2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->role = rp->role;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
156 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
163 hdev->link_policy = __le16_to_cpu(rp->policy);
166 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 hdev->link_policy = get_unaligned_le16(sent);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%2.2x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198 hdev->discovery.state = DISCOVERY_STOPPED;
199 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
200 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
203 hdev->adv_data_len = 0;
205 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
206 hdev->scan_rsp_data_len = 0;
208 hdev->le_scan_type = LE_SCAN_PASSIVE;
210 hdev->ssp_debug_mode = 0;
212 hci_bdaddr_list_clear(&hdev->le_white_list);
215 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 __u8 status = *((__u8 *) skb->data);
220 BT_DBG("%s status 0x%2.2x", hdev->name, status);
222 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
228 if (test_bit(HCI_MGMT, &hdev->dev_flags))
229 mgmt_set_local_name_complete(hdev, sent, status);
231 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
233 hci_dev_unlock(hdev);
236 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
238 struct hci_rp_read_local_name *rp = (void *) skb->data;
240 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
245 if (test_bit(HCI_SETUP, &hdev->dev_flags))
246 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
249 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
251 __u8 status = *((__u8 *) skb->data);
254 BT_DBG("%s status 0x%2.2x", hdev->name, status);
256 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
261 __u8 param = *((__u8 *) sent);
263 if (param == AUTH_ENABLED)
264 set_bit(HCI_AUTH, &hdev->flags);
266 clear_bit(HCI_AUTH, &hdev->flags);
269 if (test_bit(HCI_MGMT, &hdev->dev_flags))
270 mgmt_auth_enable_complete(hdev, status);
273 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
275 __u8 status = *((__u8 *) skb->data);
279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
288 param = *((__u8 *) sent);
291 set_bit(HCI_ENCRYPT, &hdev->flags);
293 clear_bit(HCI_ENCRYPT, &hdev->flags);
296 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
298 __u8 status = *((__u8 *) skb->data);
302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
304 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
308 param = *((__u8 *) sent);
313 hdev->discov_timeout = 0;
317 if (param & SCAN_INQUIRY)
318 set_bit(HCI_ISCAN, &hdev->flags);
320 clear_bit(HCI_ISCAN, &hdev->flags);
322 if (param & SCAN_PAGE)
323 set_bit(HCI_PSCAN, &hdev->flags);
325 clear_bit(HCI_PSCAN, &hdev->flags);
328 hci_dev_unlock(hdev);
331 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
340 memcpy(hdev->dev_class, rp->dev_class, 3);
342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
346 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 __u8 status = *((__u8 *) skb->data);
351 BT_DBG("%s status 0x%2.2x", hdev->name, status);
353 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360 memcpy(hdev->dev_class, sent, 3);
362 if (test_bit(HCI_MGMT, &hdev->dev_flags))
363 mgmt_set_class_of_dev_complete(hdev, sent, status);
365 hci_dev_unlock(hdev);
368 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
373 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
378 setting = __le16_to_cpu(rp->voice_setting);
380 if (hdev->voice_setting == setting)
383 hdev->voice_setting = setting;
385 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
388 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
391 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
394 __u8 status = *((__u8 *) skb->data);
398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
403 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 setting = get_unaligned_le16(sent);
409 if (hdev->voice_setting == setting)
412 hdev->voice_setting = setting;
414 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
417 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
420 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
423 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
430 hdev->num_iac = rp->num_iac;
432 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
435 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 __u8 status = *((__u8 *) skb->data);
438 struct hci_cp_write_ssp_mode *sent;
440 BT_DBG("%s status 0x%2.2x", hdev->name, status);
442 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->features[1][0] |= LMP_HOST_SSP;
450 hdev->features[1][0] &= ~LMP_HOST_SSP;
453 if (test_bit(HCI_MGMT, &hdev->dev_flags))
454 mgmt_ssp_enable_complete(hdev, sent->mode, status);
457 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
465 u8 status = *((u8 *) skb->data);
466 struct hci_cp_write_sc_support *sent;
468 BT_DBG("%s status 0x%2.2x", hdev->name, status);
470 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
476 hdev->features[1][0] |= LMP_HOST_SC;
478 hdev->features[1][0] &= ~LMP_HOST_SC;
481 if (test_bit(HCI_MGMT, &hdev->dev_flags))
482 mgmt_sc_enable_complete(hdev, sent->support, status);
485 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
487 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
491 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
493 struct hci_rp_read_local_version *rp = (void *) skb->data;
495 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
500 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
501 hdev->hci_ver = rp->hci_ver;
502 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
503 hdev->lmp_ver = rp->lmp_ver;
504 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
505 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
509 static void hci_cc_read_local_commands(struct hci_dev *hdev,
512 struct hci_rp_read_local_commands *rp = (void *) skb->data;
514 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
519 if (test_bit(HCI_SETUP, &hdev->dev_flags))
520 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
523 static void hci_cc_read_local_features(struct hci_dev *hdev,
526 struct hci_rp_read_local_features *rp = (void *) skb->data;
528 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
533 memcpy(hdev->features, rp->features, 8);
535 /* Adjust default settings according to features
536 * supported by device. */
538 if (hdev->features[0][0] & LMP_3SLOT)
539 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
541 if (hdev->features[0][0] & LMP_5SLOT)
542 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
544 if (hdev->features[0][1] & LMP_HV2) {
545 hdev->pkt_type |= (HCI_HV2);
546 hdev->esco_type |= (ESCO_HV2);
549 if (hdev->features[0][1] & LMP_HV3) {
550 hdev->pkt_type |= (HCI_HV3);
551 hdev->esco_type |= (ESCO_HV3);
554 if (lmp_esco_capable(hdev))
555 hdev->esco_type |= (ESCO_EV3);
557 if (hdev->features[0][4] & LMP_EV4)
558 hdev->esco_type |= (ESCO_EV4);
560 if (hdev->features[0][4] & LMP_EV5)
561 hdev->esco_type |= (ESCO_EV5);
563 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
564 hdev->esco_type |= (ESCO_2EV3);
566 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
567 hdev->esco_type |= (ESCO_3EV3);
569 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
570 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
573 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
576 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
578 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
583 if (hdev->max_page < rp->max_page)
584 hdev->max_page = rp->max_page;
586 if (rp->page < HCI_MAX_PAGES)
587 memcpy(hdev->features[rp->page], rp->features, 8);
590 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
593 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
595 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
600 hdev->flow_ctl_mode = rp->mode;
603 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
605 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
607 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
612 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
613 hdev->sco_mtu = rp->sco_mtu;
614 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
615 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
617 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
622 hdev->acl_cnt = hdev->acl_pkts;
623 hdev->sco_cnt = hdev->sco_pkts;
625 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
626 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
629 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
631 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
633 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638 if (test_bit(HCI_INIT, &hdev->flags))
639 bacpy(&hdev->bdaddr, &rp->bdaddr);
641 if (test_bit(HCI_SETUP, &hdev->dev_flags))
642 bacpy(&hdev->setup_addr, &rp->bdaddr);
645 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
655 if (test_bit(HCI_INIT, &hdev->flags)) {
656 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
657 hdev->page_scan_window = __le16_to_cpu(rp->window);
661 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
664 u8 status = *((u8 *) skb->data);
665 struct hci_cp_write_page_scan_activity *sent;
667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
672 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
676 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
677 hdev->page_scan_window = __le16_to_cpu(sent->window);
680 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
683 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
685 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
690 if (test_bit(HCI_INIT, &hdev->flags))
691 hdev->page_scan_type = rp->type;
694 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
697 u8 status = *((u8 *) skb->data);
700 BT_DBG("%s status 0x%2.2x", hdev->name, status);
705 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
707 hdev->page_scan_type = *type;
710 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
713 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
715 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
720 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
721 hdev->block_len = __le16_to_cpu(rp->block_len);
722 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
724 hdev->block_cnt = hdev->num_blocks;
726 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
727 hdev->block_cnt, hdev->block_len);
730 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
732 struct hci_rp_read_clock *rp = (void *) skb->data;
733 struct hci_cp_read_clock *cp;
734 struct hci_conn *conn;
736 BT_DBG("%s", hdev->name);
738 if (skb->len < sizeof(*rp))
746 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
750 if (cp->which == 0x00) {
751 hdev->clock = le32_to_cpu(rp->clock);
755 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
757 conn->clock = le32_to_cpu(rp->clock);
758 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
762 hci_dev_unlock(hdev);
765 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
768 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
770 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
775 hdev->amp_status = rp->amp_status;
776 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
777 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
778 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
779 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
780 hdev->amp_type = rp->amp_type;
781 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
782 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
783 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
784 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
787 a2mp_send_getinfo_rsp(hdev);
790 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
793 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
794 struct amp_assoc *assoc = &hdev->loc_assoc;
795 size_t rem_len, frag_len;
797 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 frag_len = skb->len - sizeof(*rp);
803 rem_len = __le16_to_cpu(rp->rem_len);
805 if (rem_len > frag_len) {
806 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
808 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
809 assoc->offset += frag_len;
811 /* Read other fragments */
812 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
817 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
818 assoc->len = assoc->offset + rem_len;
822 /* Send A2MP Rsp when all fragments are received */
823 a2mp_send_getampassoc_rsp(hdev, rp->status);
824 a2mp_send_create_phy_link_req(hdev, rp->status);
827 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
830 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
832 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
837 hdev->inq_tx_power = rp->tx_power;
840 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
842 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
843 struct hci_cp_pin_code_reply *cp;
844 struct hci_conn *conn;
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
850 if (test_bit(HCI_MGMT, &hdev->dev_flags))
851 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
856 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
860 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
862 conn->pin_length = cp->pin_len;
865 hci_dev_unlock(hdev);
868 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
870 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
872 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
876 if (test_bit(HCI_MGMT, &hdev->dev_flags))
877 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
880 hci_dev_unlock(hdev);
883 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
886 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
888 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
893 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
894 hdev->le_pkts = rp->le_max_pkt;
896 hdev->le_cnt = hdev->le_pkts;
898 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
901 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
904 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
911 memcpy(hdev->le_features, rp->features, 8);
914 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
917 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
924 hdev->adv_tx_power = rp->tx_power;
927 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
929 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
931 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
936 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
939 hci_dev_unlock(hdev);
942 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
945 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
952 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
953 ACL_LINK, 0, rp->status);
955 hci_dev_unlock(hdev);
958 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
960 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
962 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
966 if (test_bit(HCI_MGMT, &hdev->dev_flags))
967 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
970 hci_dev_unlock(hdev);
973 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
976 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
978 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
983 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
984 ACL_LINK, 0, rp->status);
986 hci_dev_unlock(hdev);
989 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
992 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
994 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
997 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
999 hci_dev_unlock(hdev);
1002 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1005 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1007 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1010 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1011 rp->hash256, rp->rand256,
1013 hci_dev_unlock(hdev);
1017 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1019 __u8 status = *((__u8 *) skb->data);
1022 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1027 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1033 bacpy(&hdev->random_addr, sent);
1035 hci_dev_unlock(hdev);
1038 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1040 __u8 *sent, status = *((__u8 *) skb->data);
1042 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1047 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1053 /* If we're doing connection initiation as peripheral. Set a
1054 * timeout in case something goes wrong.
