)
4577 /* If we're not connectable only connect devices that we have in
4578 * our pend_le_conns list.
4580 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4585 switch (params->auto_connect) {
4586 case HCI_AUTO_CONN_DIRECT:
4587 /* Only devices advertising with ADV_DIRECT_IND are
4588 * triggering a connection attempt. This is allowing
4589 * incoming connections from slave devices.
4591 if (adv_type != LE_ADV_DIRECT_IND)
4594 case HCI_AUTO_CONN_ALWAYS:
4595 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4596 * are triggering a connection attempt. This means
4597 * that incoming connectioms from slave device are
4598 * accepted and also outgoing connections to slave
4599 * devices are established when found.
4606 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4607 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4608 if (!IS_ERR(conn)) {
4609 /* Store the pointer since we don't really have any
4610 * other owner of the object besides the params that
4611 * triggered it. This way we can abort the connection if
4612 * the parameters get removed and keep the reference
4613 * count consistent once the connection is established.
4615 params->conn = hci_conn_get(conn);
4619 switch (PTR_ERR(conn)) {
4621 /* If hci_connect() returns -EBUSY it means there is already
4622 * an LE connection attempt going on. Since controllers don't
4623 * support more than one connection attempt at the time, we
4624 * don't consider this an error case.
4628 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4635 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4636 u8 bdaddr_type, bdaddr_t *direct_addr,
4637 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4639 struct discovery_state *d = &hdev->discovery;
4640 struct smp_irk *irk;
4641 struct hci_conn *conn;
4645 /* If the direct address is present, then this report is from
4646 * a LE Direct Advertising Report event. In that case it is
4647 * important to see if the address is matching the local
4648 * controller address.
4651 /* Only resolvable random addresses are valid for these
4652 * kind of reports and others can be ignored.
4654 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4657 /* If the controller is not using resolvable random
4658 * addresses, then this report can be ignored.
4660 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
4663 /* If the local IRK of the controller does not match
4664 * with the resolvable random address provided, then
4665 * this report can be ignored.
4667 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4671 /* Check if we need to convert to identity address */
4672 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4674 bdaddr = &irk->bdaddr;
4675 bdaddr_type = irk->addr_type;
4678 /* Check if we have been requested to connect to this device */
4679 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4680 if (conn && type == LE_ADV_IND) {
4681 /* Store report for later inclusion by
4682 * mgmt_device_connected
4684 memcpy(conn->le_adv_data, data, len);
4685 conn->le_adv_data_len = len;
4688 /* Passive scanning shouldn't trigger any device found events,
4689 * except for devices marked as CONN_REPORT for which we do send
4690 * device found events.
4692 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4693 if (type == LE_ADV_DIRECT_IND)
4696 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4697 bdaddr, bdaddr_type))
4700 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4701 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4704 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4705 rssi, flags, data, len, NULL, 0);
4709 /* When receiving non-connectable or scannable undirected
4710 * advertising reports, this means that the remote device is
4711 * not connectable and then clearly indicate this in the
4712 * device found event.
4714 * When receiving a scan response, then there is no way to
4715 * know if the remote device is connectable or not. However
4716 * since scan responses are merged with a previously seen
4717 * advertising report, the flags field from that report
4720 * In the really unlikely case that a controller get confused
4721 * and just sends a scan response event, then it is marked as
4722 * not connectable as well.
4724 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4725 type == LE_ADV_SCAN_RSP)
4726 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4730 /* If there's nothing pending either store the data from this
4731 * event or send an immediate device found event if the data
4732 * should not be stored for later.
4734 if (!has_pending_adv_report(hdev)) {
4735 /* If the report will trigger a SCAN_REQ store it for
4738 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4739 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4740 rssi, flags, data, len);
4744 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4745 rssi, flags, data, len, NULL, 0);
4749 /* Check if the pending report is for the same device as the new one */
4750 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4751 bdaddr_type == d->last_adv_addr_type);
4753 /* If the pending data doesn't match this report or this isn't a
4754 * scan response (e.g. we got a duplicate ADV_IND) then force
4755 * sending of the pending data.
