2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->role = rp->role;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
156 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
163 hdev->link_policy = __le16_to_cpu(rp->policy);
166 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 hdev->link_policy = get_unaligned_le16(sent);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%2.2x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 /* Reset all non-persistent flags */
193 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
195 hdev->discovery.state = DISCOVERY_STOPPED;
196 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
197 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
199 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
200 hdev->adv_data_len = 0;
202 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
203 hdev->scan_rsp_data_len = 0;
205 hdev->le_scan_type = LE_SCAN_PASSIVE;
207 hdev->ssp_debug_mode = 0;
210 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
212 __u8 status = *((__u8 *) skb->data);
215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
217 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
223 if (test_bit(HCI_MGMT, &hdev->dev_flags))
224 mgmt_set_local_name_complete(hdev, sent, status);
226 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
228 hci_dev_unlock(hdev);
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 __u8 param = *((__u8 *) sent);
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
261 clear_bit(HCI_AUTH, &hdev->flags);
264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
268 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
270 __u8 status = *((__u8 *) skb->data);
274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
283 param = *((__u8 *) sent);
286 set_bit(HCI_ENCRYPT, &hdev->flags);
288 clear_bit(HCI_ENCRYPT, &hdev->flags);
291 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 __u8 status = *((__u8 *) skb->data);
297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 param = *((__u8 *) sent);
308 hdev->discov_timeout = 0;
312 if (param & SCAN_INQUIRY)
313 set_bit(HCI_ISCAN, &hdev->flags);
315 clear_bit(HCI_ISCAN, &hdev->flags);
317 if (param & SCAN_PAGE)
318 set_bit(HCI_PSCAN, &hdev->flags);
320 clear_bit(HCI_ISCAN, &hdev->flags);
323 hci_dev_unlock(hdev);
326 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
328 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
330 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
335 memcpy(hdev->dev_class, rp->dev_class, 3);
337 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
338 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
341 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343 __u8 status = *((__u8 *) skb->data);
346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
348 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 memcpy(hdev->dev_class, sent, 3);
357 if (test_bit(HCI_MGMT, &hdev->dev_flags))
358 mgmt_set_class_of_dev_complete(hdev, sent, status);
360 hci_dev_unlock(hdev);
363 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
368 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
373 setting = __le16_to_cpu(rp->voice_setting);
375 if (hdev->voice_setting == setting)
378 hdev->voice_setting = setting;
380 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
386 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
418 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
420 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
425 hdev->num_iac = rp->num_iac;
427 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
430 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
432 __u8 status = *((__u8 *) skb->data);
433 struct hci_cp_write_ssp_mode *sent;
435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
437 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
443 hdev->features[1][0] |= LMP_HOST_SSP;
445 hdev->features[1][0] &= ~LMP_HOST_SSP;
448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
449 mgmt_ssp_enable_complete(hdev, sent->mode, status);
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
460 u8 status = *((u8 *) skb->data);
461 struct hci_cp_write_sc_support *sent;
463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
465 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
471 hdev->features[1][0] |= LMP_HOST_SC;
473 hdev->features[1][0] &= ~LMP_HOST_SC;
476 if (test_bit(HCI_MGMT, &hdev->dev_flags))
477 mgmt_sc_enable_complete(hdev, sent->support, status);
480 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
482 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
486 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
488 struct hci_rp_read_local_version *rp = (void *) skb->data;
490 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
495 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
496 hdev->hci_ver = rp->hci_ver;
497 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
498 hdev->lmp_ver = rp->lmp_ver;
499 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
500 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
504 static void hci_cc_read_local_commands(struct hci_dev *hdev,
507 struct hci_rp_read_local_commands *rp = (void *) skb->data;
509 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
514 if (test_bit(HCI_SETUP, &hdev->dev_flags))
515 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
518 static void hci_cc_read_local_features(struct hci_dev *hdev,
521 struct hci_rp_read_local_features *rp = (void *) skb->data;
523 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
528 memcpy(hdev->features, rp->features, 8);
530 /* Adjust default settings according to features
531 * supported by device. */
533 if (hdev->features[0][0] & LMP_3SLOT)
534 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
536 if (hdev->features[0][0] & LMP_5SLOT)
537 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
539 if (hdev->features[0][1] & LMP_HV2) {
540 hdev->pkt_type |= (HCI_HV2);
541 hdev->esco_type |= (ESCO_HV2);
544 if (hdev->features[0][1] & LMP_HV3) {
545 hdev->pkt_type |= (HCI_HV3);
546 hdev->esco_type |= (ESCO_HV3);
549 if (lmp_esco_capable(hdev))
550 hdev->esco_type |= (ESCO_EV3);
552 if (hdev->features[0][4] & LMP_EV4)
553 hdev->esco_type |= (ESCO_EV4);
555 if (hdev->features[0][4] & LMP_EV5)
556 hdev->esco_type |= (ESCO_EV5);
558 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
559 hdev->esco_type |= (ESCO_2EV3);
561 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
562 hdev->esco_type |= (ESCO_3EV3);
564 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
565 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
568 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
571 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
573 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
578 if (hdev->max_page < rp->max_page)
579 hdev->max_page = rp->max_page;
581 if (rp->page < HCI_MAX_PAGES)
582 memcpy(hdev->features[rp->page], rp->features, 8);
585 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
588 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
590 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595 hdev->flow_ctl_mode = rp->mode;
598 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
600 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
608 hdev->sco_mtu = rp->sco_mtu;
609 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
610 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
612 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
617 hdev->acl_cnt = hdev->acl_pkts;
618 hdev->sco_cnt = hdev->sco_pkts;
620 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
621 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
624 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
626 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
628 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
633 if (test_bit(HCI_INIT, &hdev->flags))
634 bacpy(&hdev->bdaddr, &rp->bdaddr);
636 if (test_bit(HCI_SETUP, &hdev->dev_flags))
637 bacpy(&hdev->setup_addr, &rp->bdaddr);
640 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
650 if (test_bit(HCI_INIT, &hdev->flags)) {
651 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
652 hdev->page_scan_window = __le16_to_cpu(rp->window);
656 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
659 u8 status = *((u8 *) skb->data);
660 struct hci_cp_write_page_scan_activity *sent;
662 BT_DBG("%s status 0x%2.2x", hdev->name, status);
667 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
671 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
672 hdev->page_scan_window = __le16_to_cpu(sent->window);
675 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
678 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
680 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685 if (test_bit(HCI_INIT, &hdev->flags))
686 hdev->page_scan_type = rp->type;
689 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
692 u8 status = *((u8 *) skb->data);
695 BT_DBG("%s status 0x%2.2x", hdev->name, status);
700 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
702 hdev->page_scan_type = *type;
705 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
708 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
710 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
715 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
716 hdev->block_len = __le16_to_cpu(rp->block_len);
717 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
719 hdev->block_cnt = hdev->num_blocks;
721 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
722 hdev->block_cnt, hdev->block_len);
725 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
727 struct hci_rp_read_clock *rp = (void *) skb->data;
728 struct hci_cp_read_clock *cp;
729 struct hci_conn *conn;
731 BT_DBG("%s", hdev->name);
733 if (skb->len < sizeof(*rp))
741 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
745 if (cp->which == 0x00) {
746 hdev->clock = le32_to_cpu(rp->clock);
750 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
752 conn->clock = le32_to_cpu(rp->clock);
753 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
757 hci_dev_unlock(hdev);
760 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
763 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
765 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
770 hdev->amp_status = rp->amp_status;
771 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
772 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
773 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
774 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
775 hdev->amp_type = rp->amp_type;
776 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
777 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
778 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
779 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
782 a2mp_send_getinfo_rsp(hdev);
785 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
788 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
789 struct amp_assoc *assoc = &hdev->loc_assoc;
790 size_t rem_len, frag_len;
792 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797 frag_len = skb->len - sizeof(*rp);
798 rem_len = __le16_to_cpu(rp->rem_len);
800 if (rem_len > frag_len) {
801 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
803 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
804 assoc->offset += frag_len;
806 /* Read other fragments */
807 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
812 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
813 assoc->len = assoc->offset + rem_len;
817 /* Send A2MP Rsp when all fragments are received */
818 a2mp_send_getampassoc_rsp(hdev, rp->status);
819 a2mp_send_create_phy_link_req(hdev, rp->status);
822 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
825 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
827 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
832 hdev->inq_tx_power = rp->tx_power;
835 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
837 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
838 struct hci_cp_pin_code_reply *cp;
839 struct hci_conn *conn;
841 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845 if (test_bit(HCI_MGMT, &hdev->dev_flags))
846 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
851 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
855 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
857 conn->pin_length = cp->pin_len;
860 hci_dev_unlock(hdev);
863 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
865 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871 if (test_bit(HCI_MGMT, &hdev->dev_flags))
872 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
875 hci_dev_unlock(hdev);
878 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
881 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
888 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
889 hdev->le_pkts = rp->le_max_pkt;
891 hdev->le_cnt = hdev->le_pkts;
893 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
896 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
899 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
901 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
906 memcpy(hdev->le_features, rp->features, 8);
909 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
912 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
914 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
919 hdev->adv_tx_power = rp->tx_power;
922 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
931 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
934 hci_dev_unlock(hdev);
937 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
940 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
946 if (test_bit(HCI_MGMT, &hdev->dev_flags))
947 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
948 ACL_LINK, 0, rp->status);
950 hci_dev_unlock(hdev);
953 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
955 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
957 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
961 if (test_bit(HCI_MGMT, &hdev->dev_flags))
962 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
965 hci_dev_unlock(hdev);
968 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
971 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
977 if (test_bit(HCI_MGMT, &hdev->dev_flags))
978 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
979 ACL_LINK, 0, rp->status);
981 hci_dev_unlock(hdev);
984 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
987 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
989 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
992 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
993 NULL, NULL, rp->status);
994 hci_dev_unlock(hdev);
997 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1000 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1002 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1005 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
1006 rp->hash256, rp->randomizer256,
1008 hci_dev_unlock(hdev);
1012 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1014 __u8 status = *((__u8 *) skb->data);
1017 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1022 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1028 bacpy(&hdev->random_addr, sent);
1030 hci_dev_unlock(hdev);
1033 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1035 __u8 *sent, status = *((__u8 *) skb->data);
1037 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1042 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1048 /* If we're doing connection initation as peripheral. Set a
1049 * timeout in case something goes wrong.
1052 struct hci_conn *conn;
1054 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1056 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1058 queue_delayed_work(hdev->workqueue,
1059 &conn->le_conn_timeout,
1060 conn->conn_timeout);
1062 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1065 hci_dev_unlock(hdev);
1068 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1070 struct hci_cp_le_set_scan_param *cp;
1071 __u8 status = *((__u8 *) skb->data);
1073 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1078 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1084 hdev->le_scan_type = cp->type;
1086 hci_dev_unlock(hdev);
1089 static bool has_pending_adv_report(struct hci_dev *hdev)
1091 struct discovery_state *d = &hdev->discovery;
1093 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1096 static void clear_pending_adv_report(struct hci_dev *hdev)
1098 struct discovery_state *d = &hdev->discovery;
1100 bacpy(&d->last_adv_addr, BDADDR_ANY);
1101 d->last_adv_data_len = 0;
1104 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1105 u8 bdaddr_type, s8 rssi, u32 flags,
1108 struct discovery_state *d = &hdev->discovery;
1110 bacpy(&d->last_adv_addr, bdaddr);
1111 d->last_adv_addr_type = bdaddr_type;
1112 d->last_adv_rssi = rssi;
1113 d->last_adv_flags = flags;
1114 memcpy(d->last_adv_data, data, len);
1115 d->last_adv_data_len = len;
1118 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1119 struct sk_buff *skb)
1121 struct hci_cp_le_set_scan_enable *cp;
1122 __u8 status = *((__u8 *) skb->data);
1124 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1129 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1133 switch (cp->enable) {
1134 case LE_SCAN_ENABLE:
1135 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1136 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1137 clear_pending_adv_report(hdev);
1140 case LE_SCAN_DISABLE:
1141 /* We do this here instead of when setting DISCOVERY_STOPPED
1142 * since the latter would potentially require waiting for
1143 * inquiry to stop too.
1145 if (has_pending_adv_report(hdev)) {
1146 struct discovery_state *d = &hdev->discovery;
1148 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1149 d->last_adv_addr_type, NULL,
1150 d->last_adv_rssi, d->last_adv_flags,
1152 d->last_adv_data_len, NULL, 0);
1155 /* Cancel this timer so that we don't try to disable scanning
1156 * when it's already disabled.
1158 cancel_delayed_work(&hdev->le_scan_disable);
1160 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1162 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1163 * interrupted scanning due to a connect request. Mark
1164 * therefore discovery as stopped. If this was not
1165 * because of a connect request advertising might have
1166 * been disabled because of active scanning, so
1167 * re-enable it again if necessary.
1169 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1171 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1172 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
1173 hdev->discovery.state == DISCOVERY_FINDING)
1174 mgmt_reenable_advertising(hdev);
1179 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1184 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1185 struct sk_buff *skb)
1187 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1189 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1194 hdev->le_white_list_size = rp->size;
1197 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1198 struct sk_buff *skb)
1200 __u8 status = *((__u8 *) skb->data);
1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1207 hci_bdaddr_list_clear(&hdev->le_white_list);
1210 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1211 struct sk_buff *skb)
1213 struct hci_cp_le_add_to_white_list *sent;
1214 __u8 status = *((__u8 *) skb->data);
1216 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1221 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1225 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1229 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1230 struct sk_buff *skb)
1232 struct hci_cp_le_del_from_white_list *sent;
1233 __u8 status = *((__u8 *) skb->data);
1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1240 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1244 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1248 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1249 struct sk_buff *skb)
1251 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1253 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1258 memcpy(hdev->le_states, rp->le_states, 8);
1261 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1262 struct sk_buff *skb)
1264 struct hci_cp_write_le_host_supported *sent;
1265 __u8 status = *((__u8 *) skb->data);
1267 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1277 hdev->features[1][0] |= LMP_HOST_LE;
1278 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1280 hdev->features[1][0] &= ~LMP_HOST_LE;
1281 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1282 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1286 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1288 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1291 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1293 struct hci_cp_le_set_adv_param *cp;
1294 u8 status = *((u8 *) skb->data);
1296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1301 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1306 hdev->adv_addr_type = cp->own_address_type;
1307 hci_dev_unlock(hdev);
1310 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1311 struct sk_buff *skb)
1313 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1315 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1316 hdev->name, rp->status, rp->phy_handle);
1321 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1324 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1326 struct hci_rp_read_rssi *rp = (void *) skb->data;
1327 struct hci_conn *conn;
1329 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1336 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1338 conn->rssi = rp->rssi;
1340 hci_dev_unlock(hdev);
1343 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1345 struct hci_cp_read_tx_power *sent;
1346 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1347 struct hci_conn *conn;
1349 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1354 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1360 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1364 switch (sent->type) {
1366 conn->tx_power = rp->tx_power;
1369 conn->max_tx_power = rp->tx_power;
1374 hci_dev_unlock(hdev);
1377 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1379 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1382 hci_conn_check_pending(hdev);
1386 set_bit(HCI_INQUIRY, &hdev->flags);
1389 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1391 struct hci_cp_create_conn *cp;
1392 struct hci_conn *conn;
1394 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1396 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1404 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1407 if (conn && conn->state == BT_CONNECT) {
1408 if (status != 0x0c || conn->attempt > 2) {
1409 conn->state = BT_CLOSED;
1410 hci_proto_connect_cfm(conn, status);
1413 conn->state = BT_CONNECT2;
1417 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1420 BT_ERR("No memory for new connection");
1424 hci_dev_unlock(hdev);
1427 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1429 struct hci_cp_add_sco *cp;
1430 struct hci_conn *acl, *sco;
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1442 handle = __le16_to_cpu(cp->handle);
1444 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1448 acl = hci_conn_hash_lookup_handle(hdev, handle);
1452 sco->state = BT_CLOSED;
1454 hci_proto_connect_cfm(sco, status);
1459 hci_dev_unlock(hdev);
1462 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1464 struct hci_cp_auth_requested *cp;
1465 struct hci_conn *conn;
1467 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1472 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1478 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1480 if (conn->state == BT_CONFIG) {
1481 hci_proto_connect_cfm(conn, status);
1482 hci_conn_drop(conn);
1486 hci_dev_unlock(hdev);
1489 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1491 struct hci_cp_set_conn_encrypt *cp;
1492 struct hci_conn *conn;
1494 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1499 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1505 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1507 if (conn->state == BT_CONFIG) {
1508 hci_proto_connect_cfm(conn, status);
1509 hci_conn_drop(conn);
1513 hci_dev_unlock(hdev);
1516 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1517 struct hci_conn *conn)
1519 if (conn->state != BT_CONFIG || !conn->out)
1522 if (conn->pending_sec_level == BT_SECURITY_SDP)
1525 /* Only request authentication for SSP connections or non-SSP
1526 * devices with sec_level MEDIUM or HIGH or if MITM protection
1529 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1530 conn->pending_sec_level != BT_SECURITY_FIPS &&
1531 conn->pending_sec_level != BT_SECURITY_HIGH &&
1532 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1538 static int hci_resolve_name(struct hci_dev *hdev,
1539 struct inquiry_entry *e)
1541 struct hci_cp_remote_name_req cp;
1543 memset(&cp, 0, sizeof(cp));
1545 bacpy(&cp.bdaddr, &e->data.bdaddr);
1546 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1547 cp.pscan_mode = e->data.pscan_mode;
1548 cp.clock_offset = e->data.clock_offset;
1550 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1553 static bool hci_resolve_next_name(struct hci_dev *hdev)
1555 struct discovery_state *discov = &hdev->discovery;
1556 struct inquiry_entry *e;
1558 if (list_empty(&discov->resolve))
1561 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1565 if (hci_resolve_name(hdev, e) == 0) {
1566 e->name_state = NAME_PENDING;
1573 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1574 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1576 struct discovery_state *discov = &hdev->discovery;
1577 struct inquiry_entry *e;
1579 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1580 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1581 name_len, conn->dev_class);
1583 if (discov->state == DISCOVERY_STOPPED)
1586 if (discov->state == DISCOVERY_STOPPING)
1587 goto discov_complete;
1589 if (discov->state != DISCOVERY_RESOLVING)
1592 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1593 /* If the device was not found in a list of found devices names of which
1594 * are pending. there is no need to continue resolving a next name as it
1595 * will be done upon receiving another Remote Name Request Complete
1602 e->name_state = NAME_KNOWN;
1603 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1604 e->data.rssi, name, name_len);
1606 e->name_state = NAME_NOT_KNOWN;
1609 if (hci_resolve_next_name(hdev))
1613 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1616 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1618 struct hci_cp_remote_name_req *cp;
1619 struct hci_conn *conn;
1621 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1623 /* If successful wait for the name req complete event before
1624 * checking for the need to do authentication */
1628 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1634 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1636 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1637 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1642 if (!hci_outgoing_auth_needed(hdev, conn))
1645 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1646 struct hci_cp_auth_requested auth_cp;
1648 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1650 auth_cp.handle = __cpu_to_le16(conn->handle);
1651 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1652 sizeof(auth_cp), &auth_cp);
1656 hci_dev_unlock(hdev);
1659 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1661 struct hci_cp_read_remote_features *cp;
1662 struct hci_conn *conn;
1664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1669 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1677 if (conn->state == BT_CONFIG) {
1678 hci_proto_connect_cfm(conn, status);
1679 hci_conn_drop(conn);
1683 hci_dev_unlock(hdev);
1686 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1688 struct hci_cp_read_remote_ext_features *cp;
1689 struct hci_conn *conn;
1691 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1696 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1704 if (conn->state == BT_CONFIG) {
1705 hci_proto_connect_cfm(conn, status);
1706 hci_conn_drop(conn);
1710 hci_dev_unlock(hdev);
1713 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1715 struct hci_cp_setup_sync_conn *cp;
1716 struct hci_conn *acl, *sco;
1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1728 handle = __le16_to_cpu(cp->handle);
1730 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1734 acl = hci_conn_hash_lookup_handle(hdev, handle);
1738 sco->state = BT_CLOSED;
1740 hci_proto_connect_cfm(sco, status);
1745 hci_dev_unlock(hdev);
1748 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1750 struct hci_cp_sniff_mode *cp;
1751 struct hci_conn *conn;
1753 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1758 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1764 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1766 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1768 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1769 hci_sco_setup(conn, status);
1772 hci_dev_unlock(hdev);
1775 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1777 struct hci_cp_exit_sniff_mode *cp;
1778 struct hci_conn *conn;
1780 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1785 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1791 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1793 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1795 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1796 hci_sco_setup(conn, status);
1799 hci_dev_unlock(hdev);
1802 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1804 struct hci_cp_disconnect *cp;
1805 struct hci_conn *conn;
1810 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1816 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1818 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1819 conn->dst_type, status);
1821 hci_dev_unlock(hdev);
1824 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1826 struct hci_cp_create_phy_link *cp;
1828 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1830 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1837 struct hci_conn *hcon;
1839 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1843 amp_write_remote_assoc(hdev, cp->phy_handle);
1846 hci_dev_unlock(hdev);
1849 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1851 struct hci_cp_accept_phy_link *cp;
1853 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1858 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1862 amp_write_remote_assoc(hdev, cp->phy_handle);
1865 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1867 struct hci_cp_le_create_conn *cp;
1868 struct hci_conn *conn;
1870 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1872 /* All connection failure handling is taken care of by the
1873 * hci_le_conn_failed function which is triggered by the HCI
1874 * request completion callbacks used for connecting.
1879 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1885 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1889 /* Store the initiator and responder address information which
1890 * is needed for SMP. These values will not change during the
1891 * lifetime of the connection.
1893 conn->init_addr_type = cp->own_address_type;
1894 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1895 bacpy(&conn->init_addr, &hdev->random_addr);
1897 bacpy(&conn->init_addr, &hdev->bdaddr);
1899 conn->resp_addr_type = cp->peer_addr_type;
1900 bacpy(&conn->resp_addr, &cp->peer_addr);
1902 /* We don't want the connection attempt to stick around
1903 * indefinitely since LE doesn't have a page timeout concept
1904 * like BR/EDR. Set a timer for any connection that doesn't use
1905 * the white list for connecting.
1907 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1908 queue_delayed_work(conn->hdev->workqueue,
1909 &conn->le_conn_timeout,
1910 conn->conn_timeout);
1913 hci_dev_unlock(hdev);
1916 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1918 struct hci_cp_le_start_enc *cp;
1919 struct hci_conn *conn;
1921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1928 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1932 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1936 if (conn->state != BT_CONNECTED)
1939 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1940 hci_conn_drop(conn);
1943 hci_dev_unlock(hdev);
1946 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1948 __u8 status = *((__u8 *) skb->data);
1949 struct discovery_state *discov = &hdev->discovery;
1950 struct inquiry_entry *e;
1952 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1954 hci_conn_check_pending(hdev);
1956 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1959 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1960 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1962 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1967 if (discov->state != DISCOVERY_FINDING)
1970 if (list_empty(&discov->resolve)) {
1971 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1975 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1976 if (e && hci_resolve_name(hdev, e) == 0) {
1977 e->name_state = NAME_PENDING;
1978 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1980 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1984 hci_dev_unlock(hdev);
1987 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1989 struct inquiry_data data;
1990 struct inquiry_info *info = (void *) (skb->data + 1);
1991 int num_rsp = *((__u8 *) skb->data);
1993 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1998 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2003 for (; num_rsp; num_rsp--, info++) {
2006 bacpy(&data.bdaddr, &info->bdaddr);
2007 data.pscan_rep_mode = info->pscan_rep_mode;
2008 data.pscan_period_mode = info->pscan_period_mode;
2009 data.pscan_mode = info->pscan_mode;
2010 memcpy(data.dev_class, info->dev_class, 3);
2011 data.clock_offset = info->clock_offset;
2013 data.ssp_mode = 0x00;
2015 flags = hci_inquiry_cache_update(hdev, &data, false);
2017 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2018 info->dev_class, 0, flags, NULL, 0, NULL, 0);
2021 hci_dev_unlock(hdev);
2024 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2026 struct hci_ev_conn_complete *ev = (void *) skb->data;
2027 struct hci_conn *conn;
2029 BT_DBG("%s", hdev->name);
2033 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2035 if (ev->link_type != SCO_LINK)
2038 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2042 conn->type = SCO_LINK;
2046 conn->handle = __le16_to_cpu(ev->handle);
2048 if (conn->type == ACL_LINK) {
2049 conn->state = BT_CONFIG;
2050 hci_conn_hold(conn);
2052 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2053 !hci_find_link_key(hdev, &ev->bdaddr))
2054 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2056 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2058 conn->state = BT_CONNECTED;
2060 hci_conn_add_sysfs(conn);
2062 if (test_bit(HCI_AUTH, &hdev->flags))
2063 set_bit(HCI_CONN_AUTH, &conn->flags);
2065 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2066 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2068 /* Get remote features */
2069 if (conn->type == ACL_LINK) {
2070 struct hci_cp_read_remote_features cp;
2071 cp.handle = ev->handle;
2072 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2076 /* Set packet type for incoming connection */
2077 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2078 struct hci_cp_change_conn_ptype cp;
2079 cp.handle = ev->handle;
2080 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2081 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2085 conn->state = BT_CLOSED;
2086 if (conn->type == ACL_LINK)
2087 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2088 conn->dst_type, ev->status);
2091 if (conn->type == ACL_LINK)
2092 hci_sco_setup(conn, ev->status);
2095 hci_proto_connect_cfm(conn, ev->status);
2097 } else if (ev->link_type != ACL_LINK)
2098 hci_proto_connect_cfm(conn, ev->status);
2101 hci_dev_unlock(hdev);
2103 hci_conn_check_pending(hdev);
2106 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2108 struct hci_cp_reject_conn_req cp;
2110 bacpy(&cp.bdaddr, bdaddr);
2111 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2112 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2115 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117 struct hci_ev_conn_request *ev = (void *) skb->data;
2118 int mask = hdev->link_mode;
2119 struct inquiry_entry *ie;
2120 struct hci_conn *conn;
2123 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2126 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2129 if (!(mask & HCI_LM_ACCEPT)) {
2130 hci_reject_conn(hdev, &ev->bdaddr);
2134 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2136 hci_reject_conn(hdev, &ev->bdaddr);
2140 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2141 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2143 hci_reject_conn(hdev, &ev->bdaddr);
2147 /* Connection accepted */
2151 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2153 memcpy(ie->data.dev_class, ev->dev_class, 3);
2155 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2158 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2161 BT_ERR("No memory for new connection");
2162 hci_dev_unlock(hdev);
2167 memcpy(conn->dev_class, ev->dev_class, 3);
2169 hci_dev_unlock(hdev);
2171 if (ev->link_type == ACL_LINK ||
2172 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2173 struct hci_cp_accept_conn_req cp;
2174 conn->state = BT_CONNECT;
2176 bacpy(&cp.bdaddr, &ev->bdaddr);
2178 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2179 cp.role = 0x00; /* Become master */
2181 cp.role = 0x01; /* Remain slave */
2183 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2184 } else if (!(flags & HCI_PROTO_DEFER)) {
2185 struct hci_cp_accept_sync_conn_req cp;
2186 conn->state = BT_CONNECT;
2188 bacpy(&cp.bdaddr, &ev->bdaddr);
2189 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2191 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2192 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2193 cp.max_latency = cpu_to_le16(0xffff);
2194 cp.content_format = cpu_to_le16(hdev->voice_setting);
2195 cp.retrans_effort = 0xff;
2197 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2200 conn->state = BT_CONNECT2;
2201 hci_proto_connect_cfm(conn, 0);
2205 static u8 hci_to_mgmt_reason(u8 err)
2208 case HCI_ERROR_CONNECTION_TIMEOUT:
2209 return MGMT_DEV_DISCONN_TIMEOUT;
2210 case HCI_ERROR_REMOTE_USER_TERM:
2211 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2212 case HCI_ERROR_REMOTE_POWER_OFF:
2213 return MGMT_DEV_DISCONN_REMOTE;
2214 case HCI_ERROR_LOCAL_HOST_TERM:
2215 return MGMT_DEV_DISCONN_LOCAL_HOST;
2217 return MGMT_DEV_DISCONN_UNKNOWN;
2221 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2223 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2224 u8 reason = hci_to_mgmt_reason(ev->reason);
2225 struct hci_conn_params *params;
2226 struct hci_conn *conn;
2227 bool mgmt_connected;
2230 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2234 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2239 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2240 conn->dst_type, ev->status);
2244 conn->state = BT_CLOSED;
2246 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2247 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2248 reason, mgmt_connected);
2250 if (conn->type == ACL_LINK &&
2251 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2252 hci_remove_link_key(hdev, &conn->dst);
2254 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2256 switch (params->auto_connect) {
2257 case HCI_AUTO_CONN_LINK_LOSS:
2258 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2262 case HCI_AUTO_CONN_ALWAYS:
2263 list_del_init(¶ms->action);
2264 list_add(¶ms->action, &hdev->pend_le_conns);
2265 hci_update_background_scan(hdev);
2275 hci_proto_disconn_cfm(conn, ev->reason);
2278 /* Re-enable advertising if necessary, since it might
2279 * have been disabled by the connection. From the
2280 * HCI_LE_Set_Advertise_Enable command description in
2281 * the core specification (v4.0):
2282 * "The Controller shall continue advertising until the Host
2283 * issues an LE_Set_Advertise_Enable command with
2284 * Advertising_Enable set to 0x00 (Advertising is disabled)
2285 * or until a connection is created or until the Advertising
2286 * is timed out due to Directed Advertising."
2288 if (type == LE_LINK)
2289 mgmt_reenable_advertising(hdev);
2292 hci_dev_unlock(hdev);
2295 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2297 struct hci_ev_auth_complete *ev = (void *) skb->data;
2298 struct hci_conn *conn;
2300 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2304 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2309 if (!hci_conn_ssp_enabled(conn) &&
2310 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2311 BT_INFO("re-auth of legacy device is not possible.");
2313 set_bit(HCI_CONN_AUTH, &conn->flags);
2314 conn->sec_level = conn->pending_sec_level;
2317 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2321 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2322 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2324 if (conn->state == BT_CONFIG) {
2325 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2326 struct hci_cp_set_conn_encrypt cp;
2327 cp.handle = ev->handle;
2329 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2332 conn->state = BT_CONNECTED;
2333 hci_proto_connect_cfm(conn, ev->status);
2334 hci_conn_drop(conn);
2337 hci_auth_cfm(conn, ev->status);
2339 hci_conn_hold(conn);
2340 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2341 hci_conn_drop(conn);
2344 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2346 struct hci_cp_set_conn_encrypt cp;
2347 cp.handle = ev->handle;
2349 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2352 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2353 hci_encrypt_cfm(conn, ev->status, 0x00);
2358 hci_dev_unlock(hdev);
2361 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2363 struct hci_ev_remote_name *ev = (void *) skb->data;
2364 struct hci_conn *conn;
2366 BT_DBG("%s", hdev->name);
2368 hci_conn_check_pending(hdev);
2372 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2374 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2377 if (ev->status == 0)
2378 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2379 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2381 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2387 if (!hci_outgoing_auth_needed(hdev, conn))
2390 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2391 struct hci_cp_auth_requested cp;
2393 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2395 cp.handle = __cpu_to_le16(conn->handle);
2396 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2400 hci_dev_unlock(hdev);
2403 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2405 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2406 struct hci_conn *conn;
2408 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2412 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2418 /* Encryption implies authentication */
2419 set_bit(HCI_CONN_AUTH, &conn->flags);
2420 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2421 conn->sec_level = conn->pending_sec_level;
2423 /* P-256 authentication key implies FIPS */
2424 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2425 set_bit(HCI_CONN_FIPS, &conn->flags);
2427 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2428 conn->type == LE_LINK)
2429 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2431 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2432 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2436 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2438 if (ev->status && conn->state == BT_CONNECTED) {
2439 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2440 hci_conn_drop(conn);
2444 if (conn->state == BT_CONFIG) {
2446 conn->state = BT_CONNECTED;
2448 /* In Secure Connections Only mode, do not allow any
2449 * connections that are not encrypted with AES-CCM
2450 * using a P-256 authenticated combination key.
2452 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2453 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2454 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2455 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2456 hci_conn_drop(conn);
2460 hci_proto_connect_cfm(conn, ev->status);
2461 hci_conn_drop(conn);
2463 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2466 hci_dev_unlock(hdev);
2469 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2470 struct sk_buff *skb)
2472 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2473 struct hci_conn *conn;
2475 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2479 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2482 set_bit(HCI_CONN_SECURE, &conn->flags);
2484 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2486 hci_key_change_cfm(conn, ev->status);
2489 hci_dev_unlock(hdev);
2492 static void hci_remote_features_evt(struct hci_dev *hdev,
2493 struct sk_buff *skb)
2495 struct hci_ev_remote_features *ev = (void *) skb->data;
2496 struct hci_conn *conn;
2498 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2502 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2507 memcpy(conn->features[0], ev->features, 8);
2509 if (conn->state != BT_CONFIG)
2512 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2513 struct hci_cp_read_remote_ext_features cp;
2514 cp.handle = ev->handle;
2516 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2521 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2522 struct hci_cp_remote_name_req cp;
2523 memset(&cp, 0, sizeof(cp));
2524 bacpy(&cp.bdaddr, &conn->dst);
2525 cp.pscan_rep_mode = 0x02;
2526 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2527 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2528 mgmt_device_connected(hdev, &conn->dst, conn->type,
2529 conn->dst_type, 0, NULL, 0,
2532 if (!hci_outgoing_auth_needed(hdev, conn)) {
2533 conn->state = BT_CONNECTED;
2534 hci_proto_connect_cfm(conn, ev->status);
2535 hci_conn_drop(conn);
2539 hci_dev_unlock(hdev);
2542 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2544 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2545 u8 status = skb->data[sizeof(*ev)];
2548 skb_pull(skb, sizeof(*ev));
2550 opcode = __le16_to_cpu(ev->opcode);
2553 case HCI_OP_INQUIRY_CANCEL:
2554 hci_cc_inquiry_cancel(hdev, skb);
2557 case HCI_OP_PERIODIC_INQ:
2558 hci_cc_periodic_inq(hdev, skb);
2561 case HCI_OP_EXIT_PERIODIC_INQ:
2562 hci_cc_exit_periodic_inq(hdev, skb);
2565 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2566 hci_cc_remote_name_req_cancel(hdev, skb);
2569 case HCI_OP_ROLE_DISCOVERY:
2570 hci_cc_role_discovery(hdev, skb);
2573 case HCI_OP_READ_LINK_POLICY:
2574 hci_cc_read_link_policy(hdev, skb);
2577 case HCI_OP_WRITE_LINK_POLICY:
2578 hci_cc_write_link_policy(hdev, skb);
2581 case HCI_OP_READ_DEF_LINK_POLICY:
2582 hci_cc_read_def_link_policy(hdev, skb);
2585 case HCI_OP_WRITE_DEF_LINK_POLICY:
2586 hci_cc_write_def_link_policy(hdev, skb);
2590 hci_cc_reset(hdev, skb);
2593 case HCI_OP_WRITE_LOCAL_NAME:
2594 hci_cc_write_local_name(hdev, skb);
2597 case HCI_OP_READ_LOCAL_NAME:
2598 hci_cc_read_local_name(hdev, skb);
2601 case HCI_OP_WRITE_AUTH_ENABLE:
2602 hci_cc_write_auth_enable(hdev, skb);
2605 case HCI_OP_WRITE_ENCRYPT_MODE:
2606 hci_cc_write_encrypt_mode(hdev, skb);
2609 case HCI_OP_WRITE_SCAN_ENABLE:
2610 hci_cc_write_scan_enable(hdev, skb);
2613 case HCI_OP_READ_CLASS_OF_DEV:
2614 hci_cc_read_class_of_dev(hdev, skb);
2617 case HCI_OP_WRITE_CLASS_OF_DEV:
2618 hci_cc_write_class_of_dev(hdev, skb);
2621 case HCI_OP_READ_VOICE_SETTING:
2622 hci_cc_read_voice_setting(hdev, skb);
2625 case HCI_OP_WRITE_VOICE_SETTING:
2626 hci_cc_write_voice_setting(hdev, skb);
2629 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2630 hci_cc_read_num_supported_iac(hdev, skb);
2633 case HCI_OP_WRITE_SSP_MODE:
2634 hci_cc_write_ssp_mode(hdev, skb);
2637 case HCI_OP_WRITE_SC_SUPPORT:
2638 hci_cc_write_sc_support(hdev, skb);
2641 case HCI_OP_READ_LOCAL_VERSION:
2642 hci_cc_read_local_version(hdev, skb);
2645 case HCI_OP_READ_LOCAL_COMMANDS:
2646 hci_cc_read_local_commands(hdev, skb);
2649 case HCI_OP_READ_LOCAL_FEATURES:
2650 hci_cc_read_local_features(hdev, skb);
2653 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2654 hci_cc_read_local_ext_features(hdev, skb);
2657 case HCI_OP_READ_BUFFER_SIZE:
2658 hci_cc_read_buffer_size(hdev, skb);
2661 case HCI_OP_READ_BD_ADDR:
2662 hci_cc_read_bd_addr(hdev, skb);
2665 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2666 hci_cc_read_page_scan_activity(hdev, skb);
2669 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2670 hci_cc_write_page_scan_activity(hdev, skb);
2673 case HCI_OP_READ_PAGE_SCAN_TYPE:
2674 hci_cc_read_page_scan_type(hdev, skb);
2677 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2678 hci_cc_write_page_scan_type(hdev, skb);
2681 case HCI_OP_READ_DATA_BLOCK_SIZE:
2682 hci_cc_read_data_block_size(hdev, skb);
2685 case HCI_OP_READ_FLOW_CONTROL_MODE:
2686 hci_cc_read_flow_control_mode(hdev, skb);
2689 case HCI_OP_READ_LOCAL_AMP_INFO:
2690 hci_cc_read_local_amp_info(hdev, skb);
2693 case HCI_OP_READ_CLOCK:
2694 hci_cc_read_clock(hdev, skb);
2697 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2698 hci_cc_read_local_amp_assoc(hdev, skb);
2701 case HCI_OP_READ_INQ_RSP_TX_POWER:
2702 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2705 case HCI_OP_PIN_CODE_REPLY:
2706 hci_cc_pin_code_reply(hdev, skb);
2709 case HCI_OP_PIN_CODE_NEG_REPLY:
2710 hci_cc_pin_code_neg_reply(hdev, skb);
2713 case HCI_OP_READ_LOCAL_OOB_DATA:
2714 hci_cc_read_local_oob_data(hdev, skb);
2717 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2718 hci_cc_read_local_oob_ext_data(hdev, skb);
2721 case HCI_OP_LE_READ_BUFFER_SIZE:
2722 hci_cc_le_read_buffer_size(hdev, skb);
2725 case HCI_OP_LE_READ_LOCAL_FEATURES:
2726 hci_cc_le_read_local_features(hdev, skb);
2729 case HCI_OP_LE_READ_ADV_TX_POWER:
2730 hci_cc_le_read_adv_tx_power(hdev, skb);
2733 case HCI_OP_USER_CONFIRM_REPLY:
2734 hci_cc_user_confirm_reply(hdev, skb);
2737 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2738 hci_cc_user_confirm_neg_reply(hdev, skb);
2741 case HCI_OP_USER_PASSKEY_REPLY:
2742 hci_cc_user_passkey_reply(hdev, skb);
2745 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2746 hci_cc_user_passkey_neg_reply(hdev, skb);
2749 case HCI_OP_LE_SET_RANDOM_ADDR:
2750 hci_cc_le_set_random_addr(hdev, skb);
2753 case HCI_OP_LE_SET_ADV_ENABLE:
2754 hci_cc_le_set_adv_enable(hdev, skb);
2757 case HCI_OP_LE_SET_SCAN_PARAM:
2758 hci_cc_le_set_scan_param(hdev, skb);
2761 case HCI_OP_LE_SET_SCAN_ENABLE:
2762 hci_cc_le_set_scan_enable(hdev, skb);
2765 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2766 hci_cc_le_read_white_list_size(hdev, skb);
2769 case HCI_OP_LE_CLEAR_WHITE_LIST:
2770 hci_cc_le_clear_white_list(hdev, skb);
2773 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2774 hci_cc_le_add_to_white_list(hdev, skb);
2777 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2778 hci_cc_le_del_from_white_list(hdev, skb);
2781 case HCI_OP_LE_READ_SUPPORTED_STATES:
2782 hci_cc_le_read_supported_states(hdev, skb);
2785 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2786 hci_cc_write_le_host_supported(hdev, skb);
2789 case HCI_OP_LE_SET_ADV_PARAM:
2790 hci_cc_set_adv_param(hdev, skb);
2793 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2794 hci_cc_write_remote_amp_assoc(hdev, skb);
2797 case HCI_OP_READ_RSSI:
2798 hci_cc_read_rssi(hdev, skb);
2801 case HCI_OP_READ_TX_POWER:
2802 hci_cc_read_tx_power(hdev, skb);
2806 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2810 if (opcode != HCI_OP_NOP)
2811 cancel_delayed_work(&hdev->cmd_timer);
2813 hci_req_cmd_complete(hdev, opcode, status);
2815 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2816 atomic_set(&hdev->cmd_cnt, 1);
2817 if (!skb_queue_empty(&hdev->cmd_q))
2818 queue_work(hdev->workqueue, &hdev->cmd_work);
2822 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2824 struct hci_ev_cmd_status *ev = (void *) skb->data;
2827 skb_pull(skb, sizeof(*ev));
2829 opcode = __le16_to_cpu(ev->opcode);
2832 case HCI_OP_INQUIRY:
2833 hci_cs_inquiry(hdev, ev->status);
2836 case HCI_OP_CREATE_CONN:
2837 hci_cs_create_conn(hdev, ev->status);
2840 case HCI_OP_ADD_SCO:
2841 hci_cs_add_sco(hdev, ev->status);
2844 case HCI_OP_AUTH_REQUESTED:
2845 hci_cs_auth_requested(hdev, ev->status);
2848 case HCI_OP_SET_CONN_ENCRYPT:
2849 hci_cs_set_conn_encrypt(hdev, ev->status);
2852 case HCI_OP_REMOTE_NAME_REQ:
2853 hci_cs_remote_name_req(hdev, ev->status);
2856 case HCI_OP_READ_REMOTE_FEATURES:
2857 hci_cs_read_remote_features(hdev, ev->status);
2860 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2861 hci_cs_read_remote_ext_features(hdev, ev->status);
2864 case HCI_OP_SETUP_SYNC_CONN:
2865 hci_cs_setup_sync_conn(hdev, ev->status);
2868 case HCI_OP_SNIFF_MODE:
2869 hci_cs_sniff_mode(hdev, ev->status);
2872 case HCI_OP_EXIT_SNIFF_MODE:
2873 hci_cs_exit_sniff_mode(hdev, ev->status);
2876 case HCI_OP_DISCONNECT:
2877 hci_cs_disconnect(hdev, ev->status);
2880 case HCI_OP_CREATE_PHY_LINK:
2881 hci_cs_create_phylink(hdev, ev->status);
2884 case HCI_OP_ACCEPT_PHY_LINK:
2885 hci_cs_accept_phylink(hdev, ev->status);
2888 case HCI_OP_LE_CREATE_CONN:
2889 hci_cs_le_create_conn(hdev, ev->status);
2892 case HCI_OP_LE_START_ENC:
2893 hci_cs_le_start_enc(hdev, ev->status);
2897 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2901 if (opcode != HCI_OP_NOP)
2902 cancel_delayed_work(&hdev->cmd_timer);
2905 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2906 hci_req_cmd_complete(hdev, opcode, ev->status);
2908 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2909 atomic_set(&hdev->cmd_cnt, 1);
2910 if (!skb_queue_empty(&hdev->cmd_q))
2911 queue_work(hdev->workqueue, &hdev->cmd_work);
2915 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2917 struct hci_ev_role_change *ev = (void *) skb->data;
2918 struct hci_conn *conn;
2920 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2924 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2927 conn->role = ev->role;
2929 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2931 hci_role_switch_cfm(conn, ev->status, ev->role);
2934 hci_dev_unlock(hdev);
2937 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2939 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2942 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2943 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2947 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2948 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2949 BT_DBG("%s bad parameters", hdev->name);
2953 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2955 for (i = 0; i < ev->num_hndl; i++) {
2956 struct hci_comp_pkts_info *info = &ev->handles[i];
2957 struct hci_conn *conn;
2958 __u16 handle, count;
2960 handle = __le16_to_cpu(info->handle);
2961 count = __le16_to_cpu(info->count);
2963 conn = hci_conn_hash_lookup_handle(hdev, handle);
2967 conn->sent -= count;
2969 switch (conn->type) {
2971 hdev->acl_cnt += count;
2972 if (hdev->acl_cnt > hdev->acl_pkts)
2973 hdev->acl_cnt = hdev->acl_pkts;
2977 if (hdev->le_pkts) {
2978 hdev->le_cnt += count;
2979 if (hdev->le_cnt > hdev->le_pkts)
2980 hdev->le_cnt = hdev->le_pkts;
2982 hdev->acl_cnt += count;
2983 if (hdev->acl_cnt > hdev->acl_pkts)
2984 hdev->acl_cnt = hdev->acl_pkts;
2989 hdev->sco_cnt += count;
2990 if (hdev->sco_cnt > hdev->sco_pkts)
2991 hdev->sco_cnt = hdev->sco_pkts;
2995 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3000 queue_work(hdev->workqueue, &hdev->tx_work);
3003 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3006 struct hci_chan *chan;
3008 switch (hdev->dev_type) {
3010 return hci_conn_hash_lookup_handle(hdev, handle);
3012 chan = hci_chan_lookup_handle(hdev, handle);
3017 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3024 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3026 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3029 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3030 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3034 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3035 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3036 BT_DBG("%s bad parameters", hdev->name);
3040 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3043 for (i = 0; i < ev->num_hndl; i++) {
3044 struct hci_comp_blocks_info *info = &ev->handles[i];
3045 struct hci_conn *conn = NULL;
3046 __u16 handle, block_count;
3048 handle = __le16_to_cpu(info->handle);
3049 block_count = __le16_to_cpu(info->blocks);
3051 conn = __hci_conn_lookup_handle(hdev, handle);
3055 conn->sent -= block_count;
3057 switch (conn->type) {
3060 hdev->block_cnt += block_count;
3061 if (hdev->block_cnt > hdev->num_blocks)
3062 hdev->block_cnt = hdev->num_blocks;
3066 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3071 queue_work(hdev->workqueue, &hdev->tx_work);
3074 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3076 struct hci_ev_mode_change *ev = (void *) skb->data;
3077 struct hci_conn *conn;
3079 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3083 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3085 conn->mode = ev->mode;
3087 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3089 if (conn->mode == HCI_CM_ACTIVE)
3090 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3092 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3095 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3096 hci_sco_setup(conn, ev->status);
3099 hci_dev_unlock(hdev);
3102 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3104 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3105 struct hci_conn *conn;
3107 BT_DBG("%s", hdev->name);
3111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3115 if (conn->state == BT_CONNECTED) {
3116 hci_conn_hold(conn);
3117 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3118 hci_conn_drop(conn);
3121 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) &&
3122 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3123 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3124 sizeof(ev->bdaddr), &ev->bdaddr);
3125 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3128 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3133 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3137 hci_dev_unlock(hdev);
3140 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3142 struct hci_ev_link_key_req *ev = (void *) skb->data;
3143 struct hci_cp_link_key_reply cp;
3144 struct hci_conn *conn;
3145 struct link_key *key;
3147 BT_DBG("%s", hdev->name);
3149 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3154 key = hci_find_link_key(hdev, &ev->bdaddr);
3156 BT_DBG("%s link key not found for %pMR", hdev->name,
3161 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3166 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3167 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3168 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3169 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3173 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3174 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3175 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3176 BT_DBG("%s ignoring key unauthenticated for high security",
3181 conn->key_type = key->type;
3182 conn->pin_length = key->pin_len;
3185 bacpy(&cp.bdaddr, &ev->bdaddr);
3186 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3188 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3190 hci_dev_unlock(hdev);
3195 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3196 hci_dev_unlock(hdev);
3199 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3201 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3202 struct hci_conn *conn;
3203 struct link_key *key;
3207 BT_DBG("%s", hdev->name);
3211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3213 hci_conn_hold(conn);
3214 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3215 pin_len = conn->pin_length;
3217 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3218 conn->key_type = ev->key_type;
3220 hci_conn_drop(conn);
3223 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3226 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3227 ev->key_type, pin_len, &persistent);
3231 mgmt_new_link_key(hdev, key, persistent);
3233 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3234 * is set. If it's not set simply remove the key from the kernel
3235 * list (we've still notified user space about it but with
3236 * store_hint being 0).
3238 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3239 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3240 list_del(&key->list);
3244 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3246 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3250 hci_dev_unlock(hdev);
3253 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3255 struct hci_ev_clock_offset *ev = (void *) skb->data;
3256 struct hci_conn *conn;
3258 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3262 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3263 if (conn && !ev->status) {
3264 struct inquiry_entry *ie;
3266 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3268 ie->data.clock_offset = ev->clock_offset;
3269 ie->timestamp = jiffies;
3273 hci_dev_unlock(hdev);
3276 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3278 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3279 struct hci_conn *conn;
3281 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3285 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3286 if (conn && !ev->status)
3287 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3289 hci_dev_unlock(hdev);
3292 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3294 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3295 struct inquiry_entry *ie;
3297 BT_DBG("%s", hdev->name);
3301 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3303 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3304 ie->timestamp = jiffies;
3307 hci_dev_unlock(hdev);
3310 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3311 struct sk_buff *skb)
3313 struct inquiry_data data;
3314 int num_rsp = *((__u8 *) skb->data);
3316 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3321 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3326 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3327 struct inquiry_info_with_rssi_and_pscan_mode *info;
3328 info = (void *) (skb->data + 1);
3330 for (; num_rsp; num_rsp--, info++) {
3333 bacpy(&data.bdaddr, &info->bdaddr);
3334 data.pscan_rep_mode = info->pscan_rep_mode;
3335 data.pscan_period_mode = info->pscan_period_mode;
3336 data.pscan_mode = info->pscan_mode;
3337 memcpy(data.dev_class, info->dev_class, 3);
3338 data.clock_offset = info->clock_offset;
3339 data.rssi = info->rssi;
3340 data.ssp_mode = 0x00;
3342 flags = hci_inquiry_cache_update(hdev, &data, false);
3344 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3345 info->dev_class, info->rssi,
3346 flags, NULL, 0, NULL, 0);
3349 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3351 for (; num_rsp; num_rsp--, info++) {
3354 bacpy(&data.bdaddr, &info->bdaddr);
3355 data.pscan_rep_mode = info->pscan_rep_mode;
3356 data.pscan_period_mode = info->pscan_period_mode;
3357 data.pscan_mode = 0x00;
3358 memcpy(data.dev_class, info->dev_class, 3);
3359 data.clock_offset = info->clock_offset;
3360 data.rssi = info->rssi;
3361 data.ssp_mode = 0x00;
3363 flags = hci_inquiry_cache_update(hdev, &data, false);
3365 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3366 info->dev_class, info->rssi,
3367 flags, NULL, 0, NULL, 0);
3371 hci_dev_unlock(hdev);
3374 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3375 struct sk_buff *skb)
3377 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3378 struct hci_conn *conn;
3380 BT_DBG("%s", hdev->name);
3384 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3388 if (ev->page < HCI_MAX_PAGES)
3389 memcpy(conn->features[ev->page], ev->features, 8);
3391 if (!ev->status && ev->page == 0x01) {
3392 struct inquiry_entry *ie;
3394 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3396 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3398 if (ev->features[0] & LMP_HOST_SSP) {
3399 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3401 /* It is mandatory by the Bluetooth specification that
3402 * Extended Inquiry Results are only used when Secure
3403 * Simple Pairing is enabled, but some devices violate
3406 * To make these devices work, the internal SSP
3407 * enabled flag needs to be cleared if the remote host
3408 * features do not indicate SSP support */
3409 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3412 if (ev->features[0] & LMP_HOST_SC)
3413 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3416 if (conn->state != BT_CONFIG)
3419 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3420 struct hci_cp_remote_name_req cp;
3421 memset(&cp, 0, sizeof(cp));
3422 bacpy(&cp.bdaddr, &conn->dst);
3423 cp.pscan_rep_mode = 0x02;
3424 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3425 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3426 mgmt_device_connected(hdev, &conn->dst, conn->type,
3427 conn->dst_type, 0, NULL, 0,
3430 if (!hci_outgoing_auth_needed(hdev, conn)) {
3431 conn->state = BT_CONNECTED;
3432 hci_proto_connect_cfm(conn, ev->status);
3433 hci_conn_drop(conn);
3437 hci_dev_unlock(hdev);
3440 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3441 struct sk_buff *skb)
3443 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3444 struct hci_conn *conn;
3446 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3450 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3452 if (ev->link_type == ESCO_LINK)
3455 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3459 conn->type = SCO_LINK;
3462 switch (ev->status) {
3464 conn->handle = __le16_to_cpu(ev->handle);
3465 conn->state = BT_CONNECTED;
3467 hci_conn_add_sysfs(conn);
3470 case 0x10: /* Connection Accept Timeout */
3471 case 0x0d: /* Connection Rejected due to Limited Resources */
3472 case 0x11: /* Unsupported Feature or Parameter Value */
3473 case 0x1c: /* SCO interval rejected */
3474 case 0x1a: /* Unsupported Remote Feature */
3475 case 0x1f: /* Unspecified error */
3476 case 0x20: /* Unsupported LMP Parameter value */
3478 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3479 (hdev->esco_type & EDR_ESCO_MASK);
3480 if (hci_setup_sync(conn, conn->link->handle))
3486 conn->state = BT_CLOSED;
3490 hci_proto_connect_cfm(conn, ev->status);
3495 hci_dev_unlock(hdev);
3498 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3502 while (parsed < eir_len) {
3503 u8 field_len = eir[0];
3508 parsed += field_len + 1;
3509 eir += field_len + 1;
3515 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3516 struct sk_buff *skb)
3518 struct inquiry_data data;
3519 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3520 int num_rsp = *((__u8 *) skb->data);
3523 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3528 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3533 for (; num_rsp; num_rsp--, info++) {
3537 bacpy(&data.bdaddr, &info->bdaddr);
3538 data.pscan_rep_mode = info->pscan_rep_mode;
3539 data.pscan_period_mode = info->pscan_period_mode;
3540 data.pscan_mode = 0x00;
3541 memcpy(data.dev_class, info->dev_class, 3);
3542 data.clock_offset = info->clock_offset;
3543 data.rssi = info->rssi;
3544 data.ssp_mode = 0x01;
3546 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3547 name_known = eir_has_data_type(info->data,
3553 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3555 eir_len = eir_get_length(info->data, sizeof(info->data));
3557 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3558 info->dev_class, info->rssi,
3559 flags, info->data, eir_len, NULL, 0);
3562 hci_dev_unlock(hdev);
3565 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3566 struct sk_buff *skb)
3568 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3569 struct hci_conn *conn;
3571 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3572 __le16_to_cpu(ev->handle));
3576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3580 /* For BR/EDR the necessary steps are taken through the
3581 * auth_complete event.
3583 if (conn->type != LE_LINK)
3587 conn->sec_level = conn->pending_sec_level;
3589 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3591 if (ev->status && conn->state == BT_CONNECTED) {
3592 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3593 hci_conn_drop(conn);
3597 if (conn->state == BT_CONFIG) {
3599 conn->state = BT_CONNECTED;
3601 hci_proto_connect_cfm(conn, ev->status);
3602 hci_conn_drop(conn);
3604 hci_auth_cfm(conn, ev->status);
3606 hci_conn_hold(conn);
3607 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3608 hci_conn_drop(conn);
3612 hci_dev_unlock(hdev);
3615 static u8 hci_get_auth_req(struct hci_conn *conn)
3617 /* If remote requests no-bonding follow that lead */
3618 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3619 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3620 return conn->remote_auth | (conn->auth_type & 0x01);
3622 /* If both remote and local have enough IO capabilities, require
3625 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3626 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3627 return conn->remote_auth | 0x01;
3629 /* No MITM protection possible so ignore remote requirement */
3630 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3633 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3635 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3636 struct hci_conn *conn;
3638 BT_DBG("%s", hdev->name);
3642 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3646 hci_conn_hold(conn);
3648 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3651 /* Allow pairing if we're pairable, the initiators of the
3652 * pairing or if the remote is not requesting bonding.
3654 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3655 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
3656 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3657 struct hci_cp_io_capability_reply cp;
3659 bacpy(&cp.bdaddr, &ev->bdaddr);
3660 /* Change the IO capability from KeyboardDisplay
3661 * to DisplayYesNo as it is not supported by BT spec. */
3662 cp.capability = (conn->io_capability == 0x04) ?
3663 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3665 /* If we are initiators, there is no remote information yet */
3666 if (conn->remote_auth == 0xff) {
3667 /* Request MITM protection if our IO caps allow it
3668 * except for the no-bonding case.
3670 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3671 conn->auth_type != HCI_AT_NO_BONDING)
3672 conn->auth_type |= 0x01;
3674 cp.authentication = conn->auth_type;
3676 conn->auth_type = hci_get_auth_req(conn);
3677 cp.authentication = conn->auth_type;
3680 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3681 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3686 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3689 struct hci_cp_io_capability_neg_reply cp;
3691 bacpy(&cp.bdaddr, &ev->bdaddr);
3692 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3694 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3699 hci_dev_unlock(hdev);
3702 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3704 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3705 struct hci_conn *conn;
3707 BT_DBG("%s", hdev->name);
3711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3715 conn->remote_cap = ev->capability;
3716 conn->remote_auth = ev->authentication;
3718 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3721 hci_dev_unlock(hdev);
3724 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3725 struct sk_buff *skb)
3727 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3728 int loc_mitm, rem_mitm, confirm_hint = 0;
3729 struct hci_conn *conn;
3731 BT_DBG("%s", hdev->name);
3735 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3738 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3742 loc_mitm = (conn->auth_type & 0x01);
3743 rem_mitm = (conn->remote_auth & 0x01);
3745 /* If we require MITM but the remote device can't provide that
3746 * (it has NoInputNoOutput) then reject the confirmation
3747 * request. We check the security level here since it doesn't
3748 * necessarily match conn->auth_type.
3750 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
3751 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3752 BT_DBG("Rejecting request: remote device can't provide MITM");
3753 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3754 sizeof(ev->bdaddr), &ev->bdaddr);
3758 /* If no side requires MITM protection; auto-accept */
3759 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3760 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3762 /* If we're not the initiators request authorization to
3763 * proceed from user space (mgmt_user_confirm with
3764 * confirm_hint set to 1). The exception is if neither
3765 * side had MITM or if the local IO capability is
3766 * NoInputNoOutput, in which case we do auto-accept
3768 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3769 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3770 (loc_mitm || rem_mitm)) {
3771 BT_DBG("Confirming auto-accept as acceptor");
3776 BT_DBG("Auto-accept of user confirmation with %ums delay",
3777 hdev->auto_accept_delay);
3779 if (hdev->auto_accept_delay > 0) {
3780 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3781 queue_delayed_work(conn->hdev->workqueue,
3782 &conn->auto_accept_work, delay);
3786 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3787 sizeof(ev->bdaddr), &ev->bdaddr);
3792 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3793 le32_to_cpu(ev->passkey), confirm_hint);
3796 hci_dev_unlock(hdev);
3799 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3800 struct sk_buff *skb)
3802 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3804 BT_DBG("%s", hdev->name);
3806 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3807 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3810 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3811 struct sk_buff *skb)
3813 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3814 struct hci_conn *conn;
3816 BT_DBG("%s", hdev->name);
3818 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3822 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3823 conn->passkey_entered = 0;
3825 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3826 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3827 conn->dst_type, conn->passkey_notify,
3828 conn->passkey_entered);
3831 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3833 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3834 struct hci_conn *conn;
3836 BT_DBG("%s", hdev->name);
3838 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3843 case HCI_KEYPRESS_STARTED:
3844 conn->passkey_entered = 0;
3847 case HCI_KEYPRESS_ENTERED:
3848 conn->passkey_entered++;
3851 case HCI_KEYPRESS_ERASED:
3852 conn->passkey_entered--;
3855 case HCI_KEYPRESS_CLEARED:
3856 conn->passkey_entered = 0;
3859 case HCI_KEYPRESS_COMPLETED:
3863 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3864 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3865 conn->dst_type, conn->passkey_notify,
3866 conn->passkey_entered);
3869 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3870 struct sk_buff *skb)
3872 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3873 struct hci_conn *conn;
3875 BT_DBG("%s", hdev->name);
3879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3883 /* Reset the authentication requirement to unknown */
3884 conn->remote_auth = 0xff;
3886 /* To avoid duplicate auth_failed events to user space we check
3887 * the HCI_CONN_AUTH_PEND flag which will be set if we
3888 * initiated the authentication. A traditional auth_complete
3889 * event gets always produced as initiator and is also mapped to
3890 * the mgmt_auth_failed event */
3891 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3892 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3895 hci_conn_drop(conn);
3898 hci_dev_unlock(hdev);
3901 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3902 struct sk_buff *skb)
3904 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3905 struct inquiry_entry *ie;
3906 struct hci_conn *conn;
3908 BT_DBG("%s", hdev->name);
3912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3914 memcpy(conn->features[1], ev->features, 8);
3916 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3918 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3920 hci_dev_unlock(hdev);
3923 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3924 struct sk_buff *skb)
3926 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3927 struct oob_data *data;
3929 BT_DBG("%s", hdev->name);
3933 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3936 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3938 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3939 struct hci_cp_remote_oob_ext_data_reply cp;
3941 bacpy(&cp.bdaddr, &ev->bdaddr);
3942 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3943 memcpy(cp.randomizer192, data->randomizer192,
3944 sizeof(cp.randomizer192));
3945 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3946 memcpy(cp.randomizer256, data->randomizer256,
3947 sizeof(cp.randomizer256));
3949 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3952 struct hci_cp_remote_oob_data_reply cp;
3954 bacpy(&cp.bdaddr, &ev->bdaddr);
3955 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3956 memcpy(cp.randomizer, data->randomizer192,
3957 sizeof(cp.randomizer));
3959 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3963 struct hci_cp_remote_oob_data_neg_reply cp;
3965 bacpy(&cp.bdaddr, &ev->bdaddr);
3966 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3971 hci_dev_unlock(hdev);
3974 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3975 struct sk_buff *skb)
3977 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3978 struct hci_conn *hcon, *bredr_hcon;
3980 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3985 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3987 hci_dev_unlock(hdev);
3993 hci_dev_unlock(hdev);
3997 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3999 hcon->state = BT_CONNECTED;
4000 bacpy(&hcon->dst, &bredr_hcon->dst);
4002 hci_conn_hold(hcon);
4003 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4004 hci_conn_drop(hcon);
4006 hci_conn_add_sysfs(hcon);
4008 amp_physical_cfm(bredr_hcon, hcon);
4010 hci_dev_unlock(hdev);
4013 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4015 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4016 struct hci_conn *hcon;
4017 struct hci_chan *hchan;
4018 struct amp_mgr *mgr;
4020 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4021 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4024 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4028 /* Create AMP hchan */
4029 hchan = hci_chan_create(hcon);
4033 hchan->handle = le16_to_cpu(ev->handle);
4035 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4037 mgr = hcon->amp_mgr;
4038 if (mgr && mgr->bredr_chan) {
4039 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4041 l2cap_chan_lock(bredr_chan);
4043 bredr_chan->conn->mtu = hdev->block_mtu;
4044 l2cap_logical_cfm(bredr_chan, hchan, 0);
4045 hci_conn_hold(hcon);
4047 l2cap_chan_unlock(bredr_chan);
4051 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4052 struct sk_buff *skb)
4054 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4055 struct hci_chan *hchan;
4057 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4058 le16_to_cpu(ev->handle), ev->status);
4065 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4069 amp_destroy_logical_link(hchan, ev->reason);
4072 hci_dev_unlock(hdev);
4075 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4076 struct sk_buff *skb)
4078 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4079 struct hci_conn *hcon;
4081 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4088 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4090 hcon->state = BT_CLOSED;
4094 hci_dev_unlock(hdev);
4097 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4099 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4100 struct hci_conn_params *params;
4101 struct hci_conn *conn;
4102 struct smp_irk *irk;
4105 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4109 /* All controllers implicitly stop advertising in the event of a
4110 * connection, so ensure that the state bit is cleared.
4112 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4114 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4116 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4118 BT_ERR("No memory for new connection");
4122 conn->dst_type = ev->bdaddr_type;
4124 /* If we didn't have a hci_conn object previously
4125 * but we're in master role this must be something
4126 * initiated using a white list. Since white list based
4127 * connections are not "first class citizens" we don't
4128 * have full tracking of them. Therefore, we go ahead
4129 * with a "best effort" approach of determining the
4130 * initiator address based on the HCI_PRIVACY flag.
4133 conn->resp_addr_type = ev->bdaddr_type;
4134 bacpy(&conn->resp_addr, &ev->bdaddr);
4135 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4136 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4137 bacpy(&conn->init_addr, &hdev->rpa);
4139 hci_copy_identity_address(hdev,
4141 &conn->init_addr_type);
4145 cancel_delayed_work(&conn->le_conn_timeout);
4149 /* Set the responder (our side) address type based on
4150 * the advertising address type.
4152 conn->resp_addr_type = hdev->adv_addr_type;
4153 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4154 bacpy(&conn->resp_addr, &hdev->random_addr);
4156 bacpy(&conn->resp_addr, &hdev->bdaddr);
4158 conn->init_addr_type = ev->bdaddr_type;
4159 bacpy(&conn->init_addr, &ev->bdaddr);
4161 /* For incoming connections, set the default minimum
4162 * and maximum connection interval. They will be used
4163 * to check if the parameters are in range and if not
4164 * trigger the connection update procedure.
4166 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4167 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4170 /* Lookup the identity address from the stored connection
4171 * address and address type.
4173 * When establishing connections to an identity address, the
4174 * connection procedure will store the resolvable random
4175 * address first. Now if it can be converted back into the
4176 * identity address, start using the identity address from
4179 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4181 bacpy(&conn->dst, &irk->bdaddr);
4182 conn->dst_type = irk->addr_type;
4185 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4186 addr_type = BDADDR_LE_PUBLIC;
4188 addr_type = BDADDR_LE_RANDOM;
4191 hci_le_conn_failed(conn, ev->status);
4195 /* Drop the connection if the device is blocked */
4196 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4197 hci_conn_drop(conn);
4201 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4202 mgmt_device_connected(hdev, &conn->dst, conn->type,
4203 conn->dst_type, 0, NULL, 0, NULL);
4205 conn->sec_level = BT_SECURITY_LOW;
4206 conn->handle = __le16_to_cpu(ev->handle);
4207 conn->state = BT_CONNECTED;
4209 conn->le_conn_interval = le16_to_cpu(ev->interval);
4210 conn->le_conn_latency = le16_to_cpu(ev->latency);
4211 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4213 hci_conn_add_sysfs(conn);
4215 hci_proto_connect_cfm(conn, ev->status);
4217 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
4219 list_del_init(¶ms->action);
4222 hci_update_background_scan(hdev);
4223 hci_dev_unlock(hdev);
4226 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4227 struct sk_buff *skb)
4229 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4230 struct hci_conn *conn;
4232 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4239 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4241 conn->le_conn_interval = le16_to_cpu(ev->interval);
4242 conn->le_conn_latency = le16_to_cpu(ev->latency);
4243 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4246 hci_dev_unlock(hdev);
4249 /* This function requires the caller holds hdev->lock */
4250 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4251 u8 addr_type, u8 adv_type)
4253 struct hci_conn *conn;
4255 /* If the event is not connectable don't proceed further */
4256 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4259 /* Ignore if the device is blocked */
4260 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4263 /* Most controller will fail if we try to create new connections
4264 * while we have an existing one in slave role.
4266 if (hdev->conn_hash.le_num_slave > 0)
4269 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4270 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4271 adv_type == LE_ADV_DIRECT_IND)
4274 /* If we're not connectable only connect devices that we have in
4275 * our pend_le_conns list.
4277 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type))
4281 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4282 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4286 switch (PTR_ERR(conn)) {
4288 /* If hci_connect() returns -EBUSY it means there is already
4289 * an LE connection attempt going on. Since controllers don't
4290 * support more than one connection attempt at the time, we
4291 * don't consider this an error case.
4295 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4299 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4300 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4302 struct discovery_state *d = &hdev->discovery;
4303 struct smp_irk *irk;
4307 /* Check if we need to convert to identity address */
4308 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4310 bdaddr = &irk->bdaddr;
4311 bdaddr_type = irk->addr_type;
4314 /* Check if we have been requested to connect to this device */
4315 check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4317 /* Passive scanning shouldn't trigger any device found events,
4318 * except for devices marked as CONN_REPORT for which we do send
4319 * device found events.
4321 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4322 if (type == LE_ADV_DIRECT_IND)
4325 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4326 bdaddr, bdaddr_type))
4329 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4330 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4333 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4334 rssi, flags, data, len, NULL, 0);
4338 /* When receiving non-connectable or scannable undirected
4339 * advertising reports, this means that the remote device is
4340 * not connectable and then clearly indicate this in the
4341 * device found event.
4343 * When receiving a scan response, then there is no way to
4344 * know if the remote device is connectable or not. However
4345 * since scan responses are merged with a previously seen
4346 * advertising report, the flags field from that report
4349 * In the really unlikely case that a controller get confused
4350 * and just sends a scan response event, then it is marked as
4351 * not connectable as well.
4353 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4354 type == LE_ADV_SCAN_RSP)
4355 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4359 /* If there's nothing pending either store the data from this
4360 * event or send an immediate device found event if the data
4361 * should not be stored for later.
4363 if (!has_pending_adv_report(hdev)) {
4364 /* If the report will trigger a SCAN_REQ store it for
4367 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4368 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4369 rssi, flags, data, len);
4373 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4374 rssi, flags, data, len, NULL, 0);
4378 /* Check if the pending report is for the same device as the new one */
4379 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4380 bdaddr_type == d->last_adv_addr_type);
4382 /* If the pending data doesn't match this report or this isn't a
4383 * scan response (e.g. we got a duplicate ADV_IND) then force
4384 * sending of the pending data.
4386 if (type != LE_ADV_SCAN_RSP || !match) {
4387 /* Send out whatever is in the cache, but skip duplicates */
4389 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4390 d->last_adv_addr_type, NULL,
4391 d->last_adv_rssi, d->last_adv_flags,
4393 d->last_adv_data_len, NULL, 0);
4395 /* If the new report will trigger a SCAN_REQ store it for
4398 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4399 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4400 rssi, flags, data, len);
4404 /* The advertising reports cannot be merged, so clear
4405 * the pending report and send out a device found event.
4407 clear_pending_adv_report(hdev);
4408 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4409 rssi, flags, data, len, NULL, 0);
4413 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4414 * the new event is a SCAN_RSP. We can therefore proceed with
4415 * sending a merged device found event.
4417 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4418 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4419 d->last_adv_data, d->last_adv_data_len, data, len);
4420 clear_pending_adv_report(hdev);
4423 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4425 u8 num_reports = skb->data[0];
4426 void *ptr = &skb->data[1];
4430 while (num_reports--) {
4431 struct hci_ev_le_advertising_info *ev = ptr;
4434 rssi = ev->data[ev->length];
4435 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4436 ev->bdaddr_type, rssi, ev->data, ev->length);
4438 ptr += sizeof(*ev) + ev->length + 1;
4441 hci_dev_unlock(hdev);
4444 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4446 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4447 struct hci_cp_le_ltk_reply cp;
4448 struct hci_cp_le_ltk_neg_reply neg;
4449 struct hci_conn *conn;
4450 struct smp_ltk *ltk;
4452 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4456 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4460 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->role);
4464 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4465 cp.handle = cpu_to_le16(conn->handle);
4467 if (ltk->authenticated)
4468 conn->pending_sec_level = BT_SECURITY_HIGH;
4470 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4472 conn->enc_key_size = ltk->enc_size;
4474 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4476 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4477 * temporary key used to encrypt a connection following
4478 * pairing. It is used during the Encrypted Session Setup to
4479 * distribute the keys. Later, security can be re-established
4480 * using a distributed LTK.
4482 if (ltk->type == SMP_STK) {
4483 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4484 list_del(<k->list);
4487 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4490 hci_dev_unlock(hdev);
4495 neg.handle = ev->handle;
4496 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4497 hci_dev_unlock(hdev);
4500 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4503 struct hci_cp_le_conn_param_req_neg_reply cp;
4505 cp.handle = cpu_to_le16(handle);
4508 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4512 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4513 struct sk_buff *skb)
4515 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4516 struct hci_cp_le_conn_param_req_reply cp;
4517 struct hci_conn *hcon;
4518 u16 handle, min, max, latency, timeout;
4520 handle = le16_to_cpu(ev->handle);
4521 min = le16_to_cpu(ev->interval_min);
4522 max = le16_to_cpu(ev->interval_max);
4523 latency = le16_to_cpu(ev->latency);
4524 timeout = le16_to_cpu(ev->timeout);
4526 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4527 if (!hcon || hcon->state != BT_CONNECTED)
4528 return send_conn_param_neg_reply(hdev, handle,
4529 HCI_ERROR_UNKNOWN_CONN_ID);
4531 if (hci_check_conn_params(min, max, latency, timeout))
4532 return send_conn_param_neg_reply(hdev, handle,
4533 HCI_ERROR_INVALID_LL_PARAMS);
4535 if (hcon->role == HCI_ROLE_MASTER) {
4536 struct hci_conn_params *params;
4541 params = hci_conn_params_lookup(hdev, &hcon->dst,
4544 params->conn_min_interval = min;
4545 params->conn_max_interval = max;
4546 params->conn_latency = latency;
4547 params->supervision_timeout = timeout;
4553 hci_dev_unlock(hdev);
4555 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4556 store_hint, min, max, latency, timeout);
4559 cp.handle = ev->handle;
4560 cp.interval_min = ev->interval_min;
4561 cp.interval_max = ev->interval_max;
4562 cp.latency = ev->latency;
4563 cp.timeout = ev->timeout;
4567 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4570 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4572 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4574 skb_pull(skb, sizeof(*le_ev));
4576 switch (le_ev->subevent) {
4577 case HCI_EV_LE_CONN_COMPLETE:
4578 hci_le_conn_complete_evt(hdev, skb);
4581 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4582 hci_le_conn_update_complete_evt(hdev, skb);
4585 case HCI_EV_LE_ADVERTISING_REPORT:
4586 hci_le_adv_report_evt(hdev, skb);
4589 case HCI_EV_LE_LTK_REQ:
4590 hci_le_ltk_request_evt(hdev, skb);
4593 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4594 hci_le_remote_conn_param_req_evt(hdev, skb);
4602 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4604 struct hci_ev_channel_selected *ev = (void *) skb->data;
4605 struct hci_conn *hcon;
4607 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4609 skb_pull(skb, sizeof(*ev));
4611 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4615 amp_read_loc_assoc_final_data(hdev, hcon);
4618 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4620 struct hci_event_hdr *hdr = (void *) skb->data;
4621 __u8 event = hdr->evt;
4625 /* Received events are (currently) only needed when a request is
4626 * ongoing so avoid unnecessary memory allocation.
4628 if (hci_req_pending(hdev)) {
4629 kfree_skb(hdev->recv_evt);
4630 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4633 hci_dev_unlock(hdev);
4635 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4637 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4638 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4639 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4641 hci_req_cmd_complete(hdev, opcode, 0);
4645 case HCI_EV_INQUIRY_COMPLETE:
4646 hci_inquiry_complete_evt(hdev, skb);
4649 case HCI_EV_INQUIRY_RESULT:
4650 hci_inquiry_result_evt(hdev, skb);
4653 case HCI_EV_CONN_COMPLETE:
4654 hci_conn_complete_evt(hdev, skb);
4657 case HCI_EV_CONN_REQUEST:
4658 hci_conn_request_evt(hdev, skb);
4661 case HCI_EV_DISCONN_COMPLETE:
4662 hci_disconn_complete_evt(hdev, skb);
4665 case HCI_EV_AUTH_COMPLETE:
4666 hci_auth_complete_evt(hdev, skb);
4669 case HCI_EV_REMOTE_NAME:
4670 hci_remote_name_evt(hdev, skb);
4673 case HCI_EV_ENCRYPT_CHANGE:
4674 hci_encrypt_change_evt(hdev, skb);
4677 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4678 hci_change_link_key_complete_evt(hdev, skb);
4681 case HCI_EV_REMOTE_FEATURES:
4682 hci_remote_features_evt(hdev, skb);
4685 case HCI_EV_CMD_COMPLETE:
4686 hci_cmd_complete_evt(hdev, skb);
4689 case HCI_EV_CMD_STATUS:
4690 hci_cmd_status_evt(hdev, skb);
4693 case HCI_EV_ROLE_CHANGE:
4694 hci_role_change_evt(hdev, skb);
4697 case HCI_EV_NUM_COMP_PKTS:
4698 hci_num_comp_pkts_evt(hdev, skb);
4701 case HCI_EV_MODE_CHANGE:
4702 hci_mode_change_evt(hdev, skb);
4705 case HCI_EV_PIN_CODE_REQ:
4706 hci_pin_code_request_evt(hdev, skb);
4709 case HCI_EV_LINK_KEY_REQ:
4710 hci_link_key_request_evt(hdev, skb);
4713 case HCI_EV_LINK_KEY_NOTIFY:
4714 hci_link_key_notify_evt(hdev, skb);
4717 case HCI_EV_CLOCK_OFFSET:
4718 hci_clock_offset_evt(hdev, skb);
4721 case HCI_EV_PKT_TYPE_CHANGE:
4722 hci_pkt_type_change_evt(hdev, skb);
4725 case HCI_EV_PSCAN_REP_MODE:
4726 hci_pscan_rep_mode_evt(hdev, skb);
4729 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4730 hci_inquiry_result_with_rssi_evt(hdev, skb);
4733 case HCI_EV_REMOTE_EXT_FEATURES:
4734 hci_remote_ext_features_evt(hdev, skb);
4737 case HCI_EV_SYNC_CONN_COMPLETE:
4738 hci_sync_conn_complete_evt(hdev, skb);
4741 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4742 hci_extended_inquiry_result_evt(hdev, skb);
4745 case HCI_EV_KEY_REFRESH_COMPLETE:
4746 hci_key_refresh_complete_evt(hdev, skb);
4749 case HCI_EV_IO_CAPA_REQUEST:
4750 hci_io_capa_request_evt(hdev, skb);
4753 case HCI_EV_IO_CAPA_REPLY:
4754 hci_io_capa_reply_evt(hdev, skb);
4757 case HCI_EV_USER_CONFIRM_REQUEST:
4758 hci_user_confirm_request_evt(hdev, skb);
4761 case HCI_EV_USER_PASSKEY_REQUEST:
4762 hci_user_passkey_request_evt(hdev, skb);
4765 case HCI_EV_USER_PASSKEY_NOTIFY:
4766 hci_user_passkey_notify_evt(hdev, skb);
4769 case HCI_EV_KEYPRESS_NOTIFY:
4770 hci_keypress_notify_evt(hdev, skb);
4773 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4774 hci_simple_pair_complete_evt(hdev, skb);
4777 case HCI_EV_REMOTE_HOST_FEATURES:
4778 hci_remote_host_features_evt(hdev, skb);
4781 case HCI_EV_LE_META:
4782 hci_le_meta_evt(hdev, skb);
4785 case HCI_EV_CHANNEL_SELECTED:
4786 hci_chan_selected_evt(hdev, skb);
4789 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4790 hci_remote_oob_data_request_evt(hdev, skb);
4793 case HCI_EV_PHY_LINK_COMPLETE:
4794 hci_phy_link_complete_evt(hdev, skb);
4797 case HCI_EV_LOGICAL_LINK_COMPLETE:
4798 hci_loglink_complete_evt(hdev, skb);
4801 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4802 hci_disconn_loglink_complete_evt(hdev, skb);
4805 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4806 hci_disconn_phylink_complete_evt(hdev, skb);
4809 case HCI_EV_NUM_COMP_BLOCKS:
4810 hci_num_comp_blocks_evt(hdev, skb);
4814 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4819 hdev->stat.evt_rx++;