1057 struct hci_conn *conn;
1059 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1061 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1063 queue_delayed_work(hdev->workqueue,
1064 &conn->le_conn_timeout,
1065 conn->conn_timeout);
1067 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1070 hci_dev_unlock(hdev);
1073 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1075 struct hci_cp_le_set_scan_param *cp;
1076 __u8 status = *((__u8 *) skb->data);
1078 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1083 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1089 hdev->le_scan_type = cp->type;
1091 hci_dev_unlock(hdev);
1094 static bool has_pending_adv_report(struct hci_dev *hdev)
1096 struct discovery_state *d = &hdev->discovery;
1098 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1101 static void clear_pending_adv_report(struct hci_dev *hdev)
1103 struct discovery_state *d = &hdev->discovery;
1105 bacpy(&d->last_adv_addr, BDADDR_ANY);
1106 d->last_adv_data_len = 0;
1109 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1110 u8 bdaddr_type, s8 rssi, u32 flags,
1113 struct discovery_state *d = &hdev->discovery;
1115 bacpy(&d->last_adv_addr, bdaddr);
1116 d->last_adv_addr_type = bdaddr_type;
1117 d->last_adv_rssi = rssi;
1118 d->last_adv_flags = flags;
1119 memcpy(d->last_adv_data, data, len);
1120 d->last_adv_data_len = len;
1123 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1124 struct sk_buff *skb)
1126 struct hci_cp_le_set_scan_enable *cp;
1127 __u8 status = *((__u8 *) skb->data);
1129 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1138 switch (cp->enable) {
1139 case LE_SCAN_ENABLE:
1140 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1141 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1142 clear_pending_adv_report(hdev);
1145 case LE_SCAN_DISABLE:
1146 /* We do this here instead of when setting DISCOVERY_STOPPED
1147 * since the latter would potentially require waiting for
1148 * inquiry to stop too.
1150 if (has_pending_adv_report(hdev)) {
1151 struct discovery_state *d = &hdev->discovery;
1153 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1154 d->last_adv_addr_type, NULL,
1155 d->last_adv_rssi, d->last_adv_flags,
1157 d->last_adv_data_len, NULL, 0);
1160 /* Cancel this timer so that we don't try to disable scanning
1161 * when it's already disabled.
1163 cancel_delayed_work(&hdev->le_scan_disable);
1165 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1167 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1168 * interrupted scanning due to a connect request. Mark
1169 * therefore discovery as stopped. If this was not
1170 * because of a connect request advertising might have
1171 * been disabled because of active scanning, so
1172 * re-enable it again if necessary.
1174 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1176 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1177 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
1178 hdev->discovery.state == DISCOVERY_FINDING)
1179 mgmt_reenable_advertising(hdev);
1184 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1189 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1190 struct sk_buff *skb)
1192 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1194 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1199 hdev->le_white_list_size = rp->size;
1202 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1203 struct sk_buff *skb)
1205 __u8 status = *((__u8 *) skb->data);
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1212 hci_bdaddr_list_clear(&hdev->le_white_list);
1215 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1216 struct sk_buff *skb)
1218 struct hci_cp_le_add_to_white_list *sent;
1219 __u8 status = *((__u8 *) skb->data);
1221 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1226 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1230 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1234 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1235 struct sk_buff *skb)
1237 struct hci_cp_le_del_from_white_list *sent;
1238 __u8 status = *((__u8 *) skb->data);
1240 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1245 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1249 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1253 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1254 struct sk_buff *skb)
1256 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1258 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1263 memcpy(hdev->le_states, rp->le_states, 8);
1266 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1267 struct sk_buff *skb)
1269 struct hci_cp_write_le_host_supported *sent;
1270 __u8 status = *((__u8 *) skb->data);
1272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1282 hdev->features[1][0] |= LMP_HOST_LE;
1283 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1285 hdev->features[1][0] &= ~LMP_HOST_LE;
1286 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1287 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1291 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1293 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1296 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1298 struct hci_cp_le_set_adv_param *cp;
1299 u8 status = *((u8 *) skb->data);
1301 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1306 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1311 hdev->adv_addr_type = cp->own_address_type;
1312 hci_dev_unlock(hdev);
1315 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1316 struct sk_buff *skb)
1318 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1320 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1321 hdev->name, rp->status, rp->phy_handle);
1326 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1329 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1331 struct hci_rp_read_rssi *rp = (void *) skb->data;
1332 struct hci_conn *conn;
1334 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1341 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1343 conn->rssi = rp->rssi;
1345 hci_dev_unlock(hdev);
1348 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1350 struct hci_cp_read_tx_power *sent;
1351 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1352 struct hci_conn *conn;
1354 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1359 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1365 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1369 switch (sent->type) {
1371 conn->tx_power = rp->tx_power;
1374 conn->max_tx_power = rp->tx_power;
1379 hci_dev_unlock(hdev);
1382 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1384 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1387 hci_conn_check_pending(hdev);
1391 set_bit(HCI_INQUIRY, &hdev->flags);
1394 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1396 struct hci_cp_create_conn *cp;
1397 struct hci_conn *conn;
1399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1401 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1407 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1409 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1412 if (conn && conn->state == BT_CONNECT) {
1413 if (status != 0x0c || conn->attempt > 2) {
1414 conn->state = BT_CLOSED;
1415 hci_proto_connect_cfm(conn, status);
1418 conn->state = BT_CONNECT2;
1422 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1425 BT_ERR("No memory for new connection");
1429 hci_dev_unlock(hdev);
1432 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1434 struct hci_cp_add_sco *cp;
1435 struct hci_conn *acl, *sco;
1438 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1443 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1447 handle = __le16_to_cpu(cp->handle);
1449 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1453 acl = hci_conn_hash_lookup_handle(hdev, handle);
1457 sco->state = BT_CLOSED;
1459 hci_proto_connect_cfm(sco, status);
1464 hci_dev_unlock(hdev);
1467 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1469 struct hci_cp_auth_requested *cp;
1470 struct hci_conn *conn;
1472 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1477 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1483 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1485 if (conn->state == BT_CONFIG) {
1486 hci_proto_connect_cfm(conn, status);
1487 hci_conn_drop(conn);
1491 hci_dev_unlock(hdev);
1494 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1496 struct hci_cp_set_conn_encrypt *cp;
1497 struct hci_conn *conn;
1499 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1504 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1510 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1512 if (conn->state == BT_CONFIG) {
1513 hci_proto_connect_cfm(conn, status);
1514 hci_conn_drop(conn);
1518 hci_dev_unlock(hdev);
1521 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1522 struct hci_conn *conn)
1524 if (conn->state != BT_CONFIG || !conn->out)
1527 if (conn->pending_sec_level == BT_SECURITY_SDP)
1530 /* Only request authentication for SSP connections or non-SSP
1531 * devices with sec_level MEDIUM or HIGH or if MITM protection
1534 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1535 conn->pending_sec_level != BT_SECURITY_FIPS &&
1536 conn->pending_sec_level != BT_SECURITY_HIGH &&
1537 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1543 static int hci_resolve_name(struct hci_dev *hdev,
1544 struct inquiry_entry *e)
1546 struct hci_cp_remote_name_req cp;
1548 memset(&cp, 0, sizeof(cp));
1550 bacpy(&cp.bdaddr, &e->data.bdaddr);
1551 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1552 cp.pscan_mode = e->data.pscan_mode;
1553 cp.clock_offset = e->data.clock_offset;
1555 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1558 static bool hci_resolve_next_name(struct hci_dev *hdev)
1560 struct discovery_state *discov = &hdev->discovery;
1561 struct inquiry_entry *e;
1563 if (list_empty(&discov->resolve))
1566 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1570 if (hci_resolve_name(hdev, e) == 0) {
1571 e->name_state = NAME_PENDING;
1578 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1579 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1581 struct discovery_state *discov = &hdev->discovery;
1582 struct inquiry_entry *e;
1584 /* Update the mgmt connected state if necessary. Be careful with
1585 * conn objects that exist but are not (yet) connected however.
1586 * Only those in BT_CONFIG or BT_CONNECTED states can be
1587 * considered connected.
1590 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1591 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1592 mgmt_device_connected(hdev, conn, 0, name, name_len);
1594 if (discov->state == DISCOVERY_STOPPED)
1597 if (discov->state == DISCOVERY_STOPPING)
1598 goto discov_complete;
1600 if (discov->state != DISCOVERY_RESOLVING)
1603 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1604 /* If the device was not found in a list of found devices names of which
1605 * are pending. there is no need to continue resolving a next name as it
1606 * will be done upon receiving another Remote Name Request Complete
1613 e->name_state = NAME_KNOWN;
1614 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1615 e->data.rssi, name, name_len);
1617 e->name_state = NAME_NOT_KNOWN;
1620 if (hci_resolve_next_name(hdev))
1624 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1627 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1629 struct hci_cp_remote_name_req *cp;
1630 struct hci_conn *conn;
1632 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1634 /* If successful wait for the name req complete event before
1635 * checking for the need to do authentication */
1639 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1645 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1647 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1648 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1653 if (!hci_outgoing_auth_needed(hdev, conn))
1656 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1657 struct hci_cp_auth_requested auth_cp;
1659 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1661 auth_cp.handle = __cpu_to_le16(conn->handle);
1662 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1663 sizeof(auth_cp), &auth_cp);
1667 hci_dev_unlock(hdev);
1670 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1672 struct hci_cp_read_remote_features *cp;
1673 struct hci_conn *conn;
1675 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1680 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1686 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1688 if (conn->state == BT_CONFIG) {
1689 hci_proto_connect_cfm(conn, status);
1690 hci_conn_drop(conn);
1694 hci_dev_unlock(hdev);
1697 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1699 struct hci_cp_read_remote_ext_features *cp;
1700 struct hci_conn *conn;
1702 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1707 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1713 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1715 if (conn->state == BT_CONFIG) {
1716 hci_proto_connect_cfm(conn, status);
1717 hci_conn_drop(conn);
1721 hci_dev_unlock(hdev);
1724 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1726 struct hci_cp_setup_sync_conn *cp;
1727 struct hci_conn *acl, *sco;
1730 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1735 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1739 handle = __le16_to_cpu(cp->handle);
1741 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1745 acl = hci_conn_hash_lookup_handle(hdev, handle);
1749 sco->state = BT_CLOSED;
1751 hci_proto_connect_cfm(sco, status);
1756 hci_dev_unlock(hdev);
1759 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1761 struct hci_cp_sniff_mode *cp;
1762 struct hci_conn *conn;
1764 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1769 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1775 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1777 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1779 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1780 hci_sco_setup(conn, status);
1783 hci_dev_unlock(hdev);
1786 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1788 struct hci_cp_exit_sniff_mode *cp;
1789 struct hci_conn *conn;
1791 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1796 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1804 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1806 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1807 hci_sco_setup(conn, status);
1810 hci_dev_unlock(hdev);
1813 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1815 struct hci_cp_disconnect *cp;
1816 struct hci_conn *conn;
1821 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1827 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1829 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1830 conn->dst_type, status);
1832 hci_dev_unlock(hdev);
1835 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1837 struct hci_cp_create_phy_link *cp;
1839 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1841 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1848 struct hci_conn *hcon;
1850 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1854 amp_write_remote_assoc(hdev, cp->phy_handle);
1857 hci_dev_unlock(hdev);
1860 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1862 struct hci_cp_accept_phy_link *cp;
1864 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1869 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1873 amp_write_remote_assoc(hdev, cp->phy_handle);
1876 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1878 struct hci_cp_le_create_conn *cp;
1879 struct hci_conn *conn;
1881 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1883 /* All connection failure handling is taken care of by the
1884 * hci_le_conn_failed function which is triggered by the HCI
1885 * request completion callbacks used for connecting.
1890 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1896 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1900 /* Store the initiator and responder address information which
1901 * is needed for SMP. These values will not change during the
1902 * lifetime of the connection.
1904 conn->init_addr_type = cp->own_address_type;
1905 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1906 bacpy(&conn->init_addr, &hdev->random_addr);
1908 bacpy(&conn->init_addr, &hdev->bdaddr);
1910 conn->resp_addr_type = cp->peer_addr_type;
1911 bacpy(&conn->resp_addr, &cp->peer_addr);
1913 /* We don't want the connection attempt to stick around
1914 * indefinitely since LE doesn't have a page timeout concept
1915 * like BR/EDR. Set a timer for any connection that doesn't use
1916 * the white list for connecting.
1918 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1919 queue_delayed_work(conn->hdev->workqueue,
1920 &conn->le_conn_timeout,
1921 conn->conn_timeout);
1924 hci_dev_unlock(hdev);
1927 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1929 struct hci_cp_le_start_enc *cp;
1930 struct hci_conn *conn;
1932 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1939 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1943 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1947 if (conn->state != BT_CONNECTED)
1950 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1951 hci_conn_drop(conn);
1954 hci_dev_unlock(hdev);
1957 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
1959 struct hci_cp_switch_role *cp;
1960 struct hci_conn *conn;
1962 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1967 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
1973 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1975 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
1977 hci_dev_unlock(hdev);
1980 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1982 __u8 status = *((__u8 *) skb->data);
1983 struct discovery_state *discov = &hdev->discovery;
1984 struct inquiry_entry *e;
1986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1988 hci_conn_check_pending(hdev);
1990 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1993 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1994 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1996 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2001 if (discov->state != DISCOVERY_FINDING)
2004 if (list_empty(&discov->resolve)) {
2005 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2009 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2010 if (e && hci_resolve_name(hdev, e) == 0) {
2011 e->name_state = NAME_PENDING;
2012 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2014 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2018 hci_dev_unlock(hdev);
2021 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2023 struct inquiry_data data;
2024 struct inquiry_info *info = (void *) (skb->data + 1);
2025 int num_rsp = *((__u8 *) skb->data);
2027 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2032 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2037 for (; num_rsp; num_rsp--, info++) {
2040 bacpy(&data.bdaddr, &info->bdaddr);
2041 data.pscan_rep_mode = info->pscan_rep_mode;
2042 data.pscan_period_mode = info->pscan_period_mode;
2043 data.pscan_mode = info->pscan_mode;
2044 memcpy(data.dev_class, info->dev_class, 3);
2045 data.clock_offset = info->clock_offset;
2047 data.ssp_mode = 0x00;
2049 flags = hci_inquiry_cache_update(hdev, &data, false);
2051 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2052 info->dev_class, 0, flags, NULL, 0, NULL, 0);
2055 hci_dev_unlock(hdev);
2058 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2060 struct hci_ev_conn_complete *ev = (void *) skb->data;
2061 struct hci_conn *conn;
2063 BT_DBG("%s", hdev->name);
2067 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2069 if (ev->link_type != SCO_LINK)
2072 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2076 conn->type = SCO_LINK;
2080 conn->handle = __le16_to_cpu(ev->handle);
2082 if (conn->type == ACL_LINK) {
2083 conn->state = BT_CONFIG;
2084 hci_conn_hold(conn);
2086 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2087 !hci_find_link_key(hdev, &ev->bdaddr))
2088 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2090 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2092 conn->state = BT_CONNECTED;
2094 hci_conn_add_sysfs(conn);
2096 if (test_bit(HCI_AUTH, &hdev->flags))
2097 set_bit(HCI_CONN_AUTH, &conn->flags);
2099 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2100 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2102 /* Get remote features */
2103 if (conn->type == ACL_LINK) {
2104 struct hci_cp_read_remote_features cp;
2105 cp.handle = ev->handle;
2106 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2109 hci_update_page_scan(hdev, NULL);
2112 /* Set packet type for incoming connection */
2113 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2114 struct hci_cp_change_conn_ptype cp;
2115 cp.handle = ev->handle;
2116 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2117 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2121 conn->state = BT_CLOSED;
2122 if (conn->type == ACL_LINK)
2123 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2124 conn->dst_type, ev->status);
2127 if (conn->type == ACL_LINK)
2128 hci_sco_setup(conn, ev->status);
2131 hci_proto_connect_cfm(conn, ev->status);
2133 } else if (ev->link_type != ACL_LINK)
2134 hci_proto_connect_cfm(conn, ev->status);
2137 hci_dev_unlock(hdev);
2139 hci_conn_check_pending(hdev);
2142 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2144 struct hci_cp_reject_conn_req cp;
2146 bacpy(&cp.bdaddr, bdaddr);
2147 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2148 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2151 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2153 struct hci_ev_conn_request *ev = (void *) skb->data;
2154 int mask = hdev->link_mode;
2155 struct inquiry_entry *ie;
2156 struct hci_conn *conn;
2159 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2162 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2165 if (!(mask & HCI_LM_ACCEPT)) {
2166 hci_reject_conn(hdev, &ev->bdaddr);
2170 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2172 hci_reject_conn(hdev, &ev->bdaddr);
2176 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2177 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2179 hci_reject_conn(hdev, &ev->bdaddr);
2183 /* Connection accepted */
2187 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2189 memcpy(ie->data.dev_class, ev->dev_class, 3);
2191 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2194 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2197 BT_ERR("No memory for new connection");
2198 hci_dev_unlock(hdev);
2203 memcpy(conn->dev_class, ev->dev_class, 3);
2205 hci_dev_unlock(hdev);
2207 if (ev->link_type == ACL_LINK ||
2208 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2209 struct hci_cp_accept_conn_req cp;
2210 conn->state = BT_CONNECT;
2212 bacpy(&cp.bdaddr, &ev->bdaddr);
2214 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2215 cp.role = 0x00; /* Become master */
2217 cp.role = 0x01; /* Remain slave */
2219 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2220 } else if (!(flags & HCI_PROTO_DEFER)) {
2221 struct hci_cp_accept_sync_conn_req cp;
2222 conn->state = BT_CONNECT;
2224 bacpy(&cp.bdaddr, &ev->bdaddr);
2225 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2227 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2228 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2229 cp.max_latency = cpu_to_le16(0xffff);
2230 cp.content_format = cpu_to_le16(hdev->voice_setting);
2231 cp.retrans_effort = 0xff;
2233 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2236 conn->state = BT_CONNECT2;
2237 hci_proto_connect_cfm(conn, 0);
2241 static u8 hci_to_mgmt_reason(u8 err)
2244 case HCI_ERROR_CONNECTION_TIMEOUT:
2245 return MGMT_DEV_DISCONN_TIMEOUT;
2246 case HCI_ERROR_REMOTE_USER_TERM:
2247 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2248 case HCI_ERROR_REMOTE_POWER_OFF:
2249 return MGMT_DEV_DISCONN_REMOTE;
2250 case HCI_ERROR_LOCAL_HOST_TERM:
2251 return MGMT_DEV_DISCONN_LOCAL_HOST;
2253 return MGMT_DEV_DISCONN_UNKNOWN;
2257 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2259 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2260 u8 reason = hci_to_mgmt_reason(ev->reason);
2261 struct hci_conn_params *params;
2262 struct hci_conn *conn;
2263 bool mgmt_connected;
2266 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2275 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2276 conn->dst_type, ev->status);
2280 conn->state = BT_CLOSED;
2282 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2283 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2284 reason, mgmt_connected);
2286 if (conn->type == ACL_LINK) {
2287 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2288 hci_remove_link_key(hdev, &conn->dst);
2290 hci_update_page_scan(hdev, NULL);
2293 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2295 switch (params->auto_connect) {
2296 case HCI_AUTO_CONN_LINK_LOSS:
2297 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2301 case HCI_AUTO_CONN_DIRECT:
2302 case HCI_AUTO_CONN_ALWAYS:
2303 list_del_init(¶ms->action);
2304 list_add(¶ms->action, &hdev->pend_le_conns);
2305 hci_update_background_scan(hdev);
2315 hci_proto_disconn_cfm(conn, ev->reason);
2318 /* Re-enable advertising if necessary, since it might
2319 * have been disabled by the connection. From the
2320 * HCI_LE_Set_Advertise_Enable command description in
2321 * the core specification (v4.0):
2322 * "The Controller shall continue advertising until the Host
2323 * issues an LE_Set_Advertise_Enable command with
2324 * Advertising_Enable set to 0x00 (Advertising is disabled)
2325 * or until a connection is created or until the Advertising
2326 * is timed out due to Directed Advertising."
2328 if (type == LE_LINK)
2329 mgmt_reenable_advertising(hdev);
2332 hci_dev_unlock(hdev);
2335 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2337 struct hci_ev_auth_complete *ev = (void *) skb->data;
2338 struct hci_conn *conn;
2340 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2344 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2349 if (!hci_conn_ssp_enabled(conn) &&
2350 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2351 BT_INFO("re-auth of legacy device is not possible.");
2353 set_bit(HCI_CONN_AUTH, &conn->flags);
2354 conn->sec_level = conn->pending_sec_level;
2357 mgmt_auth_failed(conn, ev->status);
2360 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2361 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2363 if (conn->state == BT_CONFIG) {
2364 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2365 struct hci_cp_set_conn_encrypt cp;
2366 cp.handle = ev->handle;
2368 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2371 conn->state = BT_CONNECTED;
2372 hci_proto_connect_cfm(conn, ev->status);
2373 hci_conn_drop(conn);
2376 hci_auth_cfm(conn, ev->status);
2378 hci_conn_hold(conn);
2379 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2380 hci_conn_drop(conn);
2383 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2385 struct hci_cp_set_conn_encrypt cp;
2386 cp.handle = ev->handle;
2388 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2391 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2392 hci_encrypt_cfm(conn, ev->status, 0x00);
2397 hci_dev_unlock(hdev);
2400 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2402 struct hci_ev_remote_name *ev = (void *) skb->data;
2403 struct hci_conn *conn;
2405 BT_DBG("%s", hdev->name);
2407 hci_conn_check_pending(hdev);
2411 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2413 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2416 if (ev->status == 0)
2417 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2418 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2420 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2426 if (!hci_outgoing_auth_needed(hdev, conn))
2429 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2430 struct hci_cp_auth_requested cp;
2432 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2434 cp.handle = __cpu_to_le16(conn->handle);
2435 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2439 hci_dev_unlock(hdev);
2442 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2444 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2445 struct hci_conn *conn;
2447 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2451 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2457 /* Encryption implies authentication */
2458 set_bit(HCI_CONN_AUTH, &conn->flags);
2459 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2460 conn->sec_level = conn->pending_sec_level;
2462 /* P-256 authentication key implies FIPS */
2463 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2464 set_bit(HCI_CONN_FIPS, &conn->flags);
2466 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2467 conn->type == LE_LINK)
2468 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2470 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2471 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2475 /* We should disregard the current RPA and generate a new one
2476 * whenever the encryption procedure fails.
2478 if (ev->status && conn->type == LE_LINK)
2479 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2481 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2483 if (ev->status && conn->state == BT_CONNECTED) {
2484 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2485 hci_conn_drop(conn);
2489 if (conn->state == BT_CONFIG) {
2491 conn->state = BT_CONNECTED;
2493 /* In Secure Connections Only mode, do not allow any
2494 * connections that are not encrypted with AES-CCM
2495 * using a P-256 authenticated combination key.
2497 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2498 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2499 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2500 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2501 hci_conn_drop(conn);
2505 hci_proto_connect_cfm(conn, ev->status);
2506 hci_conn_drop(conn);
2508 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2511 hci_dev_unlock(hdev);
2514 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2515 struct sk_buff *skb)
2517 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2518 struct hci_conn *conn;
2520 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2524 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2527 set_bit(HCI_CONN_SECURE, &conn->flags);
2529 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2531 hci_key_change_cfm(conn, ev->status);
2534 hci_dev_unlock(hdev);
2537 static void hci_remote_features_evt(struct hci_dev *hdev,
2538 struct sk_buff *skb)
2540 struct hci_ev_remote_features *ev = (void *) skb->data;
2541 struct hci_conn *conn;
2543 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2552 memcpy(conn->features[0], ev->features, 8);
2554 if (conn->state != BT_CONFIG)
2557 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2558 struct hci_cp_read_remote_ext_features cp;
2559 cp.handle = ev->handle;
2561 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2566 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2567 struct hci_cp_remote_name_req cp;
2568 memset(&cp, 0, sizeof(cp));
2569 bacpy(&cp.bdaddr, &conn->dst);
2570 cp.pscan_rep_mode = 0x02;
2571 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2572 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2573 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2575 if (!hci_outgoing_auth_needed(hdev, conn)) {
2576 conn->state = BT_CONNECTED;
2577 hci_proto_connect_cfm(conn, ev->status);
2578 hci_conn_drop(conn);
2582 hci_dev_unlock(hdev);
2585 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2587 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2588 u8 status = skb->data[sizeof(*ev)];
2591 skb_pull(skb, sizeof(*ev));
2593 opcode = __le16_to_cpu(ev->opcode);
2596 case HCI_OP_INQUIRY_CANCEL:
2597 hci_cc_inquiry_cancel(hdev, skb);
2600 case HCI_OP_PERIODIC_INQ:
2601 hci_cc_periodic_inq(hdev, skb);
2604 case HCI_OP_EXIT_PERIODIC_INQ:
2605 hci_cc_exit_periodic_inq(hdev, skb);
2608 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2609 hci_cc_remote_name_req_cancel(hdev, skb);
2612 case HCI_OP_ROLE_DISCOVERY:
2613 hci_cc_role_discovery(hdev, skb);
2616 case HCI_OP_READ_LINK_POLICY:
2617 hci_cc_read_link_policy(hdev, skb);
2620 case HCI_OP_WRITE_LINK_POLICY:
2621 hci_cc_write_link_policy(hdev, skb);
2624 case HCI_OP_READ_DEF_LINK_POLICY:
2625 hci_cc_read_def_link_policy(hdev, skb);
2628 case HCI_OP_WRITE_DEF_LINK_POLICY:
2629 hci_cc_write_def_link_policy(hdev, skb);
2633 hci_cc_reset(hdev, skb);
2636 case HCI_OP_WRITE_LOCAL_NAME:
2637 hci_cc_write_local_name(hdev, skb);
2640 case HCI_OP_READ_LOCAL_NAME:
2641 hci_cc_read_local_name(hdev, skb);
2644 case HCI_OP_WRITE_AUTH_ENABLE:
2645 hci_cc_write_auth_enable(hdev, skb);
2648 case HCI_OP_WRITE_ENCRYPT_MODE:
2649 hci_cc_write_encrypt_mode(hdev, skb);
2652 case HCI_OP_WRITE_SCAN_ENABLE:
2653 hci_cc_write_scan_enable(hdev, skb);
2656 case HCI_OP_READ_CLASS_OF_DEV:
2657 hci_cc_read_class_of_dev(hdev, skb);
2660 case HCI_OP_WRITE_CLASS_OF_DEV:
2661 hci_cc_write_class_of_dev(hdev, skb);
2664 case HCI_OP_READ_VOICE_SETTING:
2665 hci_cc_read_voice_setting(hdev, skb);
2668 case HCI_OP_WRITE_VOICE_SETTING:
2669 hci_cc_write_voice_setting(hdev, skb);
2672 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2673 hci_cc_read_num_supported_iac(hdev, skb);
2676 case HCI_OP_WRITE_SSP_MODE:
2677 hci_cc_write_ssp_mode(hdev, skb);
2680 case HCI_OP_WRITE_SC_SUPPORT:
2681 hci_cc_write_sc_support(hdev, skb);
2684 case HCI_OP_READ_LOCAL_VERSION:
2685 hci_cc_read_local_version(hdev, skb);
2688 case HCI_OP_READ_LOCAL_COMMANDS:
2689 hci_cc_read_local_commands(hdev, skb);
2692 case HCI_OP_READ_LOCAL_FEATURES:
2693 hci_cc_read_local_features(hdev, skb);
2696 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2697 hci_cc_read_local_ext_features(hdev, skb);
2700 case HCI_OP_READ_BUFFER_SIZE:
2701 hci_cc_read_buffer_size(hdev, skb);
2704 case HCI_OP_READ_BD_ADDR:
2705 hci_cc_read_bd_addr(hdev, skb);
2708 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2709 hci_cc_read_page_scan_activity(hdev, skb);
2712 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2713 hci_cc_write_page_scan_activity(hdev, skb);
2716 case HCI_OP_READ_PAGE_SCAN_TYPE:
2717 hci_cc_read_page_scan_type(hdev, skb);
2720 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2721 hci_cc_write_page_scan_type(hdev, skb);
2724 case HCI_OP_READ_DATA_BLOCK_SIZE:
2725 hci_cc_read_data_block_size(hdev, skb);
2728 case HCI_OP_READ_FLOW_CONTROL_MODE:
2729 hci_cc_read_flow_control_mode(hdev, skb);
2732 case HCI_OP_READ_LOCAL_AMP_INFO:
2733 hci_cc_read_local_amp_info(hdev, skb);
2736 case HCI_OP_READ_CLOCK:
2737 hci_cc_read_clock(hdev, skb);
2740 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2741 hci_cc_read_local_amp_assoc(hdev, skb);
2744 case HCI_OP_READ_INQ_RSP_TX_POWER:
2745 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2748 case HCI_OP_PIN_CODE_REPLY:
2749 hci_cc_pin_code_reply(hdev, skb);
2752 case HCI_OP_PIN_CODE_NEG_REPLY:
2753 hci_cc_pin_code_neg_reply(hdev, skb);
2756 case HCI_OP_READ_LOCAL_OOB_DATA:
2757 hci_cc_read_local_oob_data(hdev, skb);
2760 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2761 hci_cc_read_local_oob_ext_data(hdev, skb);
2764 case HCI_OP_LE_READ_BUFFER_SIZE:
2765 hci_cc_le_read_buffer_size(hdev, skb);
2768 case HCI_OP_LE_READ_LOCAL_FEATURES:
2769 hci_cc_le_read_local_features(hdev, skb);
2772 case HCI_OP_LE_READ_ADV_TX_POWER:
2773 hci_cc_le_read_adv_tx_power(hdev, skb);
2776 case HCI_OP_USER_CONFIRM_REPLY:
2777 hci_cc_user_confirm_reply(hdev, skb);
2780 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2781 hci_cc_user_confirm_neg_reply(hdev, skb);
2784 case HCI_OP_USER_PASSKEY_REPLY:
2785 hci_cc_user_passkey_reply(hdev, skb);
2788 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2789 hci_cc_user_passkey_neg_reply(hdev, skb);
2792 case HCI_OP_LE_SET_RANDOM_ADDR:
2793 hci_cc_le_set_random_addr(hdev, skb);
2796 case HCI_OP_LE_SET_ADV_ENABLE:
2797 hci_cc_le_set_adv_enable(hdev, skb);
2800 case HCI_OP_LE_SET_SCAN_PARAM:
2801 hci_cc_le_set_scan_param(hdev, skb);
2804 case HCI_OP_LE_SET_SCAN_ENABLE:
2805 hci_cc_le_set_scan_enable(hdev, skb);
2808 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2809 hci_cc_le_read_white_list_size(hdev, skb);
2812 case HCI_OP_LE_CLEAR_WHITE_LIST:
2813 hci_cc_le_clear_white_list(hdev, skb);
2816 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2817 hci_cc_le_add_to_white_list(hdev, skb);
2820 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2821 hci_cc_le_del_from_white_list(hdev, skb);
2824 case HCI_OP_LE_READ_SUPPORTED_STATES:
2825 hci_cc_le_read_supported_states(hdev, skb);
2828 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2829 hci_cc_write_le_host_supported(hdev, skb);
2832 case HCI_OP_LE_SET_ADV_PARAM:
2833 hci_cc_set_adv_param(hdev, skb);
2836 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2837 hci_cc_write_remote_amp_assoc(hdev, skb);
2840 case HCI_OP_READ_RSSI:
2841 hci_cc_read_rssi(hdev, skb);
2844 case HCI_OP_READ_TX_POWER:
2845 hci_cc_read_tx_power(hdev, skb);
2849 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2853 if (opcode != HCI_OP_NOP)
2854 cancel_delayed_work(&hdev->cmd_timer);
2856 hci_req_cmd_complete(hdev, opcode, status);
2858 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2859 atomic_set(&hdev->cmd_cnt, 1);
2860 if (!skb_queue_empty(&hdev->cmd_q))
2861 queue_work(hdev->workqueue, &hdev->cmd_work);
2865 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2867 struct hci_ev_cmd_status *ev = (void *) skb->data;
2870 skb_pull(skb, sizeof(*ev));
2872 opcode = __le16_to_cpu(ev->opcode);
2875 case HCI_OP_INQUIRY:
2876 hci_cs_inquiry(hdev, ev->status);
2879 case HCI_OP_CREATE_CONN:
2880 hci_cs_create_conn(hdev, ev->status);
2883 case HCI_OP_DISCONNECT:
2884 hci_cs_disconnect(hdev, ev->status);
2887 case HCI_OP_ADD_SCO:
2888 hci_cs_add_sco(hdev, ev->status);
2891 case HCI_OP_AUTH_REQUESTED:
2892 hci_cs_auth_requested(hdev, ev->status);
2895 case HCI_OP_SET_CONN_ENCRYPT:
2896 hci_cs_set_conn_encrypt(hdev, ev->status);
2899 case HCI_OP_REMOTE_NAME_REQ:
2900 hci_cs_remote_name_req(hdev, ev->status);
2903 case HCI_OP_READ_REMOTE_FEATURES:
2904 hci_cs_read_remote_features(hdev, ev->status);
2907 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2908 hci_cs_read_remote_ext_features(hdev, ev->status);
2911 case HCI_OP_SETUP_SYNC_CONN:
2912 hci_cs_setup_sync_conn(hdev, ev->status);
2915 case HCI_OP_CREATE_PHY_LINK:
2916 hci_cs_create_phylink(hdev, ev->status);
2919 case HCI_OP_ACCEPT_PHY_LINK:
2920 hci_cs_accept_phylink(hdev, ev->status);
2923 case HCI_OP_SNIFF_MODE:
2924 hci_cs_sniff_mode(hdev, ev->status);
2927 case HCI_OP_EXIT_SNIFF_MODE:
2928 hci_cs_exit_sniff_mode(hdev, ev->status);
2931 case HCI_OP_SWITCH_ROLE:
2932 hci_cs_switch_role(hdev, ev->status);
2935 case HCI_OP_LE_CREATE_CONN:
2936 hci_cs_le_create_conn(hdev, ev->status);
2939 case HCI_OP_LE_START_ENC:
2940 hci_cs_le_start_enc(hdev, ev->status);
2944 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2948 if (opcode != HCI_OP_NOP)
2949 cancel_delayed_work(&hdev->cmd_timer);
2952 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2953 hci_req_cmd_complete(hdev, opcode, ev->status);
2955 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2956 atomic_set(&hdev->cmd_cnt, 1);
2957 if (!skb_queue_empty(&hdev->cmd_q))
2958 queue_work(hdev->workqueue, &hdev->cmd_work);
2962 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
2964 struct hci_ev_hardware_error *ev = (void *) skb->data;
2966 BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
2969 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2971 struct hci_ev_role_change *ev = (void *) skb->data;
2972 struct hci_conn *conn;
2974 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2981 conn->role = ev->role;
2983 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2985 hci_role_switch_cfm(conn, ev->status, ev->role);
2988 hci_dev_unlock(hdev);
2991 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2993 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2996 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2997 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3001 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3002 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3003 BT_DBG("%s bad parameters", hdev->name);
3007 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3009 for (i = 0; i < ev->num_hndl; i++) {
3010 struct hci_comp_pkts_info *info = &ev->handles[i];
3011 struct hci_conn *conn;
3012 __u16 handle, count;
3014 handle = __le16_to_cpu(info->handle);
3015 count = __le16_to_cpu(info->count);
3017 conn = hci_conn_hash_lookup_handle(hdev, handle);
3021 conn->sent -= count;
3023 switch (conn->type) {
3025 hdev->acl_cnt += count;
3026 if (hdev->acl_cnt > hdev->acl_pkts)
3027 hdev->acl_cnt = hdev->acl_pkts;
3031 if (hdev->le_pkts) {
3032 hdev->le_cnt += count;
3033 if (hdev->le_cnt > hdev->le_pkts)
3034 hdev->le_cnt = hdev->le_pkts;
3036 hdev->acl_cnt += count;
3037 if (hdev->acl_cnt > hdev->acl_pkts)
3038 hdev->acl_cnt = hdev->acl_pkts;
3043 hdev->sco_cnt += count;
3044 if (hdev->sco_cnt > hdev->sco_pkts)
3045 hdev->sco_cnt = hdev->sco_pkts;
3049 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3054 queue_work(hdev->workqueue, &hdev->tx_work);
3057 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3060 struct hci_chan *chan;
3062 switch (hdev->dev_type) {
3064 return hci_conn_hash_lookup_handle(hdev, handle);
3066 chan = hci_chan_lookup_handle(hdev, handle);
3071 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3078 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3080 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3083 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3084 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3088 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3089 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3090 BT_DBG("%s bad parameters", hdev->name);
3094 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3097 for (i = 0; i < ev->num_hndl; i++) {
3098 struct hci_comp_blocks_info *info = &ev->handles[i];
3099 struct hci_conn *conn = NULL;
3100 __u16 handle, block_count;
3102 handle = __le16_to_cpu(info->handle);
3103 block_count = __le16_to_cpu(info->blocks);
3105 conn = __hci_conn_lookup_handle(hdev, handle);
3109 conn->sent -= block_count;
3111 switch (conn->type) {
3114 hdev->block_cnt += block_count;
3115 if (hdev->block_cnt > hdev->num_blocks)
3116 hdev->block_cnt = hdev->num_blocks;
3120 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3125 queue_work(hdev->workqueue, &hdev->tx_work);
3128 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3130 struct hci_ev_mode_change *ev = (void *) skb->data;
3131 struct hci_conn *conn;
3133 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3137 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3139 conn->mode = ev->mode;
3141 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3143 if (conn->mode == HCI_CM_ACTIVE)
3144 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3146 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3149 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3150 hci_sco_setup(conn, ev->status);
3153 hci_dev_unlock(hdev);
3156 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3158 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3159 struct hci_conn *conn;
3161 BT_DBG("%s", hdev->name);
3165 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3169 if (conn->state == BT_CONNECTED) {
3170 hci_conn_hold(conn);
3171 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3172 hci_conn_drop(conn);
3175 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
3176 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3177 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3178 sizeof(ev->bdaddr), &ev->bdaddr);
3179 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3182 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3187 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3191 hci_dev_unlock(hdev);
3194 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3196 if (key_type == HCI_LK_CHANGED_COMBINATION)
3199 conn->pin_length = pin_len;
3200 conn->key_type = key_type;
3203 case HCI_LK_LOCAL_UNIT:
3204 case HCI_LK_REMOTE_UNIT:
3205 case HCI_LK_DEBUG_COMBINATION:
3207 case HCI_LK_COMBINATION:
3209 conn->pending_sec_level = BT_SECURITY_HIGH;
3211 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3213 case HCI_LK_UNAUTH_COMBINATION_P192:
3214 case HCI_LK_UNAUTH_COMBINATION_P256:
3215 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3217 case HCI_LK_AUTH_COMBINATION_P192:
3218 conn->pending_sec_level = BT_SECURITY_HIGH;
3220 case HCI_LK_AUTH_COMBINATION_P256:
3221 conn->pending_sec_level = BT_SECURITY_FIPS;
3226 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3228 struct hci_ev_link_key_req *ev = (void *) skb->data;
3229 struct hci_cp_link_key_reply cp;
3230 struct hci_conn *conn;
3231 struct link_key *key;
3233 BT_DBG("%s", hdev->name);
3235 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3240 key = hci_find_link_key(hdev, &ev->bdaddr);
3242 BT_DBG("%s link key not found for %pMR", hdev->name,
3247 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3250 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3252 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3253 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3254 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3255 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3259 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3260 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3261 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3262 BT_DBG("%s ignoring key unauthenticated for high security",
3267 conn_set_key(conn, key->type, key->pin_len);
3270 bacpy(&cp.bdaddr, &ev->bdaddr);
3271 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3273 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3275 hci_dev_unlock(hdev);
3280 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3281 hci_dev_unlock(hdev);
3284 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3286 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3287 struct hci_conn *conn;
3288 struct link_key *key;
3292 BT_DBG("%s", hdev->name);
3296 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3298 hci_conn_hold(conn);
3299 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3300 hci_conn_drop(conn);
3301 conn_set_key(conn, ev->key_type, conn->pin_length);
3304 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3307 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3308 ev->key_type, pin_len, &persistent);
3312 /* Update connection information since adding the key will have
3313 * fixed up the type in the case of changed combination keys.
3315 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3316 conn_set_key(conn, key->type, key->pin_len);
3318 mgmt_new_link_key(hdev, key, persistent);
3320 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3321 * is set. If it's not set simply remove the key from the kernel
3322 * list (we've still notified user space about it but with
3323 * store_hint being 0).
3325 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3326 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3327 list_del_rcu(&key->list);
3328 kfree_rcu(key, rcu);
3331 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3333 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3337 hci_dev_unlock(hdev);
3340 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3342 struct hci_ev_clock_offset *ev = (void *) skb->data;
3343 struct hci_conn *conn;
3345 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3349 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3350 if (conn && !ev->status) {
3351 struct inquiry_entry *ie;
3353 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3355 ie->data.clock_offset = ev->clock_offset;
3356 ie->timestamp = jiffies;
3360 hci_dev_unlock(hdev);
3363 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3365 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3366 struct hci_conn *conn;
3368 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3373 if (conn && !ev->status)
3374 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3376 hci_dev_unlock(hdev);
3379 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3381 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3382 struct inquiry_entry *ie;
3384 BT_DBG("%s", hdev->name);
3388 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3390 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3391 ie->timestamp = jiffies;
3394 hci_dev_unlock(hdev);
3397 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3398 struct sk_buff *skb)
3400 struct inquiry_data data;
3401 int num_rsp = *((__u8 *) skb->data);
3403 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3408 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3413 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3414 struct inquiry_info_with_rssi_and_pscan_mode *info;
3415 info = (void *) (skb->data + 1);
3417 for (; num_rsp; num_rsp--, info++) {
3420 bacpy(&data.bdaddr, &info->bdaddr);
3421 data.pscan_rep_mode = info->pscan_rep_mode;
3422 data.pscan_period_mode = info->pscan_period_mode;
3423 data.pscan_mode = info->pscan_mode;
3424 memcpy(data.dev_class, info->dev_class, 3);
3425 data.clock_offset = info->clock_offset;
3426 data.rssi = info->rssi;
3427 data.ssp_mode = 0x00;
3429 flags = hci_inquiry_cache_update(hdev, &data, false);
3431 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3432 info->dev_class, info->rssi,
3433 flags, NULL, 0, NULL, 0);
3436 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3438 for (; num_rsp; num_rsp--, info++) {
3441 bacpy(&data.bdaddr, &info->bdaddr);
3442 data.pscan_rep_mode = info->pscan_rep_mode;
3443 data.pscan_period_mode = info->pscan_period_mode;
3444 data.pscan_mode = 0x00;
3445 memcpy(data.dev_class, info->dev_class, 3);
3446 data.clock_offset = info->clock_offset;
3447 data.rssi = info->rssi;
3448 data.ssp_mode = 0x00;
3450 flags = hci_inquiry_cache_update(hdev, &data, false);
3452 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3453 info->dev_class, info->rssi,
3454 flags, NULL, 0, NULL, 0);
3458 hci_dev_unlock(hdev);
3461 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3462 struct sk_buff *skb)
3464 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3465 struct hci_conn *conn;
3467 BT_DBG("%s", hdev->name);
3471 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3475 if (ev->page < HCI_MAX_PAGES)
3476 memcpy(conn->features[ev->page], ev->features, 8);
3478 if (!ev->status && ev->page == 0x01) {
3479 struct inquiry_entry *ie;
3481 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3483 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3485 if (ev->features[0] & LMP_HOST_SSP) {
3486 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3488 /* It is mandatory by the Bluetooth specification that
3489 * Extended Inquiry Results are only used when Secure
3490 * Simple Pairing is enabled, but some devices violate
3493 * To make these devices work, the internal SSP
3494 * enabled flag needs to be cleared if the remote host
3495 * features do not indicate SSP support */
3496 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3499 if (ev->features[0] & LMP_HOST_SC)
3500 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3503 if (conn->state != BT_CONFIG)
3506 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3507 struct hci_cp_remote_name_req cp;
3508 memset(&cp, 0, sizeof(cp));
3509 bacpy(&cp.bdaddr, &conn->dst);
3510 cp.pscan_rep_mode = 0x02;
3511 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3512 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3513 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3515 if (!hci_outgoing_auth_needed(hdev, conn)) {
3516 conn->state = BT_CONNECTED;
3517 hci_proto_connect_cfm(conn, ev->status);
3518 hci_conn_drop(conn);
3522 hci_dev_unlock(hdev);
3525 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3526 struct sk_buff *skb)
3528 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3529 struct hci_conn *conn;
3531 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3535 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3537 if (ev->link_type == ESCO_LINK)
3540 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3544 conn->type = SCO_LINK;
3547 switch (ev->status) {
3549 conn->handle = __le16_to_cpu(ev->handle);
3550 conn->state = BT_CONNECTED;
3552 hci_conn_add_sysfs(conn);
3555 case 0x10: /* Connection Accept Timeout */
3556 case 0x0d: /* Connection Rejected due to Limited Resources */
3557 case 0x11: /* Unsupported Feature or Parameter Value */
3558 case 0x1c: /* SCO interval rejected */
3559 case 0x1a: /* Unsupported Remote Feature */
3560 case 0x1f: /* Unspecified error */
3561 case 0x20: /* Unsupported LMP Parameter value */
3563 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3564 (hdev->esco_type & EDR_ESCO_MASK);
3565 if (hci_setup_sync(conn, conn->link->handle))
3571 conn->state = BT_CLOSED;
3575 hci_proto_connect_cfm(conn, ev->status);
3580 hci_dev_unlock(hdev);
3583 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3587 while (parsed < eir_len) {
3588 u8 field_len = eir[0];
3593 parsed += field_len + 1;
3594 eir += field_len + 1;
3600 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3601 struct sk_buff *skb)
3603 struct inquiry_data data;
3604 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3605 int num_rsp = *((__u8 *) skb->data);
3608 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3613 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3618 for (; num_rsp; num_rsp--, info++) {
3622 bacpy(&data.bdaddr, &info->bdaddr);
3623 data.pscan_rep_mode = info->pscan_rep_mode;
3624 data.pscan_period_mode = info->pscan_period_mode;
3625 data.pscan_mode = 0x00;
3626 memcpy(data.dev_class, info->dev_class, 3);
3627 data.clock_offset = info->clock_offset;
3628 data.rssi = info->rssi;
3629 data.ssp_mode = 0x01;
3631 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3632 name_known = eir_has_data_type(info->data,
3638 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3640 eir_len = eir_get_length(info->data, sizeof(info->data));
3642 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3643 info->dev_class, info->rssi,
3644 flags, info->data, eir_len, NULL, 0);
3647 hci_dev_unlock(hdev);
3650 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3651 struct sk_buff *skb)
3653 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3654 struct hci_conn *conn;
3656 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3657 __le16_to_cpu(ev->handle));
3661 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3665 /* For BR/EDR the necessary steps are taken through the
3666 * auth_complete event.
3668 if (conn->type != LE_LINK)
3672 conn->sec_level = conn->pending_sec_level;
3674 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3676 if (ev->status && conn->state == BT_CONNECTED) {
3677 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3678 hci_conn_drop(conn);
3682 if (conn->state == BT_CONFIG) {
3684 conn->state = BT_CONNECTED;
3686 hci_proto_connect_cfm(conn, ev->status);
3687 hci_conn_drop(conn);
3689 hci_auth_cfm(conn, ev->status);
3691 hci_conn_hold(conn);
3692 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3693 hci_conn_drop(conn);
3697 hci_dev_unlock(hdev);
3700 static u8 hci_get_auth_req(struct hci_conn *conn)
3702 /* If remote requests no-bonding follow that lead */
3703 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3704 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3705 return conn->remote_auth | (conn->auth_type & 0x01);
3707 /* If both remote and local have enough IO capabilities, require
3710 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3711 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3712 return conn->remote_auth | 0x01;
3714 /* No MITM protection possible so ignore remote requirement */
3715 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3718 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3720 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3721 struct hci_conn *conn;
3723 BT_DBG("%s", hdev->name);
3727 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3731 hci_conn_hold(conn);
3733 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3736 /* Allow pairing if we're pairable, the initiators of the
3737 * pairing or if the remote is not requesting bonding.
3739 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
3740 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
3741 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3742 struct hci_cp_io_capability_reply cp;
3744 bacpy(&cp.bdaddr, &ev->bdaddr);
3745 /* Change the IO capability from KeyboardDisplay
3746 * to DisplayYesNo as it is not supported by BT spec. */
3747 cp.capability = (conn->io_capability == 0x04) ?
3748 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3750 /* If we are initiators, there is no remote information yet */
3751 if (conn->remote_auth == 0xff) {
3752 /* Request MITM protection if our IO caps allow it
3753 * except for the no-bonding case.
3755 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3756 conn->auth_type != HCI_AT_NO_BONDING)
3757 conn->auth_type |= 0x01;
3759 conn->auth_type = hci_get_auth_req(conn);
3762 /* If we're not bondable, force one of the non-bondable
3763 * authentication requirement values.
3765 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
3766 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
3768 cp.authentication = conn->auth_type;
3770 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3771 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3776 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3779 struct hci_cp_io_capability_neg_reply cp;
3781 bacpy(&cp.bdaddr, &ev->bdaddr);
3782 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3784 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3789 hci_dev_unlock(hdev);
3792 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3794 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3795 struct hci_conn *conn;
3797 BT_DBG("%s", hdev->name);
3801 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3805 conn->remote_cap = ev->capability;
3806 conn->remote_auth = ev->authentication;
3808 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3811 hci_dev_unlock(hdev);
3814 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3815 struct sk_buff *skb)
3817 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3818 int loc_mitm, rem_mitm, confirm_hint = 0;
3819 struct hci_conn *conn;
3821 BT_DBG("%s", hdev->name);
3825 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3832 loc_mitm = (conn->auth_type & 0x01);
3833 rem_mitm = (conn->remote_auth & 0x01);
3835 /* If we require MITM but the remote device can't provide that
3836 * (it has NoInputNoOutput) then reject the confirmation
3837 * request. We check the security level here since it doesn't
3838 * necessarily match conn->auth_type.
3840 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
3841 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3842 BT_DBG("Rejecting request: remote device can't provide MITM");
3843 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3844 sizeof(ev->bdaddr), &ev->bdaddr);
3848 /* If no side requires MITM protection; auto-accept */
3849 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3850 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3852 /* If we're not the initiators request authorization to
3853 * proceed from user space (mgmt_user_confirm with
3854 * confirm_hint set to 1). The exception is if neither
3855 * side had MITM or if the local IO capability is
3856 * NoInputNoOutput, in which case we do auto-accept
3858 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3859 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3860 (loc_mitm || rem_mitm)) {
3861 BT_DBG("Confirming auto-accept as acceptor");
3866 BT_DBG("Auto-accept of user confirmation with %ums delay",
3867 hdev->auto_accept_delay);
3869 if (hdev->auto_accept_delay > 0) {
3870 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3871 queue_delayed_work(conn->hdev->workqueue,
3872 &conn->auto_accept_work, delay);
3876 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3877 sizeof(ev->bdaddr), &ev->bdaddr);
3882 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3883 le32_to_cpu(ev->passkey), confirm_hint);
3886 hci_dev_unlock(hdev);
3889 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3890 struct sk_buff *skb)
3892 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3894 BT_DBG("%s", hdev->name);
3896 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3897 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3900 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3901 struct sk_buff *skb)
3903 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3904 struct hci_conn *conn;
3906 BT_DBG("%s", hdev->name);
3908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3912 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3913 conn->passkey_entered = 0;
3915 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3916 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3917 conn->dst_type, conn->passkey_notify,
3918 conn->passkey_entered);
3921 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3923 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3924 struct hci_conn *conn;
3926 BT_DBG("%s", hdev->name);
3928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3933 case HCI_KEYPRESS_STARTED:
3934 conn->passkey_entered = 0;
3937 case HCI_KEYPRESS_ENTERED:
3938 conn->passkey_entered++;
3941 case HCI_KEYPRESS_ERASED:
3942 conn->passkey_entered--;
3945 case HCI_KEYPRESS_CLEARED:
3946 conn->passkey_entered = 0;
3949 case HCI_KEYPRESS_COMPLETED:
3953 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3954 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3955 conn->dst_type, conn->passkey_notify,
3956 conn->passkey_entered);
3959 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3960 struct sk_buff *skb)
3962 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3963 struct hci_conn *conn;
3965 BT_DBG("%s", hdev->name);
3969 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3973 /* Reset the authentication requirement to unknown */
3974 conn->remote_auth = 0xff;
3976 /* To avoid duplicate auth_failed events to user space we check
3977 * the HCI_CONN_AUTH_PEND flag which will be set if we
3978 * initiated the authentication. A traditional auth_complete
3979 * event gets always produced as initiator and is also mapped to
3980 * the mgmt_auth_failed event */
3981 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3982 mgmt_auth_failed(conn, ev->status);
3984 hci_conn_drop(conn);
3987 hci_dev_unlock(hdev);
3990 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3991 struct sk_buff *skb)
3993 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3994 struct inquiry_entry *ie;
3995 struct hci_conn *conn;
3997 BT_DBG("%s", hdev->name);
4001 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4003 memcpy(conn->features[1], ev->features, 8);
4005 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4007 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4009 hci_dev_unlock(hdev);
4012 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4013 struct sk_buff *skb)
4015 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4016 struct oob_data *data;
4018 BT_DBG("%s", hdev->name);
4022 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4025 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
4027 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
4028 struct hci_cp_remote_oob_ext_data_reply cp;
4030 bacpy(&cp.bdaddr, &ev->bdaddr);
4031 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4032 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4033 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4034 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4036 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4039 struct hci_cp_remote_oob_data_reply cp;
4041 bacpy(&cp.bdaddr, &ev->bdaddr);
4042 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4043 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4045 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4049 struct hci_cp_remote_oob_data_neg_reply cp;
4051 bacpy(&cp.bdaddr, &ev->bdaddr);
4052 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4057 hci_dev_unlock(hdev);
4060 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4061 struct sk_buff *skb)
4063 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4064 struct hci_conn *hcon, *bredr_hcon;
4066 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4071 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4073 hci_dev_unlock(hdev);
4079 hci_dev_unlock(hdev);
4083 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4085 hcon->state = BT_CONNECTED;
4086 bacpy(&hcon->dst, &bredr_hcon->dst);
4088 hci_conn_hold(hcon);
4089 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4090 hci_conn_drop(hcon);
4092 hci_conn_add_sysfs(hcon);
4094 amp_physical_cfm(bredr_hcon, hcon);
4096 hci_dev_unlock(hdev);
4099 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4101 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4102 struct hci_conn *hcon;
4103 struct hci_chan *hchan;
4104 struct amp_mgr *mgr;
4106 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4107 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4110 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4114 /* Create AMP hchan */
4115 hchan = hci_chan_create(hcon);
4119 hchan->handle = le16_to_cpu(ev->handle);
4121 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4123 mgr = hcon->amp_mgr;
4124 if (mgr && mgr->bredr_chan) {
4125 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4127 l2cap_chan_lock(bredr_chan);
4129 bredr_chan->conn->mtu = hdev->block_mtu;
4130 l2cap_logical_cfm(bredr_chan, hchan, 0);
4131 hci_conn_hold(hcon);
4133 l2cap_chan_unlock(bredr_chan);
4137 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4138 struct sk_buff *skb)
4140 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4141 struct hci_chan *hchan;
4143 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4144 le16_to_cpu(ev->handle), ev->status);
4151 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4155 amp_destroy_logical_link(hchan, ev->reason);
4158 hci_dev_unlock(hdev);
4161 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4162 struct sk_buff *skb)
4164 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4165 struct hci_conn *hcon;
4167 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4174 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4176 hcon->state = BT_CLOSED;
4180 hci_dev_unlock(hdev);
4183 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4185 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4186 struct hci_conn_params *params;
4187 struct hci_conn *conn;
4188 struct smp_irk *irk;
4191 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4195 /* All controllers implicitly stop advertising in the event of a
4196 * connection, so ensure that the state bit is cleared.
4198 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4200 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4202 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4204 BT_ERR("No memory for new connection");
4208 conn->dst_type = ev->bdaddr_type;
4210 /* If we didn't have a hci_conn object previously
4211 * but we're in master role this must be something
4212 * initiated using a white list. Since white list based
4213 * connections are not "first class citizens" we don't
4214 * have full tracking of them. Therefore, we go ahead
4215 * with a "best effort" approach of determining the
4216 * initiator address based on the HCI_PRIVACY flag.
4219 conn->resp_addr_type = ev->bdaddr_type;
4220 bacpy(&conn->resp_addr, &ev->bdaddr);
4221 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4222 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4223 bacpy(&conn->init_addr, &hdev->rpa);
4225 hci_copy_identity_address(hdev,
4227 &conn->init_addr_type);
4231 cancel_delayed_work(&conn->le_conn_timeout);
4235 /* Set the responder (our side) address type based on
4236 * the advertising address type.
4238 conn->resp_addr_type = hdev->adv_addr_type;
4239 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4240 bacpy(&conn->resp_addr, &hdev->random_addr);
4242 bacpy(&conn->resp_addr, &hdev->bdaddr);
4244 conn->init_addr_type = ev->bdaddr_type;
4245 bacpy(&conn->init_addr, &ev->bdaddr);
4247 /* For incoming connections, set the default minimum
4248 * and maximum connection interval. They will be used
4249 * to check if the parameters are in range and if not
4250 * trigger the connection update procedure.
4252 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4253 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4256 /* Lookup the identity address from the stored connection
4257 * address and address type.
4259 * When establishing connections to an identity address, the
4260 * connection procedure will store the resolvable random
4261 * address first. Now if it can be converted back into the
4262 * identity address, start using the identity address from
4265 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4267 bacpy(&conn->dst, &irk->bdaddr);
4268 conn->dst_type = irk->addr_type;
4272 hci_le_conn_failed(conn, ev->status);
4276 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4277 addr_type = BDADDR_LE_PUBLIC;
4279 addr_type = BDADDR_LE_RANDOM;
4281 /* Drop the connection if the device is blocked */
4282 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4283 hci_conn_drop(conn);
4287 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4288 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4290 conn->sec_level = BT_SECURITY_LOW;
4291 conn->handle = __le16_to_cpu(ev->handle);
4292 conn->state = BT_CONNECTED;
4294 conn->le_conn_interval = le16_to_cpu(ev->interval);
4295 conn->le_conn_latency = le16_to_cpu(ev->latency);
4296 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4298 hci_conn_add_sysfs(conn);
4300 hci_proto_connect_cfm(conn, ev->status);
4302 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4305 list_del_init(¶ms->action);
4307 hci_conn_drop(params->conn);
4308 hci_conn_put(params->conn);
4309 params->conn = NULL;
4314 hci_update_background_scan(hdev);
4315 hci_dev_unlock(hdev);
4318 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4319 struct sk_buff *skb)
4321 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4322 struct hci_conn *conn;
4324 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4331 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4333 conn->le_conn_interval = le16_to_cpu(ev->interval);
4334 conn->le_conn_latency = le16_to_cpu(ev->latency);
4335 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4338 hci_dev_unlock(hdev);
4341 /* This function requires the caller holds hdev->lock */
4342 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4344 u8 addr_type, u8 adv_type)
4346 struct hci_conn *conn;
4347 struct hci_conn_params *params;
4349 /* If the event is not connectable don't proceed further */
4350 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4353 /* Ignore if the device is blocked */
4354 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4357 /* Most controller will fail if we try to create new connections
4358 * while we have an existing one in slave role.
4360 if (hdev->conn_hash.le_num_slave > 0)
4363 /* If we're not connectable only connect devices that we have in
4364 * our pend_le_conns list.
4366 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4371 switch (params->auto_connect) {
4372 case HCI_AUTO_CONN_DIRECT:
4373 /* Only devices advertising with ADV_DIRECT_IND are
4374 * triggering a connection attempt. This is allowing
4375 * incoming connections from slave devices.
4377 if (adv_type != LE_ADV_DIRECT_IND)
4380 case HCI_AUTO_CONN_ALWAYS:
4381 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4382 * are triggering a connection attempt. This means
4383 * that incoming connectioms from slave device are
4384 * accepted and also outgoing connections to slave
4385 * devices are established when found.
4392 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4393 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4394 if (!IS_ERR(conn)) {
4395 /* Store the pointer since we don't really have any
4396 * other owner of the object besides the params that
4397 * triggered it. This way we can abort the connection if
4398 * the parameters get removed and keep the reference
4399 * count consistent once the connection is established.
4401 params->conn = hci_conn_get(conn);
4405 switch (PTR_ERR(conn)) {
4407 /* If hci_connect() returns -EBUSY it means there is already
4408 * an LE connection attempt going on. Since controllers don't
4409 * support more than one connection attempt at the time, we
4410 * don't consider this an error case.
4414 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4421 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4422 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4424 struct discovery_state *d = &hdev->discovery;
4425 struct smp_irk *irk;
4426 struct hci_conn *conn;
4430 /* Check if we need to convert to identity address */
4431 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4433 bdaddr = &irk->bdaddr;
4434 bdaddr_type = irk->addr_type;
4437 /* Check if we have been requested to connect to this device */
4438 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4439 if (conn && type == LE_ADV_IND) {
4440 /* Store report for later inclusion by
4441 * mgmt_device_connected
4443 memcpy(conn->le_adv_data, data, len);
4444 conn->le_adv_data_len = len;
4447 /* Passive scanning shouldn't trigger any device found events,
4448 * except for devices marked as CONN_REPORT for which we do send
4449 * device found events.
4451 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4452 if (type == LE_ADV_DIRECT_IND)
4455 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4456 bdaddr, bdaddr_type))
4459 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4460 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4463 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4464 rssi, flags, data, len, NULL, 0);
4468 /* When receiving non-connectable or scannable undirected
4469 * advertising reports, this means that the remote device is
4470 * not connectable and then clearly indicate this in the
4471 * device found event.
4473 * When receiving a scan response, then there is no way to
4474 * know if the remote device is connectable or not. However
4475 * since scan responses are merged with a previously seen
4476 * advertising report, the flags field from that report
4479 * In the really unlikely case that a controller get confused
4480 * and just sends a scan response event, then it is marked as
4481 * not connectable as well.
4483 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4484 type == LE_ADV_SCAN_RSP)
4485 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4489 /* If there's nothing pending either store the data from this
4490 * event or send an immediate device found event if the data
4491 * should not be stored for later.
4493 if (!has_pending_adv_report(hdev)) {
4494 /* If the report will trigger a SCAN_REQ store it for
4497 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4498 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4499 rssi, flags, data, len);
4503 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4504 rssi, flags, data, len, NULL, 0);
4508 /* Check if the pending report is for the same device as the new one */
4509 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4510 bdaddr_type == d->last_adv_addr_type);
4512 /* If the pending data doesn't match this report or this isn't a
4513 * scan response (e.g. we got a duplicate ADV_IND) then force
4514 * sending of the pending data.
4516 if (type != LE_ADV_SCAN_RSP || !match) {
4517 /* Send out whatever is in the cache, but skip duplicates */
4519 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4520 d->last_adv_addr_type, NULL,
4521 d->last_adv_rssi, d->last_adv_flags,
4523 d->last_adv_data_len, NULL, 0);
4525 /* If the new report will trigger a SCAN_REQ store it for
4528 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4529 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4530 rssi, flags, data, len);
4534 /* The advertising reports cannot be merged, so clear
4535 * the pending report and send out a device found event.
4537 clear_pending_adv_report(hdev);
4538 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4539 rssi, flags, data, len, NULL, 0);
4543 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4544 * the new event is a SCAN_RSP. We can therefore proceed with
4545 * sending a merged device found event.
4547 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4548 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4549 d->last_adv_data, d->last_adv_data_len, data, len);
4550 clear_pending_adv_report(hdev);
4553 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4555 u8 num_reports = skb->data[0];
4556 void *ptr = &skb->data[1];
4560 while (num_reports--) {
4561 struct hci_ev_le_advertising_info *ev = ptr;
4564 rssi = ev->data[ev->length];
4565 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4566 ev->bdaddr_type, rssi, ev->data, ev->length);
4568 ptr += sizeof(*ev) + ev->length + 1;
4571 hci_dev_unlock(hdev);
4574 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4576 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4577 struct hci_cp_le_ltk_reply cp;
4578 struct hci_cp_le_ltk_neg_reply neg;
4579 struct hci_conn *conn;
4580 struct smp_ltk *ltk;
4582 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4586 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4590 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->role);
4594 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4595 cp.handle = cpu_to_le16(conn->handle);
4597 conn->pending_sec_level = smp_ltk_sec_level(ltk);
4599 conn->enc_key_size = ltk->enc_size;
4601 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4603 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4604 * temporary key used to encrypt a connection following
4605 * pairing. It is used during the Encrypted Session Setup to
4606 * distribute the keys. Later, security can be re-established
4607 * using a distributed LTK.
4609 if (ltk->type == SMP_STK) {
4610 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4611 list_del_rcu(<k->list);
4612 kfree_rcu(ltk, rcu);
4614 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4617 hci_dev_unlock(hdev);
4622 neg.handle = ev->handle;
4623 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4624 hci_dev_unlock(hdev);
4627 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4630 struct hci_cp_le_conn_param_req_neg_reply cp;
4632 cp.handle = cpu_to_le16(handle);
4635 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4639 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4640 struct sk_buff *skb)
4642 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4643 struct hci_cp_le_conn_param_req_reply cp;
4644 struct hci_conn *hcon;
4645 u16 handle, min, max, latency, timeout;
4647 handle = le16_to_cpu(ev->handle);
4648 min = le16_to_cpu(ev->interval_min);
4649 max = le16_to_cpu(ev->interval_max);
4650 latency = le16_to_cpu(ev->latency);
4651 timeout = le16_to_cpu(ev->timeout);
4653 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4654 if (!hcon || hcon->state != BT_CONNECTED)
4655 return send_conn_param_neg_reply(hdev, handle,
4656 HCI_ERROR_UNKNOWN_CONN_ID);
4658 if (hci_check_conn_params(min, max, latency, timeout))
4659 return send_conn_param_neg_reply(hdev, handle,
4660 HCI_ERROR_INVALID_LL_PARAMS);
4662 if (hcon->role == HCI_ROLE_MASTER) {
4663 struct hci_conn_params *params;
4668 params = hci_conn_params_lookup(hdev, &hcon->dst,
4671 params->conn_min_interval = min;
4672 params->conn_max_interval = max;
4673 params->conn_latency = latency;
4674 params->supervision_timeout = timeout;
4680 hci_dev_unlock(hdev);
4682 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4683 store_hint, min, max, latency, timeout);
4686 cp.handle = ev->handle;
4687 cp.interval_min = ev->interval_min;
4688 cp.interval_max = ev->interval_max;
4689 cp.latency = ev->latency;
4690 cp.timeout = ev->timeout;
4694 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4697 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4699 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4701 skb_pull(skb, sizeof(*le_ev));
4703 switch (le_ev->subevent) {
4704 case HCI_EV_LE_CONN_COMPLETE:
4705 hci_le_conn_complete_evt(hdev, skb);
4708 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4709 hci_le_conn_update_complete_evt(hdev, skb);
4712 case HCI_EV_LE_ADVERTISING_REPORT:
4713 hci_le_adv_report_evt(hdev, skb);
4716 case HCI_EV_LE_LTK_REQ:
4717 hci_le_ltk_request_evt(hdev, skb);
4720 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4721 hci_le_remote_conn_param_req_evt(hdev, skb);
4729 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4731 struct hci_ev_channel_selected *ev = (void *) skb->data;
4732 struct hci_conn *hcon;
4734 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4736 skb_pull(skb, sizeof(*ev));
4738 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4742 amp_read_loc_assoc_final_data(hdev, hcon);
4745 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4747 struct hci_event_hdr *hdr = (void *) skb->data;
4748 __u8 event = hdr->evt;
4752 /* Received events are (currently) only needed when a request is
4753 * ongoing so avoid unnecessary memory allocation.
4755 if (hci_req_pending(hdev)) {
4756 kfree_skb(hdev->recv_evt);
4757 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4760 hci_dev_unlock(hdev);
4762 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4764 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4765 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4766 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4768 hci_req_cmd_complete(hdev, opcode, 0);
4772 case HCI_EV_INQUIRY_COMPLETE:
4773 hci_inquiry_complete_evt(hdev, skb);
4776 case HCI_EV_INQUIRY_RESULT:
4777 hci_inquiry_result_evt(hdev, skb);
4780 case HCI_EV_CONN_COMPLETE:
4781 hci_conn_complete_evt(hdev, skb);
4784 case HCI_EV_CONN_REQUEST:
4785 hci_conn_request_evt(hdev, skb);
4788 case HCI_EV_DISCONN_COMPLETE:
4789 hci_disconn_complete_evt(hdev, skb);
4792 case HCI_EV_AUTH_COMPLETE:
4793 hci_auth_complete_evt(hdev, skb);
4796 case HCI_EV_REMOTE_NAME:
4797 hci_remote_name_evt(hdev, skb);
4800 case HCI_EV_ENCRYPT_CHANGE:
4801 hci_encrypt_change_evt(hdev, skb);
4804 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4805 hci_change_link_key_complete_evt(hdev, skb);
4808 case HCI_EV_REMOTE_FEATURES:
4809 hci_remote_features_evt(hdev, skb);
4812 case HCI_EV_CMD_COMPLETE:
4813 hci_cmd_complete_evt(hdev, skb);
4816 case HCI_EV_CMD_STATUS:
4817 hci_cmd_status_evt(hdev, skb);
4820 case HCI_EV_HARDWARE_ERROR:
4821 hci_hardware_error_evt(hdev, skb);
4824 case HCI_EV_ROLE_CHANGE:
4825 hci_role_change_evt(hdev, skb);
4828 case HCI_EV_NUM_COMP_PKTS:
4829 hci_num_comp_pkts_evt(hdev, skb);
4832 case HCI_EV_MODE_CHANGE:
4833 hci_mode_change_evt(hdev, skb);
4836 case HCI_EV_PIN_CODE_REQ:
4837 hci_pin_code_request_evt(hdev, skb);
4840 case HCI_EV_LINK_KEY_REQ:
4841 hci_link_key_request_evt(hdev, skb);
4844 case HCI_EV_LINK_KEY_NOTIFY:
4845 hci_link_key_notify_evt(hdev, skb);
4848 case HCI_EV_CLOCK_OFFSET:
4849 hci_clock_offset_evt(hdev, skb);
4852 case HCI_EV_PKT_TYPE_CHANGE:
4853 hci_pkt_type_change_evt(hdev, skb);
4856 case HCI_EV_PSCAN_REP_MODE:
4857 hci_pscan_rep_mode_evt(hdev, skb);
4860 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4861 hci_inquiry_result_with_rssi_evt(hdev, skb);
4864 case HCI_EV_REMOTE_EXT_FEATURES:
4865 hci_remote_ext_features_evt(hdev, skb);
4868 case HCI_EV_SYNC_CONN_COMPLETE:
4869 hci_sync_conn_complete_evt(hdev, skb);
4872 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4873 hci_extended_inquiry_result_evt(hdev, skb);
4876 case HCI_EV_KEY_REFRESH_COMPLETE:
4877 hci_key_refresh_complete_evt(hdev, skb);
4880 case HCI_EV_IO_CAPA_REQUEST:
4881 hci_io_capa_request_evt(hdev, skb);
4884 case HCI_EV_IO_CAPA_REPLY:
4885 hci_io_capa_reply_evt(hdev, skb);
4888 case HCI_EV_USER_CONFIRM_REQUEST:
4889 hci_user_confirm_request_evt(hdev, skb);
4892 case HCI_EV_USER_PASSKEY_REQUEST:
4893 hci_user_passkey_request_evt(hdev, skb);
4896 case HCI_EV_USER_PASSKEY_NOTIFY:
4897 hci_user_passkey_notify_evt(hdev, skb);
4900 case HCI_EV_KEYPRESS_NOTIFY:
4901 hci_keypress_notify_evt(hdev, skb);
4904 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4905 hci_simple_pair_complete_evt(hdev, skb);
4908 case HCI_EV_REMOTE_HOST_FEATURES:
4909 hci_remote_host_features_evt(hdev, skb);
4912 case HCI_EV_LE_META:
4913 hci_le_meta_evt(hdev, skb);
4916 case HCI_EV_CHANNEL_SELECTED:
4917 hci_chan_selected_evt(hdev, skb);
4920 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4921 hci_remote_oob_data_request_evt(hdev, skb);
4924 case HCI_EV_PHY_LINK_COMPLETE:
4925 hci_phy_link_complete_evt(hdev, skb);
4928 case HCI_EV_LOGICAL_LINK_COMPLETE:
4929 hci_loglink_complete_evt(hdev, skb);
4932 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4933 hci_disconn_loglink_complete_evt(hdev, skb);
4936 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4937 hci_disconn_phylink_complete_evt(hdev, skb);
4940 case HCI_EV_NUM_COMP_BLOCKS:
4941 hci_num_comp_blocks_evt(hdev, skb);
4945 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4950 hdev->stat.evt_rx++;