2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->ssp_debug_mode = 0;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
241 __u8 status = *((__u8 *) skb->data);
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 __u8 param = *((__u8 *) sent);
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
256 clear_bit(HCI_AUTH, &hdev->flags);
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
431 hdev->num_iac = rp->num_iac;
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->features[1][0] |= LMP_HOST_SSP;
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
466 u8 status = *((u8 *) skb->data);
467 struct hci_cp_write_sc_support *sent;
469 BT_DBG("%s status 0x%2.2x", hdev->name, status);
471 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
477 hdev->features[1][0] |= LMP_HOST_SC;
479 hdev->features[1][0] &= ~LMP_HOST_SC;
482 if (test_bit(HCI_MGMT, &hdev->dev_flags))
483 mgmt_sc_enable_complete(hdev, sent->support, status);
486 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
488 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
492 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
494 struct hci_rp_read_local_version *rp = (void *) skb->data;
496 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
501 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
502 hdev->hci_ver = rp->hci_ver;
503 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
504 hdev->lmp_ver = rp->lmp_ver;
505 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
506 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
510 static void hci_cc_read_local_commands(struct hci_dev *hdev,
513 struct hci_rp_read_local_commands *rp = (void *) skb->data;
515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
520 if (test_bit(HCI_SETUP, &hdev->dev_flags))
521 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
524 static void hci_cc_read_local_features(struct hci_dev *hdev,
527 struct hci_rp_read_local_features *rp = (void *) skb->data;
529 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
534 memcpy(hdev->features, rp->features, 8);
536 /* Adjust default settings according to features
537 * supported by device. */
539 if (hdev->features[0][0] & LMP_3SLOT)
540 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
542 if (hdev->features[0][0] & LMP_5SLOT)
543 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
545 if (hdev->features[0][1] & LMP_HV2) {
546 hdev->pkt_type |= (HCI_HV2);
547 hdev->esco_type |= (ESCO_HV2);
550 if (hdev->features[0][1] & LMP_HV3) {
551 hdev->pkt_type |= (HCI_HV3);
552 hdev->esco_type |= (ESCO_HV3);
555 if (lmp_esco_capable(hdev))
556 hdev->esco_type |= (ESCO_EV3);
558 if (hdev->features[0][4] & LMP_EV4)
559 hdev->esco_type |= (ESCO_EV4);
561 if (hdev->features[0][4] & LMP_EV5)
562 hdev->esco_type |= (ESCO_EV5);
564 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
565 hdev->esco_type |= (ESCO_2EV3);
567 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
568 hdev->esco_type |= (ESCO_3EV3);
570 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
571 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
574 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
577 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
579 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
584 if (hdev->max_page < rp->max_page)
585 hdev->max_page = rp->max_page;
587 if (rp->page < HCI_MAX_PAGES)
588 memcpy(hdev->features[rp->page], rp->features, 8);
591 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
594 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
599 hdev->flow_ctl_mode = rp->mode;
602 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
604 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
611 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
612 hdev->sco_mtu = rp->sco_mtu;
613 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
614 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
616 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
621 hdev->acl_cnt = hdev->acl_pkts;
622 hdev->sco_cnt = hdev->sco_pkts;
624 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
625 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
628 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
630 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
635 bacpy(&hdev->bdaddr, &rp->bdaddr);
638 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
641 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
645 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
646 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
647 hdev->page_scan_window = __le16_to_cpu(rp->window);
651 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
654 u8 status = *((u8 *) skb->data);
655 struct hci_cp_write_page_scan_activity *sent;
657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
662 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
666 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
667 hdev->page_scan_window = __le16_to_cpu(sent->window);
670 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
673 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
677 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
678 hdev->page_scan_type = rp->type;
681 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
684 u8 status = *((u8 *) skb->data);
687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
692 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
694 hdev->page_scan_type = *type;
697 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
700 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
707 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
708 hdev->block_len = __le16_to_cpu(rp->block_len);
709 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
711 hdev->block_cnt = hdev->num_blocks;
713 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
714 hdev->block_cnt, hdev->block_len);
717 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
720 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
727 hdev->amp_status = rp->amp_status;
728 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
729 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
730 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
731 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
732 hdev->amp_type = rp->amp_type;
733 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
734 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
735 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
736 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
739 a2mp_send_getinfo_rsp(hdev);
742 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
745 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
746 struct amp_assoc *assoc = &hdev->loc_assoc;
747 size_t rem_len, frag_len;
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
754 frag_len = skb->len - sizeof(*rp);
755 rem_len = __le16_to_cpu(rp->rem_len);
757 if (rem_len > frag_len) {
758 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
760 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
761 assoc->offset += frag_len;
763 /* Read other fragments */
764 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
769 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
770 assoc->len = assoc->offset + rem_len;
774 /* Send A2MP Rsp when all fragments are received */
775 a2mp_send_getampassoc_rsp(hdev, rp->status);
776 a2mp_send_create_phy_link_req(hdev, rp->status);
779 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
782 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
787 hdev->inq_tx_power = rp->tx_power;
790 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
792 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
793 struct hci_cp_pin_code_reply *cp;
794 struct hci_conn *conn;
796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
801 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
806 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
812 conn->pin_length = cp->pin_len;
815 hci_dev_unlock(hdev);
818 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
820 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
827 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
830 hci_dev_unlock(hdev);
833 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
836 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
843 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
844 hdev->le_pkts = rp->le_max_pkt;
846 hdev->le_cnt = hdev->le_pkts;
848 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
851 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
854 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859 memcpy(hdev->le_features, rp->features, 8);
862 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
865 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870 hdev->adv_tx_power = rp->tx_power;
873 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
882 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
885 hci_dev_unlock(hdev);
888 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
898 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
899 ACL_LINK, 0, rp->status);
901 hci_dev_unlock(hdev);
904 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
906 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
908 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 if (test_bit(HCI_MGMT, &hdev->dev_flags))
913 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
916 hci_dev_unlock(hdev);
919 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
929 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
930 ACL_LINK, 0, rp->status);
932 hci_dev_unlock(hdev);
935 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
944 NULL, NULL, rp->status);
945 hci_dev_unlock(hdev);
948 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
951 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
953 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
957 rp->hash256, rp->randomizer256,
959 hci_dev_unlock(hdev);
962 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
964 __u8 *sent, status = *((__u8 *) skb->data);
966 BT_DBG("%s status 0x%2.2x", hdev->name, status);
968 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
976 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
978 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
981 hci_dev_unlock(hdev);
984 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
987 struct hci_cp_le_set_scan_enable *cp;
988 __u8 status = *((__u8 *) skb->data);
990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
992 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
999 switch (cp->enable) {
1000 case LE_SCAN_ENABLE:
1001 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1004 case LE_SCAN_DISABLE:
1005 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1009 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1014 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1015 struct sk_buff *skb)
1017 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1019 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1022 hdev->le_white_list_size = rp->size;
1025 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1028 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1030 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1033 memcpy(hdev->le_states, rp->le_states, 8);
1036 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_cp_write_le_host_supported *sent;
1040 __u8 status = *((__u8 *) skb->data);
1042 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1044 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1050 hdev->features[1][0] |= LMP_HOST_LE;
1051 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1053 hdev->features[1][0] &= ~LMP_HOST_LE;
1054 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1055 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1059 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1061 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1065 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1068 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1070 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1071 hdev->name, rp->status, rp->phy_handle);
1076 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1079 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1081 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1084 hci_conn_check_pending(hdev);
1088 set_bit(HCI_INQUIRY, &hdev->flags);
1091 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1093 struct hci_cp_create_conn *cp;
1094 struct hci_conn *conn;
1096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1098 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1104 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1106 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1109 if (conn && conn->state == BT_CONNECT) {
1110 if (status != 0x0c || conn->attempt > 2) {
1111 conn->state = BT_CLOSED;
1112 hci_proto_connect_cfm(conn, status);
1115 conn->state = BT_CONNECT2;
1119 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1122 conn->link_mode |= HCI_LM_MASTER;
1124 BT_ERR("No memory for new connection");
1128 hci_dev_unlock(hdev);
1131 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1133 struct hci_cp_add_sco *cp;
1134 struct hci_conn *acl, *sco;
1137 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146 handle = __le16_to_cpu(cp->handle);
1148 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1152 acl = hci_conn_hash_lookup_handle(hdev, handle);
1156 sco->state = BT_CLOSED;
1158 hci_proto_connect_cfm(sco, status);
1163 hci_dev_unlock(hdev);
1166 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1168 struct hci_cp_auth_requested *cp;
1169 struct hci_conn *conn;
1171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1176 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1182 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1184 if (conn->state == BT_CONFIG) {
1185 hci_proto_connect_cfm(conn, status);
1186 hci_conn_drop(conn);
1190 hci_dev_unlock(hdev);
1193 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1195 struct hci_cp_set_conn_encrypt *cp;
1196 struct hci_conn *conn;
1198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1203 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1209 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1211 if (conn->state == BT_CONFIG) {
1212 hci_proto_connect_cfm(conn, status);
1213 hci_conn_drop(conn);
1217 hci_dev_unlock(hdev);
1220 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1221 struct hci_conn *conn)
1223 if (conn->state != BT_CONFIG || !conn->out)
1226 if (conn->pending_sec_level == BT_SECURITY_SDP)
1229 /* Only request authentication for SSP connections or non-SSP
1230 * devices with sec_level MEDIUM or HIGH or if MITM protection
1233 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1234 conn->pending_sec_level != BT_SECURITY_HIGH &&
1235 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1241 static int hci_resolve_name(struct hci_dev *hdev,
1242 struct inquiry_entry *e)
1244 struct hci_cp_remote_name_req cp;
1246 memset(&cp, 0, sizeof(cp));
1248 bacpy(&cp.bdaddr, &e->data.bdaddr);
1249 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250 cp.pscan_mode = e->data.pscan_mode;
1251 cp.clock_offset = e->data.clock_offset;
1253 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1256 static bool hci_resolve_next_name(struct hci_dev *hdev)
1258 struct discovery_state *discov = &hdev->discovery;
1259 struct inquiry_entry *e;
1261 if (list_empty(&discov->resolve))
1264 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1268 if (hci_resolve_name(hdev, e) == 0) {
1269 e->name_state = NAME_PENDING;
1276 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1279 struct discovery_state *discov = &hdev->discovery;
1280 struct inquiry_entry *e;
1282 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284 name_len, conn->dev_class);
1286 if (discov->state == DISCOVERY_STOPPED)
1289 if (discov->state == DISCOVERY_STOPPING)
1290 goto discov_complete;
1292 if (discov->state != DISCOVERY_RESOLVING)
1295 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296 /* If the device was not found in a list of found devices names of which
1297 * are pending. there is no need to continue resolving a next name as it
1298 * will be done upon receiving another Remote Name Request Complete
1305 e->name_state = NAME_KNOWN;
1306 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307 e->data.rssi, name, name_len);
1309 e->name_state = NAME_NOT_KNOWN;
1312 if (hci_resolve_next_name(hdev))
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1319 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1339 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1345 if (!hci_outgoing_auth_needed(hdev, conn))
1348 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349 struct hci_cp_auth_requested auth_cp;
1351 auth_cp.handle = __cpu_to_le16(conn->handle);
1352 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1353 sizeof(auth_cp), &auth_cp);
1357 hci_dev_unlock(hdev);
1360 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1362 struct hci_cp_read_remote_features *cp;
1363 struct hci_conn *conn;
1365 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1370 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1376 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1378 if (conn->state == BT_CONFIG) {
1379 hci_proto_connect_cfm(conn, status);
1380 hci_conn_drop(conn);
1384 hci_dev_unlock(hdev);
1387 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1389 struct hci_cp_read_remote_ext_features *cp;
1390 struct hci_conn *conn;
1392 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1405 if (conn->state == BT_CONFIG) {
1406 hci_proto_connect_cfm(conn, status);
1407 hci_conn_drop(conn);
1411 hci_dev_unlock(hdev);
1414 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1416 struct hci_cp_setup_sync_conn *cp;
1417 struct hci_conn *acl, *sco;
1420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1425 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1429 handle = __le16_to_cpu(cp->handle);
1431 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1435 acl = hci_conn_hash_lookup_handle(hdev, handle);
1439 sco->state = BT_CLOSED;
1441 hci_proto_connect_cfm(sco, status);
1446 hci_dev_unlock(hdev);
1449 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1451 struct hci_cp_sniff_mode *cp;
1452 struct hci_conn *conn;
1454 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1459 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1465 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1469 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1470 hci_sco_setup(conn, status);
1473 hci_dev_unlock(hdev);
1476 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1478 struct hci_cp_exit_sniff_mode *cp;
1479 struct hci_conn *conn;
1481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1486 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1492 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1496 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1497 hci_sco_setup(conn, status);
1500 hci_dev_unlock(hdev);
1503 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1505 struct hci_cp_disconnect *cp;
1506 struct hci_conn *conn;
1511 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1517 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1519 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1520 conn->dst_type, status);
1522 hci_dev_unlock(hdev);
1525 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1527 struct hci_cp_create_phy_link *cp;
1529 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1531 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1538 struct hci_conn *hcon;
1540 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1544 amp_write_remote_assoc(hdev, cp->phy_handle);
1547 hci_dev_unlock(hdev);
1550 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1552 struct hci_cp_accept_phy_link *cp;
1554 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1559 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1563 amp_write_remote_assoc(hdev, cp->phy_handle);
1566 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1568 __u8 status = *((__u8 *) skb->data);
1569 struct discovery_state *discov = &hdev->discovery;
1570 struct inquiry_entry *e;
1572 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1574 hci_conn_check_pending(hdev);
1576 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1579 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1580 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1582 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1587 if (discov->state != DISCOVERY_FINDING)
1590 if (list_empty(&discov->resolve)) {
1591 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1595 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1596 if (e && hci_resolve_name(hdev, e) == 0) {
1597 e->name_state = NAME_PENDING;
1598 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1600 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1604 hci_dev_unlock(hdev);
1607 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1609 struct inquiry_data data;
1610 struct inquiry_info *info = (void *) (skb->data + 1);
1611 int num_rsp = *((__u8 *) skb->data);
1613 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1618 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1623 for (; num_rsp; num_rsp--, info++) {
1624 bool name_known, ssp;
1626 bacpy(&data.bdaddr, &info->bdaddr);
1627 data.pscan_rep_mode = info->pscan_rep_mode;
1628 data.pscan_period_mode = info->pscan_period_mode;
1629 data.pscan_mode = info->pscan_mode;
1630 memcpy(data.dev_class, info->dev_class, 3);
1631 data.clock_offset = info->clock_offset;
1633 data.ssp_mode = 0x00;
1635 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1636 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1637 info->dev_class, 0, !name_known, ssp, NULL,
1641 hci_dev_unlock(hdev);
1644 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1646 struct hci_ev_conn_complete *ev = (void *) skb->data;
1647 struct hci_conn *conn;
1649 BT_DBG("%s", hdev->name);
1653 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1655 if (ev->link_type != SCO_LINK)
1658 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1662 conn->type = SCO_LINK;
1666 conn->handle = __le16_to_cpu(ev->handle);
1668 if (conn->type == ACL_LINK) {
1669 conn->state = BT_CONFIG;
1670 hci_conn_hold(conn);
1672 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1673 !hci_find_link_key(hdev, &ev->bdaddr))
1674 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1676 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1678 conn->state = BT_CONNECTED;
1680 hci_conn_add_sysfs(conn);
1682 if (test_bit(HCI_AUTH, &hdev->flags))
1683 conn->link_mode |= HCI_LM_AUTH;
1685 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1686 conn->link_mode |= HCI_LM_ENCRYPT;
1688 /* Get remote features */
1689 if (conn->type == ACL_LINK) {
1690 struct hci_cp_read_remote_features cp;
1691 cp.handle = ev->handle;
1692 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1696 /* Set packet type for incoming connection */
1697 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1698 struct hci_cp_change_conn_ptype cp;
1699 cp.handle = ev->handle;
1700 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1701 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1705 conn->state = BT_CLOSED;
1706 if (conn->type == ACL_LINK)
1707 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1708 conn->dst_type, ev->status);
1711 if (conn->type == ACL_LINK)
1712 hci_sco_setup(conn, ev->status);
1715 hci_proto_connect_cfm(conn, ev->status);
1717 } else if (ev->link_type != ACL_LINK)
1718 hci_proto_connect_cfm(conn, ev->status);
1721 hci_dev_unlock(hdev);
1723 hci_conn_check_pending(hdev);
1726 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1728 struct hci_ev_conn_request *ev = (void *) skb->data;
1729 int mask = hdev->link_mode;
1732 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1735 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1738 if ((mask & HCI_LM_ACCEPT) &&
1739 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1740 /* Connection accepted */
1741 struct inquiry_entry *ie;
1742 struct hci_conn *conn;
1746 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1748 memcpy(ie->data.dev_class, ev->dev_class, 3);
1750 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1753 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1755 BT_ERR("No memory for new connection");
1756 hci_dev_unlock(hdev);
1761 memcpy(conn->dev_class, ev->dev_class, 3);
1763 hci_dev_unlock(hdev);
1765 if (ev->link_type == ACL_LINK ||
1766 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1767 struct hci_cp_accept_conn_req cp;
1768 conn->state = BT_CONNECT;
1770 bacpy(&cp.bdaddr, &ev->bdaddr);
1772 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1773 cp.role = 0x00; /* Become master */
1775 cp.role = 0x01; /* Remain slave */
1777 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1779 } else if (!(flags & HCI_PROTO_DEFER)) {
1780 struct hci_cp_accept_sync_conn_req cp;
1781 conn->state = BT_CONNECT;
1783 bacpy(&cp.bdaddr, &ev->bdaddr);
1784 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1786 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1787 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1788 cp.max_latency = __constant_cpu_to_le16(0xffff);
1789 cp.content_format = cpu_to_le16(hdev->voice_setting);
1790 cp.retrans_effort = 0xff;
1792 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1795 conn->state = BT_CONNECT2;
1796 hci_proto_connect_cfm(conn, 0);
1799 /* Connection rejected */
1800 struct hci_cp_reject_conn_req cp;
1802 bacpy(&cp.bdaddr, &ev->bdaddr);
1803 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1804 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1808 static u8 hci_to_mgmt_reason(u8 err)
1811 case HCI_ERROR_CONNECTION_TIMEOUT:
1812 return MGMT_DEV_DISCONN_TIMEOUT;
1813 case HCI_ERROR_REMOTE_USER_TERM:
1814 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1815 case HCI_ERROR_REMOTE_POWER_OFF:
1816 return MGMT_DEV_DISCONN_REMOTE;
1817 case HCI_ERROR_LOCAL_HOST_TERM:
1818 return MGMT_DEV_DISCONN_LOCAL_HOST;
1820 return MGMT_DEV_DISCONN_UNKNOWN;
1824 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1826 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1827 u8 reason = hci_to_mgmt_reason(ev->reason);
1828 struct hci_conn *conn;
1831 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1835 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1840 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1841 conn->dst_type, ev->status);
1845 conn->state = BT_CLOSED;
1847 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1848 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1849 conn->dst_type, reason);
1851 if (conn->type == ACL_LINK && conn->flush_key)
1852 hci_remove_link_key(hdev, &conn->dst);
1856 hci_proto_disconn_cfm(conn, ev->reason);
1859 /* Re-enable advertising if necessary, since it might
1860 * have been disabled by the connection. From the
1861 * HCI_LE_Set_Advertise_Enable command description in
1862 * the core specification (v4.0):
1863 * "The Controller shall continue advertising until the Host
1864 * issues an LE_Set_Advertise_Enable command with
1865 * Advertising_Enable set to 0x00 (Advertising is disabled)
1866 * or until a connection is created or until the Advertising
1867 * is timed out due to Directed Advertising."
1869 if (type == LE_LINK)
1870 mgmt_reenable_advertising(hdev);
1873 hci_dev_unlock(hdev);
1876 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1878 struct hci_ev_auth_complete *ev = (void *) skb->data;
1879 struct hci_conn *conn;
1881 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1885 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1890 if (!hci_conn_ssp_enabled(conn) &&
1891 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1892 BT_INFO("re-auth of legacy device is not possible.");
1894 conn->link_mode |= HCI_LM_AUTH;
1895 conn->sec_level = conn->pending_sec_level;
1898 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1902 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1903 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1905 if (conn->state == BT_CONFIG) {
1906 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1907 struct hci_cp_set_conn_encrypt cp;
1908 cp.handle = ev->handle;
1910 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1913 conn->state = BT_CONNECTED;
1914 hci_proto_connect_cfm(conn, ev->status);
1915 hci_conn_drop(conn);
1918 hci_auth_cfm(conn, ev->status);
1920 hci_conn_hold(conn);
1921 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1922 hci_conn_drop(conn);
1925 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1927 struct hci_cp_set_conn_encrypt cp;
1928 cp.handle = ev->handle;
1930 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1933 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1934 hci_encrypt_cfm(conn, ev->status, 0x00);
1939 hci_dev_unlock(hdev);
1942 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1944 struct hci_ev_remote_name *ev = (void *) skb->data;
1945 struct hci_conn *conn;
1947 BT_DBG("%s", hdev->name);
1949 hci_conn_check_pending(hdev);
1953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1955 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1958 if (ev->status == 0)
1959 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1960 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1962 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1968 if (!hci_outgoing_auth_needed(hdev, conn))
1971 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1972 struct hci_cp_auth_requested cp;
1973 cp.handle = __cpu_to_le16(conn->handle);
1974 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1978 hci_dev_unlock(hdev);
1981 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1983 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1984 struct hci_conn *conn;
1986 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1990 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1996 /* Encryption implies authentication */
1997 conn->link_mode |= HCI_LM_AUTH;
1998 conn->link_mode |= HCI_LM_ENCRYPT;
1999 conn->sec_level = conn->pending_sec_level;
2001 /* P-256 authentication key implies FIPS */
2002 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2003 conn->link_mode |= HCI_LM_FIPS;
2005 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2006 conn->type == LE_LINK)
2007 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2009 conn->link_mode &= ~HCI_LM_ENCRYPT;
2010 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2014 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2016 if (ev->status && conn->state == BT_CONNECTED) {
2017 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2018 hci_conn_drop(conn);
2022 if (conn->state == BT_CONFIG) {
2024 conn->state = BT_CONNECTED;
2026 hci_proto_connect_cfm(conn, ev->status);
2027 hci_conn_drop(conn);
2029 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2032 hci_dev_unlock(hdev);
2035 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2036 struct sk_buff *skb)
2038 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2039 struct hci_conn *conn;
2041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2048 conn->link_mode |= HCI_LM_SECURE;
2050 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2052 hci_key_change_cfm(conn, ev->status);
2055 hci_dev_unlock(hdev);
2058 static void hci_remote_features_evt(struct hci_dev *hdev,
2059 struct sk_buff *skb)
2061 struct hci_ev_remote_features *ev = (void *) skb->data;
2062 struct hci_conn *conn;
2064 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2068 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2073 memcpy(conn->features[0], ev->features, 8);
2075 if (conn->state != BT_CONFIG)
2078 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2079 struct hci_cp_read_remote_ext_features cp;
2080 cp.handle = ev->handle;
2082 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2087 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2088 struct hci_cp_remote_name_req cp;
2089 memset(&cp, 0, sizeof(cp));
2090 bacpy(&cp.bdaddr, &conn->dst);
2091 cp.pscan_rep_mode = 0x02;
2092 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2093 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2094 mgmt_device_connected(hdev, &conn->dst, conn->type,
2095 conn->dst_type, 0, NULL, 0,
2098 if (!hci_outgoing_auth_needed(hdev, conn)) {
2099 conn->state = BT_CONNECTED;
2100 hci_proto_connect_cfm(conn, ev->status);
2101 hci_conn_drop(conn);
2105 hci_dev_unlock(hdev);
2108 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2110 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2111 u8 status = skb->data[sizeof(*ev)];
2114 skb_pull(skb, sizeof(*ev));
2116 opcode = __le16_to_cpu(ev->opcode);
2119 case HCI_OP_INQUIRY_CANCEL:
2120 hci_cc_inquiry_cancel(hdev, skb);
2123 case HCI_OP_PERIODIC_INQ:
2124 hci_cc_periodic_inq(hdev, skb);
2127 case HCI_OP_EXIT_PERIODIC_INQ:
2128 hci_cc_exit_periodic_inq(hdev, skb);
2131 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2132 hci_cc_remote_name_req_cancel(hdev, skb);
2135 case HCI_OP_ROLE_DISCOVERY:
2136 hci_cc_role_discovery(hdev, skb);
2139 case HCI_OP_READ_LINK_POLICY:
2140 hci_cc_read_link_policy(hdev, skb);
2143 case HCI_OP_WRITE_LINK_POLICY:
2144 hci_cc_write_link_policy(hdev, skb);
2147 case HCI_OP_READ_DEF_LINK_POLICY:
2148 hci_cc_read_def_link_policy(hdev, skb);
2151 case HCI_OP_WRITE_DEF_LINK_POLICY:
2152 hci_cc_write_def_link_policy(hdev, skb);
2156 hci_cc_reset(hdev, skb);
2159 case HCI_OP_WRITE_LOCAL_NAME:
2160 hci_cc_write_local_name(hdev, skb);
2163 case HCI_OP_READ_LOCAL_NAME:
2164 hci_cc_read_local_name(hdev, skb);
2167 case HCI_OP_WRITE_AUTH_ENABLE:
2168 hci_cc_write_auth_enable(hdev, skb);
2171 case HCI_OP_WRITE_ENCRYPT_MODE:
2172 hci_cc_write_encrypt_mode(hdev, skb);
2175 case HCI_OP_WRITE_SCAN_ENABLE:
2176 hci_cc_write_scan_enable(hdev, skb);
2179 case HCI_OP_READ_CLASS_OF_DEV:
2180 hci_cc_read_class_of_dev(hdev, skb);
2183 case HCI_OP_WRITE_CLASS_OF_DEV:
2184 hci_cc_write_class_of_dev(hdev, skb);
2187 case HCI_OP_READ_VOICE_SETTING:
2188 hci_cc_read_voice_setting(hdev, skb);
2191 case HCI_OP_WRITE_VOICE_SETTING:
2192 hci_cc_write_voice_setting(hdev, skb);
2195 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2196 hci_cc_read_num_supported_iac(hdev, skb);
2199 case HCI_OP_WRITE_SSP_MODE:
2200 hci_cc_write_ssp_mode(hdev, skb);
2203 case HCI_OP_WRITE_SC_SUPPORT:
2204 hci_cc_write_sc_support(hdev, skb);
2207 case HCI_OP_READ_LOCAL_VERSION:
2208 hci_cc_read_local_version(hdev, skb);
2211 case HCI_OP_READ_LOCAL_COMMANDS:
2212 hci_cc_read_local_commands(hdev, skb);
2215 case HCI_OP_READ_LOCAL_FEATURES:
2216 hci_cc_read_local_features(hdev, skb);
2219 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2220 hci_cc_read_local_ext_features(hdev, skb);
2223 case HCI_OP_READ_BUFFER_SIZE:
2224 hci_cc_read_buffer_size(hdev, skb);
2227 case HCI_OP_READ_BD_ADDR:
2228 hci_cc_read_bd_addr(hdev, skb);
2231 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2232 hci_cc_read_page_scan_activity(hdev, skb);
2235 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2236 hci_cc_write_page_scan_activity(hdev, skb);
2239 case HCI_OP_READ_PAGE_SCAN_TYPE:
2240 hci_cc_read_page_scan_type(hdev, skb);
2243 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2244 hci_cc_write_page_scan_type(hdev, skb);
2247 case HCI_OP_READ_DATA_BLOCK_SIZE:
2248 hci_cc_read_data_block_size(hdev, skb);
2251 case HCI_OP_READ_FLOW_CONTROL_MODE:
2252 hci_cc_read_flow_control_mode(hdev, skb);
2255 case HCI_OP_READ_LOCAL_AMP_INFO:
2256 hci_cc_read_local_amp_info(hdev, skb);
2259 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2260 hci_cc_read_local_amp_assoc(hdev, skb);
2263 case HCI_OP_READ_INQ_RSP_TX_POWER:
2264 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2267 case HCI_OP_PIN_CODE_REPLY:
2268 hci_cc_pin_code_reply(hdev, skb);
2271 case HCI_OP_PIN_CODE_NEG_REPLY:
2272 hci_cc_pin_code_neg_reply(hdev, skb);
2275 case HCI_OP_READ_LOCAL_OOB_DATA:
2276 hci_cc_read_local_oob_data(hdev, skb);
2279 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2280 hci_cc_read_local_oob_ext_data(hdev, skb);
2283 case HCI_OP_LE_READ_BUFFER_SIZE:
2284 hci_cc_le_read_buffer_size(hdev, skb);
2287 case HCI_OP_LE_READ_LOCAL_FEATURES:
2288 hci_cc_le_read_local_features(hdev, skb);
2291 case HCI_OP_LE_READ_ADV_TX_POWER:
2292 hci_cc_le_read_adv_tx_power(hdev, skb);
2295 case HCI_OP_USER_CONFIRM_REPLY:
2296 hci_cc_user_confirm_reply(hdev, skb);
2299 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2300 hci_cc_user_confirm_neg_reply(hdev, skb);
2303 case HCI_OP_USER_PASSKEY_REPLY:
2304 hci_cc_user_passkey_reply(hdev, skb);
2307 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2308 hci_cc_user_passkey_neg_reply(hdev, skb);
2311 case HCI_OP_LE_SET_ADV_ENABLE:
2312 hci_cc_le_set_adv_enable(hdev, skb);
2315 case HCI_OP_LE_SET_SCAN_ENABLE:
2316 hci_cc_le_set_scan_enable(hdev, skb);
2319 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2320 hci_cc_le_read_white_list_size(hdev, skb);
2323 case HCI_OP_LE_READ_SUPPORTED_STATES:
2324 hci_cc_le_read_supported_states(hdev, skb);
2327 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2328 hci_cc_write_le_host_supported(hdev, skb);
2331 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2332 hci_cc_write_remote_amp_assoc(hdev, skb);
2336 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2340 if (opcode != HCI_OP_NOP)
2341 del_timer(&hdev->cmd_timer);
2343 hci_req_cmd_complete(hdev, opcode, status);
2345 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2346 atomic_set(&hdev->cmd_cnt, 1);
2347 if (!skb_queue_empty(&hdev->cmd_q))
2348 queue_work(hdev->workqueue, &hdev->cmd_work);
2352 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354 struct hci_ev_cmd_status *ev = (void *) skb->data;
2357 skb_pull(skb, sizeof(*ev));
2359 opcode = __le16_to_cpu(ev->opcode);
2362 case HCI_OP_INQUIRY:
2363 hci_cs_inquiry(hdev, ev->status);
2366 case HCI_OP_CREATE_CONN:
2367 hci_cs_create_conn(hdev, ev->status);
2370 case HCI_OP_ADD_SCO:
2371 hci_cs_add_sco(hdev, ev->status);
2374 case HCI_OP_AUTH_REQUESTED:
2375 hci_cs_auth_requested(hdev, ev->status);
2378 case HCI_OP_SET_CONN_ENCRYPT:
2379 hci_cs_set_conn_encrypt(hdev, ev->status);
2382 case HCI_OP_REMOTE_NAME_REQ:
2383 hci_cs_remote_name_req(hdev, ev->status);
2386 case HCI_OP_READ_REMOTE_FEATURES:
2387 hci_cs_read_remote_features(hdev, ev->status);
2390 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2391 hci_cs_read_remote_ext_features(hdev, ev->status);
2394 case HCI_OP_SETUP_SYNC_CONN:
2395 hci_cs_setup_sync_conn(hdev, ev->status);
2398 case HCI_OP_SNIFF_MODE:
2399 hci_cs_sniff_mode(hdev, ev->status);
2402 case HCI_OP_EXIT_SNIFF_MODE:
2403 hci_cs_exit_sniff_mode(hdev, ev->status);
2406 case HCI_OP_DISCONNECT:
2407 hci_cs_disconnect(hdev, ev->status);
2410 case HCI_OP_CREATE_PHY_LINK:
2411 hci_cs_create_phylink(hdev, ev->status);
2414 case HCI_OP_ACCEPT_PHY_LINK:
2415 hci_cs_accept_phylink(hdev, ev->status);
2419 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2423 if (opcode != HCI_OP_NOP)
2424 del_timer(&hdev->cmd_timer);
2427 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2428 hci_req_cmd_complete(hdev, opcode, ev->status);
2430 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2431 atomic_set(&hdev->cmd_cnt, 1);
2432 if (!skb_queue_empty(&hdev->cmd_q))
2433 queue_work(hdev->workqueue, &hdev->cmd_work);
2437 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2439 struct hci_ev_role_change *ev = (void *) skb->data;
2440 struct hci_conn *conn;
2442 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2446 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2450 conn->link_mode &= ~HCI_LM_MASTER;
2452 conn->link_mode |= HCI_LM_MASTER;
2455 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2457 hci_role_switch_cfm(conn, ev->status, ev->role);
2460 hci_dev_unlock(hdev);
2463 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2465 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2468 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2469 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2473 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2474 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2475 BT_DBG("%s bad parameters", hdev->name);
2479 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2481 for (i = 0; i < ev->num_hndl; i++) {
2482 struct hci_comp_pkts_info *info = &ev->handles[i];
2483 struct hci_conn *conn;
2484 __u16 handle, count;
2486 handle = __le16_to_cpu(info->handle);
2487 count = __le16_to_cpu(info->count);
2489 conn = hci_conn_hash_lookup_handle(hdev, handle);
2493 conn->sent -= count;
2495 switch (conn->type) {
2497 hdev->acl_cnt += count;
2498 if (hdev->acl_cnt > hdev->acl_pkts)
2499 hdev->acl_cnt = hdev->acl_pkts;
2503 if (hdev->le_pkts) {
2504 hdev->le_cnt += count;
2505 if (hdev->le_cnt > hdev->le_pkts)
2506 hdev->le_cnt = hdev->le_pkts;
2508 hdev->acl_cnt += count;
2509 if (hdev->acl_cnt > hdev->acl_pkts)
2510 hdev->acl_cnt = hdev->acl_pkts;
2515 hdev->sco_cnt += count;
2516 if (hdev->sco_cnt > hdev->sco_pkts)
2517 hdev->sco_cnt = hdev->sco_pkts;
2521 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2526 queue_work(hdev->workqueue, &hdev->tx_work);
2529 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2532 struct hci_chan *chan;
2534 switch (hdev->dev_type) {
2536 return hci_conn_hash_lookup_handle(hdev, handle);
2538 chan = hci_chan_lookup_handle(hdev, handle);
2543 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2550 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2552 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2555 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2556 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2560 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2561 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2562 BT_DBG("%s bad parameters", hdev->name);
2566 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2569 for (i = 0; i < ev->num_hndl; i++) {
2570 struct hci_comp_blocks_info *info = &ev->handles[i];
2571 struct hci_conn *conn = NULL;
2572 __u16 handle, block_count;
2574 handle = __le16_to_cpu(info->handle);
2575 block_count = __le16_to_cpu(info->blocks);
2577 conn = __hci_conn_lookup_handle(hdev, handle);
2581 conn->sent -= block_count;
2583 switch (conn->type) {
2586 hdev->block_cnt += block_count;
2587 if (hdev->block_cnt > hdev->num_blocks)
2588 hdev->block_cnt = hdev->num_blocks;
2592 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2597 queue_work(hdev->workqueue, &hdev->tx_work);
2600 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2602 struct hci_ev_mode_change *ev = (void *) skb->data;
2603 struct hci_conn *conn;
2605 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2611 conn->mode = ev->mode;
2613 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2615 if (conn->mode == HCI_CM_ACTIVE)
2616 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2618 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2621 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2622 hci_sco_setup(conn, ev->status);
2625 hci_dev_unlock(hdev);
2628 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2630 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2631 struct hci_conn *conn;
2633 BT_DBG("%s", hdev->name);
2637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2641 if (conn->state == BT_CONNECTED) {
2642 hci_conn_hold(conn);
2643 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2644 hci_conn_drop(conn);
2647 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2648 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2649 sizeof(ev->bdaddr), &ev->bdaddr);
2650 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2653 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2658 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2662 hci_dev_unlock(hdev);
2665 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2667 struct hci_ev_link_key_req *ev = (void *) skb->data;
2668 struct hci_cp_link_key_reply cp;
2669 struct hci_conn *conn;
2670 struct link_key *key;
2672 BT_DBG("%s", hdev->name);
2674 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2679 key = hci_find_link_key(hdev, &ev->bdaddr);
2681 BT_DBG("%s link key not found for %pMR", hdev->name,
2686 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2689 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2690 key->type == HCI_LK_DEBUG_COMBINATION) {
2691 BT_DBG("%s ignoring debug key", hdev->name);
2695 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2697 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2698 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2699 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2700 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2704 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2705 conn->pending_sec_level == BT_SECURITY_HIGH) {
2706 BT_DBG("%s ignoring key unauthenticated for high security",
2711 conn->key_type = key->type;
2712 conn->pin_length = key->pin_len;
2715 bacpy(&cp.bdaddr, &ev->bdaddr);
2716 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2718 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2720 hci_dev_unlock(hdev);
2725 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2726 hci_dev_unlock(hdev);
2729 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2731 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2732 struct hci_conn *conn;
2735 BT_DBG("%s", hdev->name);
2739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2741 hci_conn_hold(conn);
2742 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2743 pin_len = conn->pin_length;
2745 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2746 conn->key_type = ev->key_type;
2748 hci_conn_drop(conn);
2751 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2752 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2753 ev->key_type, pin_len);
2755 hci_dev_unlock(hdev);
2758 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2760 struct hci_ev_clock_offset *ev = (void *) skb->data;
2761 struct hci_conn *conn;
2763 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2767 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2768 if (conn && !ev->status) {
2769 struct inquiry_entry *ie;
2771 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2773 ie->data.clock_offset = ev->clock_offset;
2774 ie->timestamp = jiffies;
2778 hci_dev_unlock(hdev);
2781 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2783 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2784 struct hci_conn *conn;
2786 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2790 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2791 if (conn && !ev->status)
2792 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2794 hci_dev_unlock(hdev);
2797 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2799 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2800 struct inquiry_entry *ie;
2802 BT_DBG("%s", hdev->name);
2806 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2808 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2809 ie->timestamp = jiffies;
2812 hci_dev_unlock(hdev);
2815 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2816 struct sk_buff *skb)
2818 struct inquiry_data data;
2819 int num_rsp = *((__u8 *) skb->data);
2820 bool name_known, ssp;
2822 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2827 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2832 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2833 struct inquiry_info_with_rssi_and_pscan_mode *info;
2834 info = (void *) (skb->data + 1);
2836 for (; num_rsp; num_rsp--, info++) {
2837 bacpy(&data.bdaddr, &info->bdaddr);
2838 data.pscan_rep_mode = info->pscan_rep_mode;
2839 data.pscan_period_mode = info->pscan_period_mode;
2840 data.pscan_mode = info->pscan_mode;
2841 memcpy(data.dev_class, info->dev_class, 3);
2842 data.clock_offset = info->clock_offset;
2843 data.rssi = info->rssi;
2844 data.ssp_mode = 0x00;
2846 name_known = hci_inquiry_cache_update(hdev, &data,
2848 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2849 info->dev_class, info->rssi,
2850 !name_known, ssp, NULL, 0);
2853 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2855 for (; num_rsp; num_rsp--, info++) {
2856 bacpy(&data.bdaddr, &info->bdaddr);
2857 data.pscan_rep_mode = info->pscan_rep_mode;
2858 data.pscan_period_mode = info->pscan_period_mode;
2859 data.pscan_mode = 0x00;
2860 memcpy(data.dev_class, info->dev_class, 3);
2861 data.clock_offset = info->clock_offset;
2862 data.rssi = info->rssi;
2863 data.ssp_mode = 0x00;
2864 name_known = hci_inquiry_cache_update(hdev, &data,
2866 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2867 info->dev_class, info->rssi,
2868 !name_known, ssp, NULL, 0);
2872 hci_dev_unlock(hdev);
2875 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2876 struct sk_buff *skb)
2878 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2879 struct hci_conn *conn;
2881 BT_DBG("%s", hdev->name);
2885 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2889 if (ev->page < HCI_MAX_PAGES)
2890 memcpy(conn->features[ev->page], ev->features, 8);
2892 if (!ev->status && ev->page == 0x01) {
2893 struct inquiry_entry *ie;
2895 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2897 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2899 if (ev->features[0] & LMP_HOST_SSP) {
2900 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2902 /* It is mandatory by the Bluetooth specification that
2903 * Extended Inquiry Results are only used when Secure
2904 * Simple Pairing is enabled, but some devices violate
2907 * To make these devices work, the internal SSP
2908 * enabled flag needs to be cleared if the remote host
2909 * features do not indicate SSP support */
2910 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2913 if (ev->features[0] & LMP_HOST_SC)
2914 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
2917 if (conn->state != BT_CONFIG)
2920 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2921 struct hci_cp_remote_name_req cp;
2922 memset(&cp, 0, sizeof(cp));
2923 bacpy(&cp.bdaddr, &conn->dst);
2924 cp.pscan_rep_mode = 0x02;
2925 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2926 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2927 mgmt_device_connected(hdev, &conn->dst, conn->type,
2928 conn->dst_type, 0, NULL, 0,
2931 if (!hci_outgoing_auth_needed(hdev, conn)) {
2932 conn->state = BT_CONNECTED;
2933 hci_proto_connect_cfm(conn, ev->status);
2934 hci_conn_drop(conn);
2938 hci_dev_unlock(hdev);
2941 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2942 struct sk_buff *skb)
2944 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2945 struct hci_conn *conn;
2947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2951 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2953 if (ev->link_type == ESCO_LINK)
2956 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2960 conn->type = SCO_LINK;
2963 switch (ev->status) {
2965 conn->handle = __le16_to_cpu(ev->handle);
2966 conn->state = BT_CONNECTED;
2968 hci_conn_add_sysfs(conn);
2971 case 0x0d: /* Connection Rejected due to Limited Resources */
2972 case 0x11: /* Unsupported Feature or Parameter Value */
2973 case 0x1c: /* SCO interval rejected */
2974 case 0x1a: /* Unsupported Remote Feature */
2975 case 0x1f: /* Unspecified error */
2977 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2978 (hdev->esco_type & EDR_ESCO_MASK);
2979 if (hci_setup_sync(conn, conn->link->handle))
2985 conn->state = BT_CLOSED;
2989 hci_proto_connect_cfm(conn, ev->status);
2994 hci_dev_unlock(hdev);
2997 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3001 while (parsed < eir_len) {
3002 u8 field_len = eir[0];
3007 parsed += field_len + 1;
3008 eir += field_len + 1;
3014 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3015 struct sk_buff *skb)
3017 struct inquiry_data data;
3018 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3019 int num_rsp = *((__u8 *) skb->data);
3022 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3027 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3032 for (; num_rsp; num_rsp--, info++) {
3033 bool name_known, ssp;
3035 bacpy(&data.bdaddr, &info->bdaddr);
3036 data.pscan_rep_mode = info->pscan_rep_mode;
3037 data.pscan_period_mode = info->pscan_period_mode;
3038 data.pscan_mode = 0x00;
3039 memcpy(data.dev_class, info->dev_class, 3);
3040 data.clock_offset = info->clock_offset;
3041 data.rssi = info->rssi;
3042 data.ssp_mode = 0x01;
3044 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3045 name_known = eir_has_data_type(info->data,
3051 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3053 eir_len = eir_get_length(info->data, sizeof(info->data));
3054 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3055 info->dev_class, info->rssi, !name_known,
3056 ssp, info->data, eir_len);
3059 hci_dev_unlock(hdev);
3062 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3063 struct sk_buff *skb)
3065 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3066 struct hci_conn *conn;
3068 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3069 __le16_to_cpu(ev->handle));
3073 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3078 conn->sec_level = conn->pending_sec_level;
3080 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3082 if (ev->status && conn->state == BT_CONNECTED) {
3083 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3084 hci_conn_drop(conn);
3088 if (conn->state == BT_CONFIG) {
3090 conn->state = BT_CONNECTED;
3092 hci_proto_connect_cfm(conn, ev->status);
3093 hci_conn_drop(conn);
3095 hci_auth_cfm(conn, ev->status);
3097 hci_conn_hold(conn);
3098 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3099 hci_conn_drop(conn);
3103 hci_dev_unlock(hdev);
3106 static u8 hci_get_auth_req(struct hci_conn *conn)
3108 /* If remote requests dedicated bonding follow that lead */
3109 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3110 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3111 /* If both remote and local IO capabilities allow MITM
3112 * protection then require it, otherwise don't */
3113 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3114 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3115 return HCI_AT_DEDICATED_BONDING;
3117 return HCI_AT_DEDICATED_BONDING_MITM;
3120 /* If remote requests no-bonding follow that lead */
3121 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3122 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3123 return conn->remote_auth | (conn->auth_type & 0x01);
3125 return conn->auth_type;
3128 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3130 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3131 struct hci_conn *conn;
3133 BT_DBG("%s", hdev->name);
3137 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3141 hci_conn_hold(conn);
3143 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3146 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3147 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3148 struct hci_cp_io_capability_reply cp;
3150 bacpy(&cp.bdaddr, &ev->bdaddr);
3151 /* Change the IO capability from KeyboardDisplay
3152 * to DisplayYesNo as it is not supported by BT spec. */
3153 cp.capability = (conn->io_capability == 0x04) ?
3154 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3155 conn->auth_type = hci_get_auth_req(conn);
3156 cp.authentication = conn->auth_type;
3158 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3159 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3164 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3167 struct hci_cp_io_capability_neg_reply cp;
3169 bacpy(&cp.bdaddr, &ev->bdaddr);
3170 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3172 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3177 hci_dev_unlock(hdev);
3180 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3182 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3183 struct hci_conn *conn;
3185 BT_DBG("%s", hdev->name);
3189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3193 conn->remote_cap = ev->capability;
3194 conn->remote_auth = ev->authentication;
3196 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3199 hci_dev_unlock(hdev);
3202 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3203 struct sk_buff *skb)
3205 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3206 int loc_mitm, rem_mitm, confirm_hint = 0;
3207 struct hci_conn *conn;
3209 BT_DBG("%s", hdev->name);
3213 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3216 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3220 loc_mitm = (conn->auth_type & 0x01);
3221 rem_mitm = (conn->remote_auth & 0x01);
3223 /* If we require MITM but the remote device can't provide that
3224 * (it has NoInputNoOutput) then reject the confirmation
3225 * request. The only exception is when we're dedicated bonding
3226 * initiators (connect_cfm_cb set) since then we always have the MITM
3228 if (!conn->connect_cfm_cb && loc_mitm &&
3229 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3230 BT_DBG("Rejecting request: remote device can't provide MITM");
3231 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3232 sizeof(ev->bdaddr), &ev->bdaddr);
3236 /* If no side requires MITM protection; auto-accept */
3237 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3238 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3240 /* If we're not the initiators request authorization to
3241 * proceed from user space (mgmt_user_confirm with
3242 * confirm_hint set to 1). */
3243 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3244 BT_DBG("Confirming auto-accept as acceptor");
3249 BT_DBG("Auto-accept of user confirmation with %ums delay",
3250 hdev->auto_accept_delay);
3252 if (hdev->auto_accept_delay > 0) {
3253 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3254 queue_delayed_work(conn->hdev->workqueue,
3255 &conn->auto_accept_work, delay);
3259 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3260 sizeof(ev->bdaddr), &ev->bdaddr);
3265 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3269 hci_dev_unlock(hdev);
3272 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3273 struct sk_buff *skb)
3275 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3277 BT_DBG("%s", hdev->name);
3279 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3280 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3283 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3284 struct sk_buff *skb)
3286 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3287 struct hci_conn *conn;
3289 BT_DBG("%s", hdev->name);
3291 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3295 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3296 conn->passkey_entered = 0;
3298 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3299 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3300 conn->dst_type, conn->passkey_notify,
3301 conn->passkey_entered);
3304 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3306 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3307 struct hci_conn *conn;
3309 BT_DBG("%s", hdev->name);
3311 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3316 case HCI_KEYPRESS_STARTED:
3317 conn->passkey_entered = 0;
3320 case HCI_KEYPRESS_ENTERED:
3321 conn->passkey_entered++;
3324 case HCI_KEYPRESS_ERASED:
3325 conn->passkey_entered--;
3328 case HCI_KEYPRESS_CLEARED:
3329 conn->passkey_entered = 0;
3332 case HCI_KEYPRESS_COMPLETED:
3336 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3337 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3338 conn->dst_type, conn->passkey_notify,
3339 conn->passkey_entered);
3342 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3343 struct sk_buff *skb)
3345 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3346 struct hci_conn *conn;
3348 BT_DBG("%s", hdev->name);
3352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3356 /* To avoid duplicate auth_failed events to user space we check
3357 * the HCI_CONN_AUTH_PEND flag which will be set if we
3358 * initiated the authentication. A traditional auth_complete
3359 * event gets always produced as initiator and is also mapped to
3360 * the mgmt_auth_failed event */
3361 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3362 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3365 hci_conn_drop(conn);
3368 hci_dev_unlock(hdev);
3371 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3372 struct sk_buff *skb)
3374 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3375 struct inquiry_entry *ie;
3376 struct hci_conn *conn;
3378 BT_DBG("%s", hdev->name);
3382 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3384 memcpy(conn->features[1], ev->features, 8);
3386 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3388 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3390 hci_dev_unlock(hdev);
3393 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3394 struct sk_buff *skb)
3396 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3397 struct oob_data *data;
3399 BT_DBG("%s", hdev->name);
3403 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3406 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3408 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3409 struct hci_cp_remote_oob_ext_data_reply cp;
3411 bacpy(&cp.bdaddr, &ev->bdaddr);
3412 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3413 memcpy(cp.randomizer192, data->randomizer192,
3414 sizeof(cp.randomizer192));
3415 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3416 memcpy(cp.randomizer256, data->randomizer256,
3417 sizeof(cp.randomizer256));
3419 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3422 struct hci_cp_remote_oob_data_reply cp;
3424 bacpy(&cp.bdaddr, &ev->bdaddr);
3425 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3426 memcpy(cp.randomizer, data->randomizer192,
3427 sizeof(cp.randomizer));
3429 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3433 struct hci_cp_remote_oob_data_neg_reply cp;
3435 bacpy(&cp.bdaddr, &ev->bdaddr);
3436 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3441 hci_dev_unlock(hdev);
3444 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3445 struct sk_buff *skb)
3447 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3448 struct hci_conn *hcon, *bredr_hcon;
3450 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3455 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3457 hci_dev_unlock(hdev);
3463 hci_dev_unlock(hdev);
3467 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3469 hcon->state = BT_CONNECTED;
3470 bacpy(&hcon->dst, &bredr_hcon->dst);
3472 hci_conn_hold(hcon);
3473 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3474 hci_conn_drop(hcon);
3476 hci_conn_add_sysfs(hcon);
3478 amp_physical_cfm(bredr_hcon, hcon);
3480 hci_dev_unlock(hdev);
3483 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3485 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3486 struct hci_conn *hcon;
3487 struct hci_chan *hchan;
3488 struct amp_mgr *mgr;
3490 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3491 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3494 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3498 /* Create AMP hchan */
3499 hchan = hci_chan_create(hcon);
3503 hchan->handle = le16_to_cpu(ev->handle);
3505 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3507 mgr = hcon->amp_mgr;
3508 if (mgr && mgr->bredr_chan) {
3509 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3511 l2cap_chan_lock(bredr_chan);
3513 bredr_chan->conn->mtu = hdev->block_mtu;
3514 l2cap_logical_cfm(bredr_chan, hchan, 0);
3515 hci_conn_hold(hcon);
3517 l2cap_chan_unlock(bredr_chan);
3521 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3522 struct sk_buff *skb)
3524 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3525 struct hci_chan *hchan;
3527 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3528 le16_to_cpu(ev->handle), ev->status);
3535 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3539 amp_destroy_logical_link(hchan, ev->reason);
3542 hci_dev_unlock(hdev);
3545 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3546 struct sk_buff *skb)
3548 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3549 struct hci_conn *hcon;
3551 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3558 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3560 hcon->state = BT_CLOSED;
3564 hci_dev_unlock(hdev);
3567 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3569 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3570 struct hci_conn *conn;
3571 struct smp_irk *irk;
3573 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3577 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3579 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3581 BT_ERR("No memory for new connection");
3585 conn->dst_type = ev->bdaddr_type;
3587 /* The advertising parameters for own address type
3588 * define which source address and source address
3589 * type this connections has.
3591 if (bacmp(&conn->src, BDADDR_ANY)) {
3592 conn->src_type = ADDR_LE_DEV_PUBLIC;
3594 bacpy(&conn->src, &hdev->static_addr);
3595 conn->src_type = ADDR_LE_DEV_RANDOM;
3598 if (ev->role == LE_CONN_ROLE_MASTER) {
3600 conn->link_mode |= HCI_LM_MASTER;
3604 /* Lookup the identity address from the stored connection
3605 * address and address type.
3607 * When establishing connections to an identity address, the
3608 * connection procedure will store the resolvable random
3609 * address first. Now if it can be converted back into the
3610 * identity address, start using the identity address from
3613 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3615 bacpy(&conn->dst, &irk->bdaddr);
3616 conn->dst_type = irk->addr_type;
3620 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3621 conn->dst_type, ev->status);
3622 hci_proto_connect_cfm(conn, ev->status);
3623 conn->state = BT_CLOSED;
3628 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3629 mgmt_device_connected(hdev, &conn->dst, conn->type,
3630 conn->dst_type, 0, NULL, 0, NULL);
3632 conn->sec_level = BT_SECURITY_LOW;
3633 conn->handle = __le16_to_cpu(ev->handle);
3634 conn->state = BT_CONNECTED;
3636 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3637 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3639 hci_conn_add_sysfs(conn);
3641 hci_proto_connect_cfm(conn, ev->status);
3644 hci_dev_unlock(hdev);
3647 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3649 u8 num_reports = skb->data[0];
3650 void *ptr = &skb->data[1];
3653 while (num_reports--) {
3654 struct hci_ev_le_advertising_info *ev = ptr;
3656 rssi = ev->data[ev->length];
3657 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3658 NULL, rssi, 0, 1, ev->data, ev->length);
3660 ptr += sizeof(*ev) + ev->length + 1;
3664 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3666 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3667 struct hci_cp_le_ltk_reply cp;
3668 struct hci_cp_le_ltk_neg_reply neg;
3669 struct hci_conn *conn;
3670 struct smp_ltk *ltk;
3672 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3676 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3680 ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3684 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3685 cp.handle = cpu_to_le16(conn->handle);
3687 if (ltk->authenticated)
3688 conn->pending_sec_level = BT_SECURITY_HIGH;
3690 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3692 conn->enc_key_size = ltk->enc_size;
3694 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3696 if (ltk->type & HCI_SMP_STK) {
3697 list_del(<k->list);
3701 hci_dev_unlock(hdev);
3706 neg.handle = ev->handle;
3707 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3708 hci_dev_unlock(hdev);
3711 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3713 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3715 skb_pull(skb, sizeof(*le_ev));
3717 switch (le_ev->subevent) {
3718 case HCI_EV_LE_CONN_COMPLETE:
3719 hci_le_conn_complete_evt(hdev, skb);
3722 case HCI_EV_LE_ADVERTISING_REPORT:
3723 hci_le_adv_report_evt(hdev, skb);
3726 case HCI_EV_LE_LTK_REQ:
3727 hci_le_ltk_request_evt(hdev, skb);
3735 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3737 struct hci_ev_channel_selected *ev = (void *) skb->data;
3738 struct hci_conn *hcon;
3740 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3742 skb_pull(skb, sizeof(*ev));
3744 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3748 amp_read_loc_assoc_final_data(hdev, hcon);
3751 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3753 struct hci_event_hdr *hdr = (void *) skb->data;
3754 __u8 event = hdr->evt;
3758 /* Received events are (currently) only needed when a request is
3759 * ongoing so avoid unnecessary memory allocation.
3761 if (hdev->req_status == HCI_REQ_PEND) {
3762 kfree_skb(hdev->recv_evt);
3763 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3766 hci_dev_unlock(hdev);
3768 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3770 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3771 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3772 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3774 hci_req_cmd_complete(hdev, opcode, 0);
3778 case HCI_EV_INQUIRY_COMPLETE:
3779 hci_inquiry_complete_evt(hdev, skb);
3782 case HCI_EV_INQUIRY_RESULT:
3783 hci_inquiry_result_evt(hdev, skb);
3786 case HCI_EV_CONN_COMPLETE:
3787 hci_conn_complete_evt(hdev, skb);
3790 case HCI_EV_CONN_REQUEST:
3791 hci_conn_request_evt(hdev, skb);
3794 case HCI_EV_DISCONN_COMPLETE:
3795 hci_disconn_complete_evt(hdev, skb);
3798 case HCI_EV_AUTH_COMPLETE:
3799 hci_auth_complete_evt(hdev, skb);
3802 case HCI_EV_REMOTE_NAME:
3803 hci_remote_name_evt(hdev, skb);
3806 case HCI_EV_ENCRYPT_CHANGE:
3807 hci_encrypt_change_evt(hdev, skb);
3810 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3811 hci_change_link_key_complete_evt(hdev, skb);
3814 case HCI_EV_REMOTE_FEATURES:
3815 hci_remote_features_evt(hdev, skb);
3818 case HCI_EV_CMD_COMPLETE:
3819 hci_cmd_complete_evt(hdev, skb);
3822 case HCI_EV_CMD_STATUS:
3823 hci_cmd_status_evt(hdev, skb);
3826 case HCI_EV_ROLE_CHANGE:
3827 hci_role_change_evt(hdev, skb);
3830 case HCI_EV_NUM_COMP_PKTS:
3831 hci_num_comp_pkts_evt(hdev, skb);
3834 case HCI_EV_MODE_CHANGE:
3835 hci_mode_change_evt(hdev, skb);
3838 case HCI_EV_PIN_CODE_REQ:
3839 hci_pin_code_request_evt(hdev, skb);
3842 case HCI_EV_LINK_KEY_REQ:
3843 hci_link_key_request_evt(hdev, skb);
3846 case HCI_EV_LINK_KEY_NOTIFY:
3847 hci_link_key_notify_evt(hdev, skb);
3850 case HCI_EV_CLOCK_OFFSET:
3851 hci_clock_offset_evt(hdev, skb);
3854 case HCI_EV_PKT_TYPE_CHANGE:
3855 hci_pkt_type_change_evt(hdev, skb);
3858 case HCI_EV_PSCAN_REP_MODE:
3859 hci_pscan_rep_mode_evt(hdev, skb);
3862 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3863 hci_inquiry_result_with_rssi_evt(hdev, skb);
3866 case HCI_EV_REMOTE_EXT_FEATURES:
3867 hci_remote_ext_features_evt(hdev, skb);
3870 case HCI_EV_SYNC_CONN_COMPLETE:
3871 hci_sync_conn_complete_evt(hdev, skb);
3874 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3875 hci_extended_inquiry_result_evt(hdev, skb);
3878 case HCI_EV_KEY_REFRESH_COMPLETE:
3879 hci_key_refresh_complete_evt(hdev, skb);
3882 case HCI_EV_IO_CAPA_REQUEST:
3883 hci_io_capa_request_evt(hdev, skb);
3886 case HCI_EV_IO_CAPA_REPLY:
3887 hci_io_capa_reply_evt(hdev, skb);
3890 case HCI_EV_USER_CONFIRM_REQUEST:
3891 hci_user_confirm_request_evt(hdev, skb);
3894 case HCI_EV_USER_PASSKEY_REQUEST:
3895 hci_user_passkey_request_evt(hdev, skb);
3898 case HCI_EV_USER_PASSKEY_NOTIFY:
3899 hci_user_passkey_notify_evt(hdev, skb);
3902 case HCI_EV_KEYPRESS_NOTIFY:
3903 hci_keypress_notify_evt(hdev, skb);
3906 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3907 hci_simple_pair_complete_evt(hdev, skb);
3910 case HCI_EV_REMOTE_HOST_FEATURES:
3911 hci_remote_host_features_evt(hdev, skb);
3914 case HCI_EV_LE_META:
3915 hci_le_meta_evt(hdev, skb);
3918 case HCI_EV_CHANNEL_SELECTED:
3919 hci_chan_selected_evt(hdev, skb);
3922 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3923 hci_remote_oob_data_request_evt(hdev, skb);
3926 case HCI_EV_PHY_LINK_COMPLETE:
3927 hci_phy_link_complete_evt(hdev, skb);
3930 case HCI_EV_LOGICAL_LINK_COMPLETE:
3931 hci_loglink_complete_evt(hdev, skb);
3934 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3935 hci_disconn_loglink_complete_evt(hdev, skb);
3938 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3939 hci_disconn_phylink_complete_evt(hdev, skb);
3942 case HCI_EV_NUM_COMP_BLOCKS:
3943 hci_num_comp_blocks_evt(hdev, skb);
3947 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3952 hdev->stat.evt_rx++;