4757 if (type != LE_ADV_SCAN_RSP || !match) {
4758 /* Send out whatever is in the cache, but skip duplicates */
4760 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4761 d->last_adv_addr_type, NULL,
4762 d->last_adv_rssi, d->last_adv_flags,
4764 d->last_adv_data_len, NULL, 0);
4766 /* If the new report will trigger a SCAN_REQ store it for
4769 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4770 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4771 rssi, flags, data, len);
4775 /* The advertising reports cannot be merged, so clear
4776 * the pending report and send out a device found event.
4778 clear_pending_adv_report(hdev);
4779 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4780 rssi, flags, data, len, NULL, 0);
4784 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4785 * the new event is a SCAN_RSP. We can therefore proceed with
4786 * sending a merged device found event.
4788 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4789 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4790 d->last_adv_data, d->last_adv_data_len, data, len);
4791 clear_pending_adv_report(hdev);
4794 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4796 u8 num_reports = skb->data[0];
4797 void *ptr = &skb->data[1];
4801 while (num_reports--) {
4802 struct hci_ev_le_advertising_info *ev = ptr;
4805 rssi = ev->data[ev->length];
4806 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4807 ev->bdaddr_type, NULL, 0, rssi,
4808 ev->data, ev->length);
4810 ptr += sizeof(*ev) + ev->length + 1;
4813 hci_dev_unlock(hdev);
4816 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4818 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4819 struct hci_cp_le_ltk_reply cp;
4820 struct hci_cp_le_ltk_neg_reply neg;
4821 struct hci_conn *conn;
4822 struct smp_ltk *ltk;
4824 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4828 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4832 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
4836 if (smp_ltk_is_sc(ltk)) {
4837 /* With SC both EDiv and Rand are set to zero */
4838 if (ev->ediv || ev->rand)
4841 /* For non-SC keys check that EDiv and Rand match */
4842 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
4846 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4847 cp.handle = cpu_to_le16(conn->handle);
4849 conn->pending_sec_level = smp_ltk_sec_level(ltk);
4851 conn->enc_key_size = ltk->enc_size;
4853 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4855 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4856 * temporary key used to encrypt a connection following
4857 * pairing. It is used during the Encrypted Session Setup to
4858 * distribute the keys. Later, security can be re-established
4859 * using a distributed LTK.
4861 if (ltk->type == SMP_STK) {
4862 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4863 list_del_rcu(<k->list);
4864 kfree_rcu(ltk, rcu);
4866 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4869 hci_dev_unlock(hdev);
4874 neg.handle = ev->handle;
4875 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4876 hci_dev_unlock(hdev);
4879 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4882 struct hci_cp_le_conn_param_req_neg_reply cp;
4884 cp.handle = cpu_to_le16(handle);
4887 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4891 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4892 struct sk_buff *skb)
4894 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4895 struct hci_cp_le_conn_param_req_reply cp;
4896 struct hci_conn *hcon;
4897 u16 handle, min, max, latency, timeout;
4899 handle = le16_to_cpu(ev->handle);
4900 min = le16_to_cpu(ev->interval_min);
4901 max = le16_to_cpu(ev->interval_max);
4902 latency = le16_to_cpu(ev->latency);
4903 timeout = le16_to_cpu(ev->timeout);
4905 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4906 if (!hcon || hcon->state != BT_CONNECTED)
4907 return send_conn_param_neg_reply(hdev, handle,
4908 HCI_ERROR_UNKNOWN_CONN_ID);
4910 if (hci_check_conn_params(min, max, latency, timeout))
4911 return send_conn_param_neg_reply(hdev, handle,
4912 HCI_ERROR_INVALID_LL_PARAMS);
4914 if (hcon->role == HCI_ROLE_MASTER) {
4915 struct hci_conn_params *params;
4920 params = hci_conn_params_lookup(hdev, &hcon->dst,
4923 params->conn_min_interval = min;
4924 params->conn_max_interval = max;
4925 params->conn_latency = latency;
4926 params->supervision_timeout = timeout;
4932 hci_dev_unlock(hdev);
4934 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4935 store_hint, min, max, latency, timeout);
4938 cp.handle = ev->handle;
4939 cp.interval_min = ev->interval_min;
4940 cp.interval_max = ev->interval_max;
4941 cp.latency = ev->latency;
4942 cp.timeout = ev->timeout;
4946 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4949 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
4950 struct sk_buff *skb)
4952 u8 num_reports = skb->data[0];
4953 void *ptr = &skb->data[1];
4957 while (num_reports--) {
4958 struct hci_ev_le_direct_adv_info *ev = ptr;
4960 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4961 ev->bdaddr_type, &ev->direct_addr,
4962 ev->direct_addr_type, ev->rssi, NULL, 0);
4967 hci_dev_unlock(hdev);
4970 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4972 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4974 skb_pull(skb, sizeof(*le_ev));
4976 switch (le_ev->subevent) {
4977 case HCI_EV_LE_CONN_COMPLETE:
4978 hci_le_conn_complete_evt(hdev, skb);
4981 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4982 hci_le_conn_update_complete_evt(hdev, skb);
4985 case HCI_EV_LE_ADVERTISING_REPORT:
4986 hci_le_adv_report_evt(hdev, skb);
4989 case HCI_EV_LE_LTK_REQ:
4990 hci_le_ltk_request_evt(hdev, skb);
4993 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4994 hci_le_remote_conn_param_req_evt(hdev, skb);
4997 case HCI_EV_LE_DIRECT_ADV_REPORT:
4998 hci_le_direct_adv_report_evt(hdev, skb);
5006 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
5008 struct hci_ev_channel_selected *ev = (void *) skb->data;
5009 struct hci_conn *hcon;
5011 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
5013 skb_pull(skb, sizeof(*ev));
5015 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5019 amp_read_loc_assoc_final_data(hdev, hcon);
5022 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5024 struct hci_event_hdr *hdr = (void *) skb->data;
5025 __u8 event = hdr->evt;
5029 /* Received events are (currently) only needed when a request is
5030 * ongoing so avoid unnecessary memory allocation.
5032 if (hci_req_pending(hdev)) {
5033 kfree_skb(hdev->recv_evt);
5034 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
5037 hci_dev_unlock(hdev);
5039 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5041 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req_event == event) {
5042 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5043 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
5045 hci_req_cmd_complete(hdev, opcode, 0);
5049 case HCI_EV_INQUIRY_COMPLETE:
5050 hci_inquiry_complete_evt(hdev, skb);
5053 case HCI_EV_INQUIRY_RESULT:
5054 hci_inquiry_result_evt(hdev, skb);
5057 case HCI_EV_CONN_COMPLETE:
5058 hci_conn_complete_evt(hdev, skb);
5061 case HCI_EV_CONN_REQUEST:
5062 hci_conn_request_evt(hdev, skb);
5065 case HCI_EV_DISCONN_COMPLETE:
5066 hci_disconn_complete_evt(hdev, skb);
5069 case HCI_EV_AUTH_COMPLETE:
5070 hci_auth_complete_evt(hdev, skb);
5073 case HCI_EV_REMOTE_NAME:
5074 hci_remote_name_evt(hdev, skb);
5077 case HCI_EV_ENCRYPT_CHANGE:
5078 hci_encrypt_change_evt(hdev, skb);
5081 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5082 hci_change_link_key_complete_evt(hdev, skb);
5085 case HCI_EV_REMOTE_FEATURES:
5086 hci_remote_features_evt(hdev, skb);
5089 case HCI_EV_CMD_COMPLETE:
5090 hci_cmd_complete_evt(hdev, skb);
5093 case HCI_EV_CMD_STATUS:
5094 hci_cmd_status_evt(hdev, skb);
5097 case HCI_EV_HARDWARE_ERROR:
5098 hci_hardware_error_evt(hdev, skb);
5101 case HCI_EV_ROLE_CHANGE:
5102 hci_role_change_evt(hdev, skb);
5105 case HCI_EV_NUM_COMP_PKTS:
5106 hci_num_comp_pkts_evt(hdev, skb);
5109 case HCI_EV_MODE_CHANGE:
5110 hci_mode_change_evt(hdev, skb);
5113 case HCI_EV_PIN_CODE_REQ:
5114 hci_pin_code_request_evt(hdev, skb);
5117 case HCI_EV_LINK_KEY_REQ:
5118 hci_link_key_request_evt(hdev, skb);
5121 case HCI_EV_LINK_KEY_NOTIFY:
5122 hci_link_key_notify_evt(hdev, skb);
5125 case HCI_EV_CLOCK_OFFSET:
5126 hci_clock_offset_evt(hdev, skb);
5129 case HCI_EV_PKT_TYPE_CHANGE:
5130 hci_pkt_type_change_evt(hdev, skb);
5133 case HCI_EV_PSCAN_REP_MODE:
5134 hci_pscan_rep_mode_evt(hdev, skb);
5137 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5138 hci_inquiry_result_with_rssi_evt(hdev, skb);
5141 case HCI_EV_REMOTE_EXT_FEATURES:
5142 hci_remote_ext_features_evt(hdev, skb);
5145 case HCI_EV_SYNC_CONN_COMPLETE:
5146 hci_sync_conn_complete_evt(hdev, skb);
5149 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5150 hci_extended_inquiry_result_evt(hdev, skb);
5153 case HCI_EV_KEY_REFRESH_COMPLETE:
5154 hci_key_refresh_complete_evt(hdev, skb);
5157 case HCI_EV_IO_CAPA_REQUEST:
5158 hci_io_capa_request_evt(hdev, skb);
5161 case HCI_EV_IO_CAPA_REPLY:
5162 hci_io_capa_reply_evt(hdev, skb);
5165 case HCI_EV_USER_CONFIRM_REQUEST:
5166 hci_user_confirm_request_evt(hdev, skb);
5169 case HCI_EV_USER_PASSKEY_REQUEST:
5170 hci_user_passkey_request_evt(hdev, skb);
5173 case HCI_EV_USER_PASSKEY_NOTIFY:
5174 hci_user_passkey_notify_evt(hdev, skb);
5177 case HCI_EV_KEYPRESS_NOTIFY:
5178 hci_keypress_notify_evt(hdev, skb);
5181 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5182 hci_simple_pair_complete_evt(hdev, skb);
5185 case HCI_EV_REMOTE_HOST_FEATURES:
5186 hci_remote_host_features_evt(hdev, skb);
5189 case HCI_EV_LE_META:
5190 hci_le_meta_evt(hdev, skb);
5193 case HCI_EV_CHANNEL_SELECTED:
5194 hci_chan_selected_evt(hdev, skb);
5197 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5198 hci_remote_oob_data_request_evt(hdev, skb);
5201 case HCI_EV_PHY_LINK_COMPLETE:
5202 hci_phy_link_complete_evt(hdev, skb);
5205 case HCI_EV_LOGICAL_LINK_COMPLETE:
5206 hci_loglink_complete_evt(hdev, skb);
5209 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5210 hci_disconn_loglink_complete_evt(hdev, skb);
5213 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5214 hci_disconn_phylink_complete_evt(hdev, skb);
5217 case HCI_EV_NUM_COMP_BLOCKS:
5218 hci_num_comp_blocks_evt(hdev, skb);
5222 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5227 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob