2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
58 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
61 hci_conn_check_pending(hdev);
64 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
66 __u8 status = *((__u8 *) skb->data);
68 BT_DBG("%s status 0x%2.2x", hdev->name, status);
73 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%2.2x", hdev->name, status);
85 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
87 hci_conn_check_pending(hdev);
90 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
93 BT_DBG("%s", hdev->name);
96 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
98 struct hci_rp_role_discovery *rp = (void *) skb->data;
99 struct hci_conn *conn;
101 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
110 conn->role = rp->role;
112 hci_dev_unlock(hdev);
115 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 struct hci_rp_read_link_policy *rp = (void *) skb->data;
118 struct hci_conn *conn;
120 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
127 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 conn->link_policy = __le16_to_cpu(rp->policy);
131 hci_dev_unlock(hdev);
134 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 struct hci_rp_write_link_policy *rp = (void *) skb->data;
137 struct hci_conn *conn;
140 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
145 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 conn->link_policy = get_unaligned_le16(sent + 2);
155 hci_dev_unlock(hdev);
158 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 __u8 status = *((__u8 *) skb->data);
177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
182 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
189 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191 __u8 status = *((__u8 *) skb->data);
193 BT_DBG("%s status 0x%2.2x", hdev->name, status);
195 clear_bit(HCI_RESET, &hdev->flags);
200 /* Reset all non-persistent flags */
201 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
203 hdev->discovery.state = DISCOVERY_STOPPED;
204 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
205 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
207 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
208 hdev->adv_data_len = 0;
210 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
211 hdev->scan_rsp_data_len = 0;
213 hdev->le_scan_type = LE_SCAN_PASSIVE;
215 hdev->ssp_debug_mode = 0;
217 hci_bdaddr_list_clear(&hdev->le_white_list);
220 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
223 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
224 struct hci_cp_read_stored_link_key *sent;
226 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
228 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
232 if (!rp->status && sent->read_all == 0x01) {
233 hdev->stored_max_keys = rp->max_keys;
234 hdev->stored_num_keys = rp->num_keys;
238 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
241 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
243 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
248 if (rp->num_keys <= hdev->stored_num_keys)
249 hdev->stored_num_keys -= rp->num_keys;
251 hdev->stored_num_keys = 0;
254 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
256 __u8 status = *((__u8 *) skb->data);
259 BT_DBG("%s status 0x%2.2x", hdev->name, status);
261 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
267 if (test_bit(HCI_MGMT, &hdev->dev_flags))
268 mgmt_set_local_name_complete(hdev, sent, status);
270 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
272 hci_dev_unlock(hdev);
275 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
277 struct hci_rp_read_local_name *rp = (void *) skb->data;
279 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
284 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
285 test_bit(HCI_CONFIG, &hdev->dev_flags))
286 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
289 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
291 __u8 status = *((__u8 *) skb->data);
294 BT_DBG("%s status 0x%2.2x", hdev->name, status);
296 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
303 __u8 param = *((__u8 *) sent);
305 if (param == AUTH_ENABLED)
306 set_bit(HCI_AUTH, &hdev->flags);
308 clear_bit(HCI_AUTH, &hdev->flags);
311 if (test_bit(HCI_MGMT, &hdev->dev_flags))
312 mgmt_auth_enable_complete(hdev, status);
314 hci_dev_unlock(hdev);
317 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
319 __u8 status = *((__u8 *) skb->data);
323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
328 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
332 param = *((__u8 *) sent);
335 set_bit(HCI_ENCRYPT, &hdev->flags);
337 clear_bit(HCI_ENCRYPT, &hdev->flags);
340 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
342 __u8 status = *((__u8 *) skb->data);
346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
348 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
352 param = *((__u8 *) sent);
357 hdev->discov_timeout = 0;
361 if (param & SCAN_INQUIRY)
362 set_bit(HCI_ISCAN, &hdev->flags);
364 clear_bit(HCI_ISCAN, &hdev->flags);
366 if (param & SCAN_PAGE)
367 set_bit(HCI_PSCAN, &hdev->flags);
369 clear_bit(HCI_PSCAN, &hdev->flags);
372 hci_dev_unlock(hdev);
375 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
377 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
379 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
384 memcpy(hdev->dev_class, rp->dev_class, 3);
386 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
387 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
390 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
392 __u8 status = *((__u8 *) skb->data);
395 BT_DBG("%s status 0x%2.2x", hdev->name, status);
397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
404 memcpy(hdev->dev_class, sent, 3);
406 if (test_bit(HCI_MGMT, &hdev->dev_flags))
407 mgmt_set_class_of_dev_complete(hdev, sent, status);
409 hci_dev_unlock(hdev);
412 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
414 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
417 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
422 setting = __le16_to_cpu(rp->voice_setting);
424 if (hdev->voice_setting == setting)
427 hdev->voice_setting = setting;
429 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
432 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
435 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
438 __u8 status = *((__u8 *) skb->data);
442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
451 setting = get_unaligned_le16(sent);
453 if (hdev->voice_setting == setting)
456 hdev->voice_setting = setting;
458 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
461 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
464 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
467 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
469 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
474 hdev->num_iac = rp->num_iac;
476 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
479 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
481 __u8 status = *((__u8 *) skb->data);
482 struct hci_cp_write_ssp_mode *sent;
484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
486 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
494 hdev->features[1][0] |= LMP_HOST_SSP;
496 hdev->features[1][0] &= ~LMP_HOST_SSP;
499 if (test_bit(HCI_MGMT, &hdev->dev_flags))
500 mgmt_ssp_enable_complete(hdev, sent->mode, status);
503 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
505 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
508 hci_dev_unlock(hdev);
511 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
513 u8 status = *((u8 *) skb->data);
514 struct hci_cp_write_sc_support *sent;
516 BT_DBG("%s status 0x%2.2x", hdev->name, status);
518 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
526 hdev->features[1][0] |= LMP_HOST_SC;
528 hdev->features[1][0] &= ~LMP_HOST_SC;
531 if (!test_bit(HCI_MGMT, &hdev->dev_flags) && !status) {
533 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
535 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
538 hci_dev_unlock(hdev);
541 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
543 struct hci_rp_read_local_version *rp = (void *) skb->data;
545 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
550 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
551 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
552 hdev->hci_ver = rp->hci_ver;
553 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
554 hdev->lmp_ver = rp->lmp_ver;
555 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
556 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
560 static void hci_cc_read_local_commands(struct hci_dev *hdev,
563 struct hci_rp_read_local_commands *rp = (void *) skb->data;
565 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
570 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
571 test_bit(HCI_CONFIG, &hdev->dev_flags))
572 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
575 static void hci_cc_read_local_features(struct hci_dev *hdev,
578 struct hci_rp_read_local_features *rp = (void *) skb->data;
580 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
585 memcpy(hdev->features, rp->features, 8);
587 /* Adjust default settings according to features
588 * supported by device. */
590 if (hdev->features[0][0] & LMP_3SLOT)
591 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
593 if (hdev->features[0][0] & LMP_5SLOT)
594 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
596 if (hdev->features[0][1] & LMP_HV2) {
597 hdev->pkt_type |= (HCI_HV2);
598 hdev->esco_type |= (ESCO_HV2);
601 if (hdev->features[0][1] & LMP_HV3) {
602 hdev->pkt_type |= (HCI_HV3);
603 hdev->esco_type |= (ESCO_HV3);
606 if (lmp_esco_capable(hdev))
607 hdev->esco_type |= (ESCO_EV3);
609 if (hdev->features[0][4] & LMP_EV4)
610 hdev->esco_type |= (ESCO_EV4);
612 if (hdev->features[0][4] & LMP_EV5)
613 hdev->esco_type |= (ESCO_EV5);
615 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
616 hdev->esco_type |= (ESCO_2EV3);
618 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
619 hdev->esco_type |= (ESCO_3EV3);
621 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
622 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
625 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
628 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
630 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
635 if (hdev->max_page < rp->max_page)
636 hdev->max_page = rp->max_page;
638 if (rp->page < HCI_MAX_PAGES)
639 memcpy(hdev->features[rp->page], rp->features, 8);
642 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
645 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 hdev->flow_ctl_mode = rp->mode;
655 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
657 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
659 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
665 hdev->sco_mtu = rp->sco_mtu;
666 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
667 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
669 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
674 hdev->acl_cnt = hdev->acl_pkts;
675 hdev->sco_cnt = hdev->sco_pkts;
677 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
678 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
681 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
683 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
685 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
690 if (test_bit(HCI_INIT, &hdev->flags))
691 bacpy(&hdev->bdaddr, &rp->bdaddr);
693 if (test_bit(HCI_SETUP, &hdev->dev_flags))
694 bacpy(&hdev->setup_addr, &rp->bdaddr);
697 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
700 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
702 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
707 if (test_bit(HCI_INIT, &hdev->flags)) {
708 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
709 hdev->page_scan_window = __le16_to_cpu(rp->window);
713 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
716 u8 status = *((u8 *) skb->data);
717 struct hci_cp_write_page_scan_activity *sent;
719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
724 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
728 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
729 hdev->page_scan_window = __le16_to_cpu(sent->window);
732 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
735 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
737 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
742 if (test_bit(HCI_INIT, &hdev->flags))
743 hdev->page_scan_type = rp->type;
746 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
749 u8 status = *((u8 *) skb->data);
752 BT_DBG("%s status 0x%2.2x", hdev->name, status);
757 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
759 hdev->page_scan_type = *type;
762 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
765 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
767 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
772 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
773 hdev->block_len = __le16_to_cpu(rp->block_len);
774 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
776 hdev->block_cnt = hdev->num_blocks;
778 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
779 hdev->block_cnt, hdev->block_len);
782 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
784 struct hci_rp_read_clock *rp = (void *) skb->data;
785 struct hci_cp_read_clock *cp;
786 struct hci_conn *conn;
788 BT_DBG("%s", hdev->name);
790 if (skb->len < sizeof(*rp))
798 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
802 if (cp->which == 0x00) {
803 hdev->clock = le32_to_cpu(rp->clock);
807 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
809 conn->clock = le32_to_cpu(rp->clock);
810 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
814 hci_dev_unlock(hdev);
817 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
820 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
827 hdev->amp_status = rp->amp_status;
828 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
829 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
830 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
831 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
832 hdev->amp_type = rp->amp_type;
833 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
834 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
835 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
836 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
839 a2mp_send_getinfo_rsp(hdev);
842 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
845 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
846 struct amp_assoc *assoc = &hdev->loc_assoc;
847 size_t rem_len, frag_len;
849 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
854 frag_len = skb->len - sizeof(*rp);
855 rem_len = __le16_to_cpu(rp->rem_len);
857 if (rem_len > frag_len) {
858 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
860 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
861 assoc->offset += frag_len;
863 /* Read other fragments */
864 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
869 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
870 assoc->len = assoc->offset + rem_len;
874 /* Send A2MP Rsp when all fragments are received */
875 a2mp_send_getampassoc_rsp(hdev, rp->status);
876 a2mp_send_create_phy_link_req(hdev, rp->status);
879 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
882 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
884 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
889 hdev->inq_tx_power = rp->tx_power;
892 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
894 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
895 struct hci_cp_pin_code_reply *cp;
896 struct hci_conn *conn;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
902 if (test_bit(HCI_MGMT, &hdev->dev_flags))
903 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
908 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
914 conn->pin_length = cp->pin_len;
917 hci_dev_unlock(hdev);
920 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
922 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
929 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
932 hci_dev_unlock(hdev);
935 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
938 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
940 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
945 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
946 hdev->le_pkts = rp->le_max_pkt;
948 hdev->le_cnt = hdev->le_pkts;
950 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
953 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
956 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
963 memcpy(hdev->le_features, rp->features, 8);
966 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
969 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
971 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
976 hdev->adv_tx_power = rp->tx_power;
979 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
981 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
983 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
987 if (test_bit(HCI_MGMT, &hdev->dev_flags))
988 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
991 hci_dev_unlock(hdev);
994 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
997 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
999 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1003 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1004 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1005 ACL_LINK, 0, rp->status);
1007 hci_dev_unlock(hdev);
1010 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1012 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1014 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1018 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1019 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1022 hci_dev_unlock(hdev);
1025 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1028 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1030 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1034 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1035 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1036 ACL_LINK, 0, rp->status);
1038 hci_dev_unlock(hdev);
1041 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1042 struct sk_buff *skb)
1044 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1046 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1049 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1051 hci_dev_unlock(hdev);
1054 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1055 struct sk_buff *skb)
1057 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1059 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1062 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1063 rp->hash256, rp->rand256,
1065 hci_dev_unlock(hdev);
1069 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1071 __u8 status = *((__u8 *) skb->data);
1074 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1079 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1085 bacpy(&hdev->random_addr, sent);
1087 hci_dev_unlock(hdev);
1090 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1092 __u8 *sent, status = *((__u8 *) skb->data);
1094 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1099 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1105 /* If we're doing connection initiation as peripheral. Set a
1106 * timeout in case something goes wrong.
1109 struct hci_conn *conn;
1111 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1113 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1115 queue_delayed_work(hdev->workqueue,
1116 &conn->le_conn_timeout,
1117 conn->conn_timeout);
1119 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1122 hci_dev_unlock(hdev);
1125 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1127 struct hci_cp_le_set_scan_param *cp;
1128 __u8 status = *((__u8 *) skb->data);
1130 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1135 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1141 hdev->le_scan_type = cp->type;
1143 hci_dev_unlock(hdev);
1146 static bool has_pending_adv_report(struct hci_dev *hdev)
1148 struct discovery_state *d = &hdev->discovery;
1150 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1153 static void clear_pending_adv_report(struct hci_dev *hdev)
1155 struct discovery_state *d = &hdev->discovery;
1157 bacpy(&d->last_adv_addr, BDADDR_ANY);
1158 d->last_adv_data_len = 0;
1161 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1162 u8 bdaddr_type, s8 rssi, u32 flags,
1165 struct discovery_state *d = &hdev->discovery;
1167 bacpy(&d->last_adv_addr, bdaddr);
1168 d->last_adv_addr_type = bdaddr_type;
1169 d->last_adv_rssi = rssi;
1170 d->last_adv_flags = flags;
1171 memcpy(d->last_adv_data, data, len);
1172 d->last_adv_data_len = len;
1175 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1176 struct sk_buff *skb)
1178 struct hci_cp_le_set_scan_enable *cp;
1179 __u8 status = *((__u8 *) skb->data);
1181 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1192 switch (cp->enable) {
1193 case LE_SCAN_ENABLE:
1194 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1195 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1196 clear_pending_adv_report(hdev);
1199 case LE_SCAN_DISABLE:
1200 /* We do this here instead of when setting DISCOVERY_STOPPED
1201 * since the latter would potentially require waiting for
1202 * inquiry to stop too.
1204 if (has_pending_adv_report(hdev)) {
1205 struct discovery_state *d = &hdev->discovery;
1207 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1208 d->last_adv_addr_type, NULL,
1209 d->last_adv_rssi, d->last_adv_flags,
1211 d->last_adv_data_len, NULL, 0);
1214 /* Cancel this timer so that we don't try to disable scanning
1215 * when it's already disabled.
1217 cancel_delayed_work(&hdev->le_scan_disable);
1219 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1221 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1222 * interrupted scanning due to a connect request. Mark
1223 * therefore discovery as stopped. If this was not
1224 * because of a connect request advertising might have
1225 * been disabled because of active scanning, so
1226 * re-enable it again if necessary.
1228 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1230 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1231 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
1232 hdev->discovery.state == DISCOVERY_FINDING)
1233 mgmt_reenable_advertising(hdev);
1238 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1242 hci_dev_unlock(hdev);
1245 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1246 struct sk_buff *skb)
1248 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1250 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1255 hdev->le_white_list_size = rp->size;
1258 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1259 struct sk_buff *skb)
1261 __u8 status = *((__u8 *) skb->data);
1263 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1268 hci_bdaddr_list_clear(&hdev->le_white_list);
1271 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1272 struct sk_buff *skb)
1274 struct hci_cp_le_add_to_white_list *sent;
1275 __u8 status = *((__u8 *) skb->data);
1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1282 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1286 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1290 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1291 struct sk_buff *skb)
1293 struct hci_cp_le_del_from_white_list *sent;
1294 __u8 status = *((__u8 *) skb->data);
1296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1301 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1305 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1309 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1310 struct sk_buff *skb)
1312 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1314 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1319 memcpy(hdev->le_states, rp->le_states, 8);
1322 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1323 struct sk_buff *skb)
1325 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1327 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1332 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1333 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1336 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1337 struct sk_buff *skb)
1339 struct hci_cp_le_write_def_data_len *sent;
1340 __u8 status = *((__u8 *) skb->data);
1342 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1347 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1351 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1352 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1355 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1356 struct sk_buff *skb)
1358 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1360 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1365 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1366 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1367 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1368 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1371 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1372 struct sk_buff *skb)
1374 struct hci_cp_write_le_host_supported *sent;
1375 __u8 status = *((__u8 *) skb->data);
1377 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1382 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1389 hdev->features[1][0] |= LMP_HOST_LE;
1390 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1392 hdev->features[1][0] &= ~LMP_HOST_LE;
1393 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1394 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1398 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1400 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1402 hci_dev_unlock(hdev);
1405 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1407 struct hci_cp_le_set_adv_param *cp;
1408 u8 status = *((u8 *) skb->data);
1410 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1415 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1420 hdev->adv_addr_type = cp->own_address_type;
1421 hci_dev_unlock(hdev);
1424 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1425 struct sk_buff *skb)
1427 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1429 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1430 hdev->name, rp->status, rp->phy_handle);
1435 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1438 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1440 struct hci_rp_read_rssi *rp = (void *) skb->data;
1441 struct hci_conn *conn;
1443 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1452 conn->rssi = rp->rssi;
1454 hci_dev_unlock(hdev);
1457 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1459 struct hci_cp_read_tx_power *sent;
1460 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1461 struct hci_conn *conn;
1463 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1468 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1474 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1478 switch (sent->type) {
1480 conn->tx_power = rp->tx_power;
1483 conn->max_tx_power = rp->tx_power;
1488 hci_dev_unlock(hdev);
1491 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1493 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1496 hci_conn_check_pending(hdev);
1500 set_bit(HCI_INQUIRY, &hdev->flags);
1503 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1505 struct hci_cp_create_conn *cp;
1506 struct hci_conn *conn;
1508 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1510 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1516 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1518 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1521 if (conn && conn->state == BT_CONNECT) {
1522 if (status != 0x0c || conn->attempt > 2) {
1523 conn->state = BT_CLOSED;
1524 hci_proto_connect_cfm(conn, status);
1527 conn->state = BT_CONNECT2;
1531 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1534 BT_ERR("No memory for new connection");
1538 hci_dev_unlock(hdev);
1541 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1543 struct hci_cp_add_sco *cp;
1544 struct hci_conn *acl, *sco;
1547 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1552 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1556 handle = __le16_to_cpu(cp->handle);
1558 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1562 acl = hci_conn_hash_lookup_handle(hdev, handle);
1566 sco->state = BT_CLOSED;
1568 hci_proto_connect_cfm(sco, status);
1573 hci_dev_unlock(hdev);
1576 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1578 struct hci_cp_auth_requested *cp;
1579 struct hci_conn *conn;
1581 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1586 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1594 if (conn->state == BT_CONFIG) {
1595 hci_proto_connect_cfm(conn, status);
1596 hci_conn_drop(conn);
1600 hci_dev_unlock(hdev);
1603 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1605 struct hci_cp_set_conn_encrypt *cp;
1606 struct hci_conn *conn;
1608 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1613 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1621 if (conn->state == BT_CONFIG) {
1622 hci_proto_connect_cfm(conn, status);
1623 hci_conn_drop(conn);
1627 hci_dev_unlock(hdev);
1630 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1631 struct hci_conn *conn)
1633 if (conn->state != BT_CONFIG || !conn->out)
1636 if (conn->pending_sec_level == BT_SECURITY_SDP)
1639 /* Only request authentication for SSP connections or non-SSP
1640 * devices with sec_level MEDIUM or HIGH or if MITM protection
1643 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1644 conn->pending_sec_level != BT_SECURITY_FIPS &&
1645 conn->pending_sec_level != BT_SECURITY_HIGH &&
1646 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1652 static int hci_resolve_name(struct hci_dev *hdev,
1653 struct inquiry_entry *e)
1655 struct hci_cp_remote_name_req cp;
1657 memset(&cp, 0, sizeof(cp));
1659 bacpy(&cp.bdaddr, &e->data.bdaddr);
1660 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1661 cp.pscan_mode = e->data.pscan_mode;
1662 cp.clock_offset = e->data.clock_offset;
1664 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1667 static bool hci_resolve_next_name(struct hci_dev *hdev)
1669 struct discovery_state *discov = &hdev->discovery;
1670 struct inquiry_entry *e;
1672 if (list_empty(&discov->resolve))
1675 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1679 if (hci_resolve_name(hdev, e) == 0) {
1680 e->name_state = NAME_PENDING;
1687 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1688 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1690 struct discovery_state *discov = &hdev->discovery;
1691 struct inquiry_entry *e;
1693 /* Update the mgmt connected state if necessary. Be careful with
1694 * conn objects that exist but are not (yet) connected however.
1695 * Only those in BT_CONFIG or BT_CONNECTED states can be
1696 * considered connected.
1699 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1700 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1701 mgmt_device_connected(hdev, conn, 0, name, name_len);
1703 if (discov->state == DISCOVERY_STOPPED)
1706 if (discov->state == DISCOVERY_STOPPING)
1707 goto discov_complete;
1709 if (discov->state != DISCOVERY_RESOLVING)
1712 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1713 /* If the device was not found in a list of found devices names of which
1714 * are pending. there is no need to continue resolving a next name as it
1715 * will be done upon receiving another Remote Name Request Complete
1722 e->name_state = NAME_KNOWN;
1723 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1724 e->data.rssi, name, name_len);
1726 e->name_state = NAME_NOT_KNOWN;
1729 if (hci_resolve_next_name(hdev))
1733 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1736 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1738 struct hci_cp_remote_name_req *cp;
1739 struct hci_conn *conn;
1741 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1743 /* If successful wait for the name req complete event before
1744 * checking for the need to do authentication */
1748 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1754 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1756 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1757 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1762 if (!hci_outgoing_auth_needed(hdev, conn))
1765 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1766 struct hci_cp_auth_requested auth_cp;
1768 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1770 auth_cp.handle = __cpu_to_le16(conn->handle);
1771 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1772 sizeof(auth_cp), &auth_cp);
1776 hci_dev_unlock(hdev);
1779 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1781 struct hci_cp_read_remote_features *cp;
1782 struct hci_conn *conn;
1784 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1789 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1795 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1797 if (conn->state == BT_CONFIG) {
1798 hci_proto_connect_cfm(conn, status);
1799 hci_conn_drop(conn);
1803 hci_dev_unlock(hdev);
1806 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1808 struct hci_cp_read_remote_ext_features *cp;
1809 struct hci_conn *conn;
1811 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1816 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1822 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1824 if (conn->state == BT_CONFIG) {
1825 hci_proto_connect_cfm(conn, status);
1826 hci_conn_drop(conn);
1830 hci_dev_unlock(hdev);
1833 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1835 struct hci_cp_setup_sync_conn *cp;
1836 struct hci_conn *acl, *sco;
1839 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1844 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1848 handle = __le16_to_cpu(cp->handle);
1850 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1854 acl = hci_conn_hash_lookup_handle(hdev, handle);
1858 sco->state = BT_CLOSED;
1860 hci_proto_connect_cfm(sco, status);
1865 hci_dev_unlock(hdev);
1868 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1870 struct hci_cp_sniff_mode *cp;
1871 struct hci_conn *conn;
1873 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1878 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1884 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1886 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1888 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1889 hci_sco_setup(conn, status);
1892 hci_dev_unlock(hdev);
1895 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1897 struct hci_cp_exit_sniff_mode *cp;
1898 struct hci_conn *conn;
1900 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1905 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1911 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1913 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1915 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1916 hci_sco_setup(conn, status);
1919 hci_dev_unlock(hdev);
1922 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1924 struct hci_cp_disconnect *cp;
1925 struct hci_conn *conn;
1930 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1936 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1938 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1939 conn->dst_type, status);
1941 hci_dev_unlock(hdev);
1944 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1946 struct hci_cp_create_phy_link *cp;
1948 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1950 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1957 struct hci_conn *hcon;
1959 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1963 amp_write_remote_assoc(hdev, cp->phy_handle);
1966 hci_dev_unlock(hdev);
1969 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1971 struct hci_cp_accept_phy_link *cp;
1973 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1978 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1982 amp_write_remote_assoc(hdev, cp->phy_handle);
1985 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1987 struct hci_cp_le_create_conn *cp;
1988 struct hci_conn *conn;
1990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1992 /* All connection failure handling is taken care of by the
1993 * hci_le_conn_failed function which is triggered by the HCI
1994 * request completion callbacks used for connecting.
1999 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2005 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
2009 /* Store the initiator and responder address information which
2010 * is needed for SMP. These values will not change during the
2011 * lifetime of the connection.
2013 conn->init_addr_type = cp->own_address_type;
2014 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
2015 bacpy(&conn->init_addr, &hdev->random_addr);
2017 bacpy(&conn->init_addr, &hdev->bdaddr);
2019 conn->resp_addr_type = cp->peer_addr_type;
2020 bacpy(&conn->resp_addr, &cp->peer_addr);
2022 /* We don't want the connection attempt to stick around
2023 * indefinitely since LE doesn't have a page timeout concept
2024 * like BR/EDR. Set a timer for any connection that doesn't use
2025 * the white list for connecting.
2027 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
2028 queue_delayed_work(conn->hdev->workqueue,
2029 &conn->le_conn_timeout,
2030 conn->conn_timeout);
2033 hci_dev_unlock(hdev);
2036 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2038 struct hci_cp_le_start_enc *cp;
2039 struct hci_conn *conn;
2041 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2048 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2052 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2056 if (conn->state != BT_CONNECTED)
2059 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2060 hci_conn_drop(conn);
2063 hci_dev_unlock(hdev);
2066 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2068 struct hci_cp_switch_role *cp;
2069 struct hci_conn *conn;
2071 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2076 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2082 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2084 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2086 hci_dev_unlock(hdev);
2089 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2091 __u8 status = *((__u8 *) skb->data);
2092 struct discovery_state *discov = &hdev->discovery;
2093 struct inquiry_entry *e;
2095 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2097 hci_conn_check_pending(hdev);
2099 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2102 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2103 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2105 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2110 if (discov->state != DISCOVERY_FINDING)
2113 if (list_empty(&discov->resolve)) {
2114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2118 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2119 if (e && hci_resolve_name(hdev, e) == 0) {
2120 e->name_state = NAME_PENDING;
2121 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2123 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2127 hci_dev_unlock(hdev);
2130 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2132 struct inquiry_data data;
2133 struct inquiry_info *info = (void *) (skb->data + 1);
2134 int num_rsp = *((__u8 *) skb->data);
2136 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2141 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2146 for (; num_rsp; num_rsp--, info++) {
2149 bacpy(&data.bdaddr, &info->bdaddr);
2150 data.pscan_rep_mode = info->pscan_rep_mode;
2151 data.pscan_period_mode = info->pscan_period_mode;
2152 data.pscan_mode = info->pscan_mode;
2153 memcpy(data.dev_class, info->dev_class, 3);
2154 data.clock_offset = info->clock_offset;
2155 data.rssi = HCI_RSSI_INVALID;
2156 data.ssp_mode = 0x00;
2158 flags = hci_inquiry_cache_update(hdev, &data, false);
2160 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2161 info->dev_class, HCI_RSSI_INVALID,
2162 flags, NULL, 0, NULL, 0);
2165 hci_dev_unlock(hdev);
2168 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2170 struct hci_ev_conn_complete *ev = (void *) skb->data;
2171 struct hci_conn *conn;
2173 BT_DBG("%s", hdev->name);
2177 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2179 if (ev->link_type != SCO_LINK)
2182 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2186 conn->type = SCO_LINK;
2190 conn->handle = __le16_to_cpu(ev->handle);
2192 if (conn->type == ACL_LINK) {
2193 conn->state = BT_CONFIG;
2194 hci_conn_hold(conn);
2196 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2197 !hci_find_link_key(hdev, &ev->bdaddr))
2198 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2200 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2202 conn->state = BT_CONNECTED;
2204 hci_debugfs_create_conn(conn);
2205 hci_conn_add_sysfs(conn);
2207 if (test_bit(HCI_AUTH, &hdev->flags))
2208 set_bit(HCI_CONN_AUTH, &conn->flags);
2210 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2211 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2213 /* Get remote features */
2214 if (conn->type == ACL_LINK) {
2215 struct hci_cp_read_remote_features cp;
2216 cp.handle = ev->handle;
2217 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2220 hci_update_page_scan(hdev);
2223 /* Set packet type for incoming connection */
2224 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2225 struct hci_cp_change_conn_ptype cp;
2226 cp.handle = ev->handle;
2227 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2228 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2232 conn->state = BT_CLOSED;
2233 if (conn->type == ACL_LINK)
2234 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2235 conn->dst_type, ev->status);
2238 if (conn->type == ACL_LINK)
2239 hci_sco_setup(conn, ev->status);
2242 hci_proto_connect_cfm(conn, ev->status);
2244 } else if (ev->link_type != ACL_LINK)
2245 hci_proto_connect_cfm(conn, ev->status);
2248 hci_dev_unlock(hdev);
2250 hci_conn_check_pending(hdev);
2253 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2255 struct hci_cp_reject_conn_req cp;
2257 bacpy(&cp.bdaddr, bdaddr);
2258 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2259 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2262 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2264 struct hci_ev_conn_request *ev = (void *) skb->data;
2265 int mask = hdev->link_mode;
2266 struct inquiry_entry *ie;
2267 struct hci_conn *conn;
2270 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2273 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2276 if (!(mask & HCI_LM_ACCEPT)) {
2277 hci_reject_conn(hdev, &ev->bdaddr);
2281 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2283 hci_reject_conn(hdev, &ev->bdaddr);
2287 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2288 * connection. These features are only touched through mgmt so
2289 * only do the checks if HCI_MGMT is set.
2291 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2292 !test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2293 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2295 hci_reject_conn(hdev, &ev->bdaddr);
2299 /* Connection accepted */
2303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2305 memcpy(ie->data.dev_class, ev->dev_class, 3);
2307 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2310 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2313 BT_ERR("No memory for new connection");
2314 hci_dev_unlock(hdev);
2319 memcpy(conn->dev_class, ev->dev_class, 3);
2321 hci_dev_unlock(hdev);
2323 if (ev->link_type == ACL_LINK ||
2324 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2325 struct hci_cp_accept_conn_req cp;
2326 conn->state = BT_CONNECT;
2328 bacpy(&cp.bdaddr, &ev->bdaddr);
2330 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2331 cp.role = 0x00; /* Become master */
2333 cp.role = 0x01; /* Remain slave */
2335 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2336 } else if (!(flags & HCI_PROTO_DEFER)) {
2337 struct hci_cp_accept_sync_conn_req cp;
2338 conn->state = BT_CONNECT;
2340 bacpy(&cp.bdaddr, &ev->bdaddr);
2341 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2343 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2344 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2345 cp.max_latency = cpu_to_le16(0xffff);
2346 cp.content_format = cpu_to_le16(hdev->voice_setting);
2347 cp.retrans_effort = 0xff;
2349 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2352 conn->state = BT_CONNECT2;
2353 hci_proto_connect_cfm(conn, 0);
2357 static u8 hci_to_mgmt_reason(u8 err)
2360 case HCI_ERROR_CONNECTION_TIMEOUT:
2361 return MGMT_DEV_DISCONN_TIMEOUT;
2362 case HCI_ERROR_REMOTE_USER_TERM:
2363 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2364 case HCI_ERROR_REMOTE_POWER_OFF:
2365 return MGMT_DEV_DISCONN_REMOTE;
2366 case HCI_ERROR_LOCAL_HOST_TERM:
2367 return MGMT_DEV_DISCONN_LOCAL_HOST;
2369 return MGMT_DEV_DISCONN_UNKNOWN;
2373 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2375 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2376 u8 reason = hci_to_mgmt_reason(ev->reason);
2377 struct hci_conn_params *params;
2378 struct hci_conn *conn;
2379 bool mgmt_connected;
2382 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2386 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2391 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2392 conn->dst_type, ev->status);
2396 conn->state = BT_CLOSED;
2398 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2399 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2400 reason, mgmt_connected);
2402 if (conn->type == ACL_LINK) {
2403 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2404 hci_remove_link_key(hdev, &conn->dst);
2406 hci_update_page_scan(hdev);
2409 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2411 switch (params->auto_connect) {
2412 case HCI_AUTO_CONN_LINK_LOSS:
2413 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2417 case HCI_AUTO_CONN_DIRECT:
2418 case HCI_AUTO_CONN_ALWAYS:
2419 list_del_init(¶ms->action);
2420 list_add(¶ms->action, &hdev->pend_le_conns);
2421 hci_update_background_scan(hdev);
2431 hci_proto_disconn_cfm(conn, ev->reason);
2434 /* Re-enable advertising if necessary, since it might
2435 * have been disabled by the connection. From the
2436 * HCI_LE_Set_Advertise_Enable command description in
2437 * the core specification (v4.0):
2438 * "The Controller shall continue advertising until the Host
2439 * issues an LE_Set_Advertise_Enable command with
2440 * Advertising_Enable set to 0x00 (Advertising is disabled)
2441 * or until a connection is created or until the Advertising
2442 * is timed out due to Directed Advertising."
2444 if (type == LE_LINK)
2445 mgmt_reenable_advertising(hdev);
2448 hci_dev_unlock(hdev);
2451 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2453 struct hci_ev_auth_complete *ev = (void *) skb->data;
2454 struct hci_conn *conn;
2456 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2465 if (!hci_conn_ssp_enabled(conn) &&
2466 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2467 BT_INFO("re-auth of legacy device is not possible.");
2469 set_bit(HCI_CONN_AUTH, &conn->flags);
2470 conn->sec_level = conn->pending_sec_level;
2473 mgmt_auth_failed(conn, ev->status);
2476 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2477 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2479 if (conn->state == BT_CONFIG) {
2480 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2481 struct hci_cp_set_conn_encrypt cp;
2482 cp.handle = ev->handle;
2484 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2487 conn->state = BT_CONNECTED;
2488 hci_proto_connect_cfm(conn, ev->status);
2489 hci_conn_drop(conn);
2492 hci_auth_cfm(conn, ev->status);
2494 hci_conn_hold(conn);
2495 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2496 hci_conn_drop(conn);
2499 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2501 struct hci_cp_set_conn_encrypt cp;
2502 cp.handle = ev->handle;
2504 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2507 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2508 hci_encrypt_cfm(conn, ev->status, 0x00);
2513 hci_dev_unlock(hdev);
2516 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2518 struct hci_ev_remote_name *ev = (void *) skb->data;
2519 struct hci_conn *conn;
2521 BT_DBG("%s", hdev->name);
2523 hci_conn_check_pending(hdev);
2527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2529 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2532 if (ev->status == 0)
2533 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2534 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2536 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2542 if (!hci_outgoing_auth_needed(hdev, conn))
2545 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2546 struct hci_cp_auth_requested cp;
2548 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2550 cp.handle = __cpu_to_le16(conn->handle);
2551 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2555 hci_dev_unlock(hdev);
2558 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2560 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2561 struct hci_conn *conn;
2563 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2567 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2573 /* Encryption implies authentication */
2574 set_bit(HCI_CONN_AUTH, &conn->flags);
2575 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2576 conn->sec_level = conn->pending_sec_level;
2578 /* P-256 authentication key implies FIPS */
2579 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2580 set_bit(HCI_CONN_FIPS, &conn->flags);
2582 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2583 conn->type == LE_LINK)
2584 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2586 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2587 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2591 /* We should disregard the current RPA and generate a new one
2592 * whenever the encryption procedure fails.
2594 if (ev->status && conn->type == LE_LINK)
2595 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2597 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2599 if (ev->status && conn->state == BT_CONNECTED) {
2600 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2601 hci_conn_drop(conn);
2605 if (conn->state == BT_CONFIG) {
2607 conn->state = BT_CONNECTED;
2609 /* In Secure Connections Only mode, do not allow any
2610 * connections that are not encrypted with AES-CCM
2611 * using a P-256 authenticated combination key.
2613 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2614 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2615 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2616 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2617 hci_conn_drop(conn);
2621 hci_proto_connect_cfm(conn, ev->status);
2622 hci_conn_drop(conn);
2624 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2627 hci_dev_unlock(hdev);
2630 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2631 struct sk_buff *skb)
2633 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2634 struct hci_conn *conn;
2636 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2640 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2643 set_bit(HCI_CONN_SECURE, &conn->flags);
2645 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2647 hci_key_change_cfm(conn, ev->status);
2650 hci_dev_unlock(hdev);
2653 static void hci_remote_features_evt(struct hci_dev *hdev,
2654 struct sk_buff *skb)
2656 struct hci_ev_remote_features *ev = (void *) skb->data;
2657 struct hci_conn *conn;
2659 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2663 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2668 memcpy(conn->features[0], ev->features, 8);
2670 if (conn->state != BT_CONFIG)
2673 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2674 struct hci_cp_read_remote_ext_features cp;
2675 cp.handle = ev->handle;
2677 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2682 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2683 struct hci_cp_remote_name_req cp;
2684 memset(&cp, 0, sizeof(cp));
2685 bacpy(&cp.bdaddr, &conn->dst);
2686 cp.pscan_rep_mode = 0x02;
2687 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2688 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2689 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2691 if (!hci_outgoing_auth_needed(hdev, conn)) {
2692 conn->state = BT_CONNECTED;
2693 hci_proto_connect_cfm(conn, ev->status);
2694 hci_conn_drop(conn);
2698 hci_dev_unlock(hdev);
2701 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2703 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2704 u8 status = skb->data[sizeof(*ev)];
2707 skb_pull(skb, sizeof(*ev));
2709 opcode = __le16_to_cpu(ev->opcode);
2712 case HCI_OP_INQUIRY_CANCEL:
2713 hci_cc_inquiry_cancel(hdev, skb);
2716 case HCI_OP_PERIODIC_INQ:
2717 hci_cc_periodic_inq(hdev, skb);
2720 case HCI_OP_EXIT_PERIODIC_INQ:
2721 hci_cc_exit_periodic_inq(hdev, skb);
2724 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2725 hci_cc_remote_name_req_cancel(hdev, skb);
2728 case HCI_OP_ROLE_DISCOVERY:
2729 hci_cc_role_discovery(hdev, skb);
2732 case HCI_OP_READ_LINK_POLICY:
2733 hci_cc_read_link_policy(hdev, skb);
2736 case HCI_OP_WRITE_LINK_POLICY:
2737 hci_cc_write_link_policy(hdev, skb);
2740 case HCI_OP_READ_DEF_LINK_POLICY:
2741 hci_cc_read_def_link_policy(hdev, skb);
2744 case HCI_OP_WRITE_DEF_LINK_POLICY:
2745 hci_cc_write_def_link_policy(hdev, skb);
2749 hci_cc_reset(hdev, skb);
2752 case HCI_OP_READ_STORED_LINK_KEY:
2753 hci_cc_read_stored_link_key(hdev, skb);
2756 case HCI_OP_DELETE_STORED_LINK_KEY:
2757 hci_cc_delete_stored_link_key(hdev, skb);
2760 case HCI_OP_WRITE_LOCAL_NAME:
2761 hci_cc_write_local_name(hdev, skb);
2764 case HCI_OP_READ_LOCAL_NAME:
2765 hci_cc_read_local_name(hdev, skb);
2768 case HCI_OP_WRITE_AUTH_ENABLE:
2769 hci_cc_write_auth_enable(hdev, skb);
2772 case HCI_OP_WRITE_ENCRYPT_MODE:
2773 hci_cc_write_encrypt_mode(hdev, skb);
2776 case HCI_OP_WRITE_SCAN_ENABLE:
2777 hci_cc_write_scan_enable(hdev, skb);
2780 case HCI_OP_READ_CLASS_OF_DEV:
2781 hci_cc_read_class_of_dev(hdev, skb);
2784 case HCI_OP_WRITE_CLASS_OF_DEV:
2785 hci_cc_write_class_of_dev(hdev, skb);
2788 case HCI_OP_READ_VOICE_SETTING:
2789 hci_cc_read_voice_setting(hdev, skb);
2792 case HCI_OP_WRITE_VOICE_SETTING:
2793 hci_cc_write_voice_setting(hdev, skb);
2796 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2797 hci_cc_read_num_supported_iac(hdev, skb);
2800 case HCI_OP_WRITE_SSP_MODE:
2801 hci_cc_write_ssp_mode(hdev, skb);
2804 case HCI_OP_WRITE_SC_SUPPORT:
2805 hci_cc_write_sc_support(hdev, skb);
2808 case HCI_OP_READ_LOCAL_VERSION:
2809 hci_cc_read_local_version(hdev, skb);
2812 case HCI_OP_READ_LOCAL_COMMANDS:
2813 hci_cc_read_local_commands(hdev, skb);
2816 case HCI_OP_READ_LOCAL_FEATURES:
2817 hci_cc_read_local_features(hdev, skb);
2820 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2821 hci_cc_read_local_ext_features(hdev, skb);
2824 case HCI_OP_READ_BUFFER_SIZE:
2825 hci_cc_read_buffer_size(hdev, skb);
2828 case HCI_OP_READ_BD_ADDR:
2829 hci_cc_read_bd_addr(hdev, skb);
2832 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2833 hci_cc_read_page_scan_activity(hdev, skb);
2836 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2837 hci_cc_write_page_scan_activity(hdev, skb);
2840 case HCI_OP_READ_PAGE_SCAN_TYPE:
2841 hci_cc_read_page_scan_type(hdev, skb);
2844 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2845 hci_cc_write_page_scan_type(hdev, skb);
2848 case HCI_OP_READ_DATA_BLOCK_SIZE:
2849 hci_cc_read_data_block_size(hdev, skb);
2852 case HCI_OP_READ_FLOW_CONTROL_MODE:
2853 hci_cc_read_flow_control_mode(hdev, skb);
2856 case HCI_OP_READ_LOCAL_AMP_INFO:
2857 hci_cc_read_local_amp_info(hdev, skb);
2860 case HCI_OP_READ_CLOCK:
2861 hci_cc_read_clock(hdev, skb);
2864 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2865 hci_cc_read_local_amp_assoc(hdev, skb);
2868 case HCI_OP_READ_INQ_RSP_TX_POWER:
2869 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2872 case HCI_OP_PIN_CODE_REPLY:
2873 hci_cc_pin_code_reply(hdev, skb);
2876 case HCI_OP_PIN_CODE_NEG_REPLY:
2877 hci_cc_pin_code_neg_reply(hdev, skb);
2880 case HCI_OP_READ_LOCAL_OOB_DATA:
2881 hci_cc_read_local_oob_data(hdev, skb);
2884 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2885 hci_cc_read_local_oob_ext_data(hdev, skb);
2888 case HCI_OP_LE_READ_BUFFER_SIZE:
2889 hci_cc_le_read_buffer_size(hdev, skb);
2892 case HCI_OP_LE_READ_LOCAL_FEATURES:
2893 hci_cc_le_read_local_features(hdev, skb);
2896 case HCI_OP_LE_READ_ADV_TX_POWER:
2897 hci_cc_le_read_adv_tx_power(hdev, skb);
2900 case HCI_OP_USER_CONFIRM_REPLY:
2901 hci_cc_user_confirm_reply(hdev, skb);
2904 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2905 hci_cc_user_confirm_neg_reply(hdev, skb);
2908 case HCI_OP_USER_PASSKEY_REPLY:
2909 hci_cc_user_passkey_reply(hdev, skb);
2912 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2913 hci_cc_user_passkey_neg_reply(hdev, skb);
2916 case HCI_OP_LE_SET_RANDOM_ADDR:
2917 hci_cc_le_set_random_addr(hdev, skb);
2920 case HCI_OP_LE_SET_ADV_ENABLE:
2921 hci_cc_le_set_adv_enable(hdev, skb);
2924 case HCI_OP_LE_SET_SCAN_PARAM:
2925 hci_cc_le_set_scan_param(hdev, skb);
2928 case HCI_OP_LE_SET_SCAN_ENABLE:
2929 hci_cc_le_set_scan_enable(hdev, skb);
2932 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2933 hci_cc_le_read_white_list_size(hdev, skb);
2936 case HCI_OP_LE_CLEAR_WHITE_LIST:
2937 hci_cc_le_clear_white_list(hdev, skb);
2940 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2941 hci_cc_le_add_to_white_list(hdev, skb);
2944 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2945 hci_cc_le_del_from_white_list(hdev, skb);
2948 case HCI_OP_LE_READ_SUPPORTED_STATES:
2949 hci_cc_le_read_supported_states(hdev, skb);
2952 case HCI_OP_LE_READ_DEF_DATA_LEN:
2953 hci_cc_le_read_def_data_len(hdev, skb);
2956 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
2957 hci_cc_le_write_def_data_len(hdev, skb);
2960 case HCI_OP_LE_READ_MAX_DATA_LEN:
2961 hci_cc_le_read_max_data_len(hdev, skb);
2964 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2965 hci_cc_write_le_host_supported(hdev, skb);
2968 case HCI_OP_LE_SET_ADV_PARAM:
2969 hci_cc_set_adv_param(hdev, skb);
2972 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2973 hci_cc_write_remote_amp_assoc(hdev, skb);
2976 case HCI_OP_READ_RSSI:
2977 hci_cc_read_rssi(hdev, skb);
2980 case HCI_OP_READ_TX_POWER:
2981 hci_cc_read_tx_power(hdev, skb);
2985 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2989 if (opcode != HCI_OP_NOP)
2990 cancel_delayed_work(&hdev->cmd_timer);
2992 hci_req_cmd_complete(hdev, opcode, status);
2994 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2995 atomic_set(&hdev->cmd_cnt, 1);
2996 if (!skb_queue_empty(&hdev->cmd_q))
2997 queue_work(hdev->workqueue, &hdev->cmd_work);
3001 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
3003 struct hci_ev_cmd_status *ev = (void *) skb->data;
3006 skb_pull(skb, sizeof(*ev));
3008 opcode = __le16_to_cpu(ev->opcode);
3011 case HCI_OP_INQUIRY:
3012 hci_cs_inquiry(hdev, ev->status);
3015 case HCI_OP_CREATE_CONN:
3016 hci_cs_create_conn(hdev, ev->status);
3019 case HCI_OP_DISCONNECT:
3020 hci_cs_disconnect(hdev, ev->status);
3023 case HCI_OP_ADD_SCO:
3024 hci_cs_add_sco(hdev, ev->status);
3027 case HCI_OP_AUTH_REQUESTED:
3028 hci_cs_auth_requested(hdev, ev->status);
3031 case HCI_OP_SET_CONN_ENCRYPT:
3032 hci_cs_set_conn_encrypt(hdev, ev->status);
3035 case HCI_OP_REMOTE_NAME_REQ:
3036 hci_cs_remote_name_req(hdev, ev->status);
3039 case HCI_OP_READ_REMOTE_FEATURES:
3040 hci_cs_read_remote_features(hdev, ev->status);
3043 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3044 hci_cs_read_remote_ext_features(hdev, ev->status);
3047 case HCI_OP_SETUP_SYNC_CONN:
3048 hci_cs_setup_sync_conn(hdev, ev->status);
3051 case HCI_OP_CREATE_PHY_LINK:
3052 hci_cs_create_phylink(hdev, ev->status);
3055 case HCI_OP_ACCEPT_PHY_LINK:
3056 hci_cs_accept_phylink(hdev, ev->status);
3059 case HCI_OP_SNIFF_MODE:
3060 hci_cs_sniff_mode(hdev, ev->status);
3063 case HCI_OP_EXIT_SNIFF_MODE:
3064 hci_cs_exit_sniff_mode(hdev, ev->status);
3067 case HCI_OP_SWITCH_ROLE:
3068 hci_cs_switch_role(hdev, ev->status);
3071 case HCI_OP_LE_CREATE_CONN:
3072 hci_cs_le_create_conn(hdev, ev->status);
3075 case HCI_OP_LE_START_ENC:
3076 hci_cs_le_start_enc(hdev, ev->status);
3080 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3084 if (opcode != HCI_OP_NOP)
3085 cancel_delayed_work(&hdev->cmd_timer);
3088 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
3089 hci_req_cmd_complete(hdev, opcode, ev->status);
3091 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3092 atomic_set(&hdev->cmd_cnt, 1);
3093 if (!skb_queue_empty(&hdev->cmd_q))
3094 queue_work(hdev->workqueue, &hdev->cmd_work);
3098 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3100 struct hci_ev_hardware_error *ev = (void *) skb->data;
3102 BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
3105 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3107 struct hci_ev_role_change *ev = (void *) skb->data;
3108 struct hci_conn *conn;
3110 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3114 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3117 conn->role = ev->role;
3119 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3121 hci_role_switch_cfm(conn, ev->status, ev->role);
3124 hci_dev_unlock(hdev);
3127 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3129 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3132 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3133 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3137 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3138 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3139 BT_DBG("%s bad parameters", hdev->name);
3143 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3145 for (i = 0; i < ev->num_hndl; i++) {
3146 struct hci_comp_pkts_info *info = &ev->handles[i];
3147 struct hci_conn *conn;
3148 __u16 handle, count;
3150 handle = __le16_to_cpu(info->handle);
3151 count = __le16_to_cpu(info->count);
3153 conn = hci_conn_hash_lookup_handle(hdev, handle);
3157 conn->sent -= count;
3159 switch (conn->type) {
3161 hdev->acl_cnt += count;
3162 if (hdev->acl_cnt > hdev->acl_pkts)
3163 hdev->acl_cnt = hdev->acl_pkts;
3167 if (hdev->le_pkts) {
3168 hdev->le_cnt += count;
3169 if (hdev->le_cnt > hdev->le_pkts)
3170 hdev->le_cnt = hdev->le_pkts;
3172 hdev->acl_cnt += count;
3173 if (hdev->acl_cnt > hdev->acl_pkts)
3174 hdev->acl_cnt = hdev->acl_pkts;
3179 hdev->sco_cnt += count;
3180 if (hdev->sco_cnt > hdev->sco_pkts)
3181 hdev->sco_cnt = hdev->sco_pkts;
3185 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3190 queue_work(hdev->workqueue, &hdev->tx_work);
3193 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3196 struct hci_chan *chan;
3198 switch (hdev->dev_type) {
3200 return hci_conn_hash_lookup_handle(hdev, handle);
3202 chan = hci_chan_lookup_handle(hdev, handle);
3207 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3214 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3216 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3219 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3220 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3224 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3225 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3226 BT_DBG("%s bad parameters", hdev->name);
3230 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3233 for (i = 0; i < ev->num_hndl; i++) {
3234 struct hci_comp_blocks_info *info = &ev->handles[i];
3235 struct hci_conn *conn = NULL;
3236 __u16 handle, block_count;
3238 handle = __le16_to_cpu(info->handle);
3239 block_count = __le16_to_cpu(info->blocks);
3241 conn = __hci_conn_lookup_handle(hdev, handle);
3245 conn->sent -= block_count;
3247 switch (conn->type) {
3250 hdev->block_cnt += block_count;
3251 if (hdev->block_cnt > hdev->num_blocks)
3252 hdev->block_cnt = hdev->num_blocks;
3256 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3261 queue_work(hdev->workqueue, &hdev->tx_work);
3264 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3266 struct hci_ev_mode_change *ev = (void *) skb->data;
3267 struct hci_conn *conn;
3269 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3273 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3275 conn->mode = ev->mode;
3277 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3279 if (conn->mode == HCI_CM_ACTIVE)
3280 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3282 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3285 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3286 hci_sco_setup(conn, ev->status);
3289 hci_dev_unlock(hdev);
3292 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3294 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3295 struct hci_conn *conn;
3297 BT_DBG("%s", hdev->name);
3301 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3305 if (conn->state == BT_CONNECTED) {
3306 hci_conn_hold(conn);
3307 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3308 hci_conn_drop(conn);
3311 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
3312 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3313 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3314 sizeof(ev->bdaddr), &ev->bdaddr);
3315 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3318 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3323 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3327 hci_dev_unlock(hdev);
3330 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3332 if (key_type == HCI_LK_CHANGED_COMBINATION)
3335 conn->pin_length = pin_len;
3336 conn->key_type = key_type;
3339 case HCI_LK_LOCAL_UNIT:
3340 case HCI_LK_REMOTE_UNIT:
3341 case HCI_LK_DEBUG_COMBINATION:
3343 case HCI_LK_COMBINATION:
3345 conn->pending_sec_level = BT_SECURITY_HIGH;
3347 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3349 case HCI_LK_UNAUTH_COMBINATION_P192:
3350 case HCI_LK_UNAUTH_COMBINATION_P256:
3351 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3353 case HCI_LK_AUTH_COMBINATION_P192:
3354 conn->pending_sec_level = BT_SECURITY_HIGH;
3356 case HCI_LK_AUTH_COMBINATION_P256:
3357 conn->pending_sec_level = BT_SECURITY_FIPS;
3362 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3364 struct hci_ev_link_key_req *ev = (void *) skb->data;
3365 struct hci_cp_link_key_reply cp;
3366 struct hci_conn *conn;
3367 struct link_key *key;
3369 BT_DBG("%s", hdev->name);
3371 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3376 key = hci_find_link_key(hdev, &ev->bdaddr);
3378 BT_DBG("%s link key not found for %pMR", hdev->name,
3383 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3386 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3388 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3390 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3391 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3392 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3393 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3397 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3398 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3399 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3400 BT_DBG("%s ignoring key unauthenticated for high security",
3405 conn_set_key(conn, key->type, key->pin_len);
3408 bacpy(&cp.bdaddr, &ev->bdaddr);
3409 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3411 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3413 hci_dev_unlock(hdev);
3418 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3419 hci_dev_unlock(hdev);
3422 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3424 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3425 struct hci_conn *conn;
3426 struct link_key *key;
3430 BT_DBG("%s", hdev->name);
3434 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3438 hci_conn_hold(conn);
3439 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3440 hci_conn_drop(conn);
3442 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3443 conn_set_key(conn, ev->key_type, conn->pin_length);
3445 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3448 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3449 ev->key_type, pin_len, &persistent);
3453 /* Update connection information since adding the key will have
3454 * fixed up the type in the case of changed combination keys.
3456 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3457 conn_set_key(conn, key->type, key->pin_len);
3459 mgmt_new_link_key(hdev, key, persistent);
3461 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3462 * is set. If it's not set simply remove the key from the kernel
3463 * list (we've still notified user space about it but with
3464 * store_hint being 0).
3466 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3467 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3468 list_del_rcu(&key->list);
3469 kfree_rcu(key, rcu);
3474 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3476 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3479 hci_dev_unlock(hdev);
3482 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3484 struct hci_ev_clock_offset *ev = (void *) skb->data;
3485 struct hci_conn *conn;
3487 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3491 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3492 if (conn && !ev->status) {
3493 struct inquiry_entry *ie;
3495 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3497 ie->data.clock_offset = ev->clock_offset;
3498 ie->timestamp = jiffies;
3502 hci_dev_unlock(hdev);
3505 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3507 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3508 struct hci_conn *conn;
3510 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3515 if (conn && !ev->status)
3516 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3518 hci_dev_unlock(hdev);
3521 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3523 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3524 struct inquiry_entry *ie;
3526 BT_DBG("%s", hdev->name);
3530 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3532 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3533 ie->timestamp = jiffies;
3536 hci_dev_unlock(hdev);
3539 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3540 struct sk_buff *skb)
3542 struct inquiry_data data;
3543 int num_rsp = *((__u8 *) skb->data);
3545 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3550 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3555 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3556 struct inquiry_info_with_rssi_and_pscan_mode *info;
3557 info = (void *) (skb->data + 1);
3559 for (; num_rsp; num_rsp--, info++) {
3562 bacpy(&data.bdaddr, &info->bdaddr);
3563 data.pscan_rep_mode = info->pscan_rep_mode;
3564 data.pscan_period_mode = info->pscan_period_mode;
3565 data.pscan_mode = info->pscan_mode;
3566 memcpy(data.dev_class, info->dev_class, 3);
3567 data.clock_offset = info->clock_offset;
3568 data.rssi = info->rssi;
3569 data.ssp_mode = 0x00;
3571 flags = hci_inquiry_cache_update(hdev, &data, false);
3573 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3574 info->dev_class, info->rssi,
3575 flags, NULL, 0, NULL, 0);
3578 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3580 for (; num_rsp; num_rsp--, info++) {
3583 bacpy(&data.bdaddr, &info->bdaddr);
3584 data.pscan_rep_mode = info->pscan_rep_mode;
3585 data.pscan_period_mode = info->pscan_period_mode;
3586 data.pscan_mode = 0x00;
3587 memcpy(data.dev_class, info->dev_class, 3);
3588 data.clock_offset = info->clock_offset;
3589 data.rssi = info->rssi;
3590 data.ssp_mode = 0x00;
3592 flags = hci_inquiry_cache_update(hdev, &data, false);
3594 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3595 info->dev_class, info->rssi,
3596 flags, NULL, 0, NULL, 0);
3600 hci_dev_unlock(hdev);
3603 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3604 struct sk_buff *skb)
3606 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3607 struct hci_conn *conn;
3609 BT_DBG("%s", hdev->name);
3613 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3617 if (ev->page < HCI_MAX_PAGES)
3618 memcpy(conn->features[ev->page], ev->features, 8);
3620 if (!ev->status && ev->page == 0x01) {
3621 struct inquiry_entry *ie;
3623 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3625 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3627 if (ev->features[0] & LMP_HOST_SSP) {
3628 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3630 /* It is mandatory by the Bluetooth specification that
3631 * Extended Inquiry Results are only used when Secure
3632 * Simple Pairing is enabled, but some devices violate
3635 * To make these devices work, the internal SSP
3636 * enabled flag needs to be cleared if the remote host
3637 * features do not indicate SSP support */
3638 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3641 if (ev->features[0] & LMP_HOST_SC)
3642 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3645 if (conn->state != BT_CONFIG)
3648 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3649 struct hci_cp_remote_name_req cp;
3650 memset(&cp, 0, sizeof(cp));
3651 bacpy(&cp.bdaddr, &conn->dst);
3652 cp.pscan_rep_mode = 0x02;
3653 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3654 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3655 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3657 if (!hci_outgoing_auth_needed(hdev, conn)) {
3658 conn->state = BT_CONNECTED;
3659 hci_proto_connect_cfm(conn, ev->status);
3660 hci_conn_drop(conn);
3664 hci_dev_unlock(hdev);
3667 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3668 struct sk_buff *skb)
3670 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3671 struct hci_conn *conn;
3673 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3677 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3679 if (ev->link_type == ESCO_LINK)
3682 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3686 conn->type = SCO_LINK;
3689 switch (ev->status) {
3691 conn->handle = __le16_to_cpu(ev->handle);
3692 conn->state = BT_CONNECTED;
3694 hci_debugfs_create_conn(conn);
3695 hci_conn_add_sysfs(conn);
3698 case 0x10: /* Connection Accept Timeout */
3699 case 0x0d: /* Connection Rejected due to Limited Resources */
3700 case 0x11: /* Unsupported Feature or Parameter Value */
3701 case 0x1c: /* SCO interval rejected */
3702 case 0x1a: /* Unsupported Remote Feature */
3703 case 0x1f: /* Unspecified error */
3704 case 0x20: /* Unsupported LMP Parameter value */
3706 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3707 (hdev->esco_type & EDR_ESCO_MASK);
3708 if (hci_setup_sync(conn, conn->link->handle))
3714 conn->state = BT_CLOSED;
3718 hci_proto_connect_cfm(conn, ev->status);
3723 hci_dev_unlock(hdev);
3726 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3730 while (parsed < eir_len) {
3731 u8 field_len = eir[0];
3736 parsed += field_len + 1;
3737 eir += field_len + 1;
3743 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3744 struct sk_buff *skb)
3746 struct inquiry_data data;
3747 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3748 int num_rsp = *((__u8 *) skb->data);
3751 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3756 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3761 for (; num_rsp; num_rsp--, info++) {
3765 bacpy(&data.bdaddr, &info->bdaddr);
3766 data.pscan_rep_mode = info->pscan_rep_mode;
3767 data.pscan_period_mode = info->pscan_period_mode;
3768 data.pscan_mode = 0x00;
3769 memcpy(data.dev_class, info->dev_class, 3);
3770 data.clock_offset = info->clock_offset;
3771 data.rssi = info->rssi;
3772 data.ssp_mode = 0x01;
3774 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3775 name_known = eir_has_data_type(info->data,
3781 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3783 eir_len = eir_get_length(info->data, sizeof(info->data));
3785 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3786 info->dev_class, info->rssi,
3787 flags, info->data, eir_len, NULL, 0);
3790 hci_dev_unlock(hdev);
3793 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3794 struct sk_buff *skb)
3796 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3797 struct hci_conn *conn;
3799 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3800 __le16_to_cpu(ev->handle));
3804 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3808 /* For BR/EDR the necessary steps are taken through the
3809 * auth_complete event.
3811 if (conn->type != LE_LINK)
3815 conn->sec_level = conn->pending_sec_level;
3817 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3819 if (ev->status && conn->state == BT_CONNECTED) {
3820 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3821 hci_conn_drop(conn);
3825 if (conn->state == BT_CONFIG) {
3827 conn->state = BT_CONNECTED;
3829 hci_proto_connect_cfm(conn, ev->status);
3830 hci_conn_drop(conn);
3832 hci_auth_cfm(conn, ev->status);
3834 hci_conn_hold(conn);
3835 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3836 hci_conn_drop(conn);
3840 hci_dev_unlock(hdev);
3843 static u8 hci_get_auth_req(struct hci_conn *conn)
3845 /* If remote requests no-bonding follow that lead */
3846 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3847 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3848 return conn->remote_auth | (conn->auth_type & 0x01);
3850 /* If both remote and local have enough IO capabilities, require
3853 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3854 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3855 return conn->remote_auth | 0x01;
3857 /* No MITM protection possible so ignore remote requirement */
3858 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3861 static u8 bredr_oob_data_present(struct hci_conn *conn)
3863 struct hci_dev *hdev = conn->hdev;
3864 struct oob_data *data;
3866 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
3870 /* When Secure Connections Only mode is enabled, then the P-256
3871 * values are required. If they are not available, then do not
3872 * declare that OOB data is present.
3874 if (bredr_sc_enabled(hdev) &&
3875 test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
3876 (!memcmp(data->rand256, ZERO_KEY, 16) ||
3877 !memcmp(data->hash256, ZERO_KEY, 16)))
3880 if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))
3886 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3888 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3889 struct hci_conn *conn;
3891 BT_DBG("%s", hdev->name);
3895 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3899 hci_conn_hold(conn);
3901 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3904 /* Allow pairing if we're pairable, the initiators of the
3905 * pairing or if the remote is not requesting bonding.
3907 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
3908 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
3909 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3910 struct hci_cp_io_capability_reply cp;
3912 bacpy(&cp.bdaddr, &ev->bdaddr);
3913 /* Change the IO capability from KeyboardDisplay
3914 * to DisplayYesNo as it is not supported by BT spec. */
3915 cp.capability = (conn->io_capability == 0x04) ?
3916 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3918 /* If we are initiators, there is no remote information yet */
3919 if (conn->remote_auth == 0xff) {
3920 /* Request MITM protection if our IO caps allow it
3921 * except for the no-bonding case.
3923 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3924 conn->auth_type != HCI_AT_NO_BONDING)
3925 conn->auth_type |= 0x01;
3927 conn->auth_type = hci_get_auth_req(conn);
3930 /* If we're not bondable, force one of the non-bondable
3931 * authentication requirement values.
3933 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
3934 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
3936 cp.authentication = conn->auth_type;
3937 cp.oob_data = bredr_oob_data_present(conn);
3939 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3942 struct hci_cp_io_capability_neg_reply cp;
3944 bacpy(&cp.bdaddr, &ev->bdaddr);
3945 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3947 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3952 hci_dev_unlock(hdev);
3955 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3957 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3958 struct hci_conn *conn;
3960 BT_DBG("%s", hdev->name);
3964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3968 conn->remote_cap = ev->capability;
3969 conn->remote_auth = ev->authentication;
3971 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3974 hci_dev_unlock(hdev);
3977 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3978 struct sk_buff *skb)
3980 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3981 int loc_mitm, rem_mitm, confirm_hint = 0;
3982 struct hci_conn *conn;
3984 BT_DBG("%s", hdev->name);
3988 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3991 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3995 loc_mitm = (conn->auth_type & 0x01);
3996 rem_mitm = (conn->remote_auth & 0x01);
3998 /* If we require MITM but the remote device can't provide that
3999 * (it has NoInputNoOutput) then reject the confirmation
4000 * request. We check the security level here since it doesn't
4001 * necessarily match conn->auth_type.
4003 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4004 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4005 BT_DBG("Rejecting request: remote device can't provide MITM");
4006 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4007 sizeof(ev->bdaddr), &ev->bdaddr);
4011 /* If no side requires MITM protection; auto-accept */
4012 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4013 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4015 /* If we're not the initiators request authorization to
4016 * proceed from user space (mgmt_user_confirm with
4017 * confirm_hint set to 1). The exception is if neither
4018 * side had MITM or if the local IO capability is
4019 * NoInputNoOutput, in which case we do auto-accept
4021 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4022 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4023 (loc_mitm || rem_mitm)) {
4024 BT_DBG("Confirming auto-accept as acceptor");
4029 BT_DBG("Auto-accept of user confirmation with %ums delay",
4030 hdev->auto_accept_delay);
4032 if (hdev->auto_accept_delay > 0) {
4033 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4034 queue_delayed_work(conn->hdev->workqueue,
4035 &conn->auto_accept_work, delay);
4039 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4040 sizeof(ev->bdaddr), &ev->bdaddr);
4045 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4046 le32_to_cpu(ev->passkey), confirm_hint);
4049 hci_dev_unlock(hdev);
4052 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4053 struct sk_buff *skb)
4055 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4057 BT_DBG("%s", hdev->name);
4059 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4060 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4063 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4064 struct sk_buff *skb)
4066 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4067 struct hci_conn *conn;
4069 BT_DBG("%s", hdev->name);
4071 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4075 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4076 conn->passkey_entered = 0;
4078 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4079 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4080 conn->dst_type, conn->passkey_notify,
4081 conn->passkey_entered);
4084 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4086 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4087 struct hci_conn *conn;
4089 BT_DBG("%s", hdev->name);
4091 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4096 case HCI_KEYPRESS_STARTED:
4097 conn->passkey_entered = 0;
4100 case HCI_KEYPRESS_ENTERED:
4101 conn->passkey_entered++;
4104 case HCI_KEYPRESS_ERASED:
4105 conn->passkey_entered--;
4108 case HCI_KEYPRESS_CLEARED:
4109 conn->passkey_entered = 0;
4112 case HCI_KEYPRESS_COMPLETED:
4116 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4117 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4118 conn->dst_type, conn->passkey_notify,
4119 conn->passkey_entered);
4122 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4123 struct sk_buff *skb)
4125 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4126 struct hci_conn *conn;
4128 BT_DBG("%s", hdev->name);
4132 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4136 /* Reset the authentication requirement to unknown */
4137 conn->remote_auth = 0xff;
4139 /* To avoid duplicate auth_failed events to user space we check
4140 * the HCI_CONN_AUTH_PEND flag which will be set if we
4141 * initiated the authentication. A traditional auth_complete
4142 * event gets always produced as initiator and is also mapped to
4143 * the mgmt_auth_failed event */
4144 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4145 mgmt_auth_failed(conn, ev->status);
4147 hci_conn_drop(conn);
4150 hci_dev_unlock(hdev);
4153 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4154 struct sk_buff *skb)
4156 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4157 struct inquiry_entry *ie;
4158 struct hci_conn *conn;
4160 BT_DBG("%s", hdev->name);
4164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4166 memcpy(conn->features[1], ev->features, 8);
4168 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4170 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4172 hci_dev_unlock(hdev);
4175 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4176 struct sk_buff *skb)
4178 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4179 struct oob_data *data;
4181 BT_DBG("%s", hdev->name);
4185 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4188 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4190 struct hci_cp_remote_oob_data_neg_reply cp;
4192 bacpy(&cp.bdaddr, &ev->bdaddr);
4193 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4198 if (bredr_sc_enabled(hdev)) {
4199 struct hci_cp_remote_oob_ext_data_reply cp;
4201 bacpy(&cp.bdaddr, &ev->bdaddr);
4202 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4203 memset(cp.hash192, 0, sizeof(cp.hash192));
4204 memset(cp.rand192, 0, sizeof(cp.rand192));
4206 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4207 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4209 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4210 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4212 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4215 struct hci_cp_remote_oob_data_reply cp;
4217 bacpy(&cp.bdaddr, &ev->bdaddr);
4218 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4219 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4221 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4226 hci_dev_unlock(hdev);
4229 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4230 struct sk_buff *skb)
4232 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4233 struct hci_conn *hcon, *bredr_hcon;
4235 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4240 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4242 hci_dev_unlock(hdev);
4248 hci_dev_unlock(hdev);
4252 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4254 hcon->state = BT_CONNECTED;
4255 bacpy(&hcon->dst, &bredr_hcon->dst);
4257 hci_conn_hold(hcon);
4258 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4259 hci_conn_drop(hcon);
4261 hci_debugfs_create_conn(hcon);
4262 hci_conn_add_sysfs(hcon);
4264 amp_physical_cfm(bredr_hcon, hcon);
4266 hci_dev_unlock(hdev);
4269 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4271 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4272 struct hci_conn *hcon;
4273 struct hci_chan *hchan;
4274 struct amp_mgr *mgr;
4276 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4277 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4280 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4284 /* Create AMP hchan */
4285 hchan = hci_chan_create(hcon);
4289 hchan->handle = le16_to_cpu(ev->handle);
4291 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4293 mgr = hcon->amp_mgr;
4294 if (mgr && mgr->bredr_chan) {
4295 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4297 l2cap_chan_lock(bredr_chan);
4299 bredr_chan->conn->mtu = hdev->block_mtu;
4300 l2cap_logical_cfm(bredr_chan, hchan, 0);
4301 hci_conn_hold(hcon);
4303 l2cap_chan_unlock(bredr_chan);
4307 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4308 struct sk_buff *skb)
4310 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4311 struct hci_chan *hchan;
4313 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4314 le16_to_cpu(ev->handle), ev->status);
4321 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4325 amp_destroy_logical_link(hchan, ev->reason);
4328 hci_dev_unlock(hdev);
4331 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4332 struct sk_buff *skb)
4334 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4335 struct hci_conn *hcon;
4337 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4344 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4346 hcon->state = BT_CLOSED;
4350 hci_dev_unlock(hdev);
4353 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4355 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4356 struct hci_conn_params *params;
4357 struct hci_conn *conn;
4358 struct smp_irk *irk;
4361 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4365 /* All controllers implicitly stop advertising in the event of a
4366 * connection, so ensure that the state bit is cleared.
4368 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4370 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4372 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4374 BT_ERR("No memory for new connection");
4378 conn->dst_type = ev->bdaddr_type;
4380 /* If we didn't have a hci_conn object previously
4381 * but we're in master role this must be something
4382 * initiated using a white list. Since white list based
4383 * connections are not "first class citizens" we don't
4384 * have full tracking of them. Therefore, we go ahead
4385 * with a "best effort" approach of determining the
4386 * initiator address based on the HCI_PRIVACY flag.
4389 conn->resp_addr_type = ev->bdaddr_type;
4390 bacpy(&conn->resp_addr, &ev->bdaddr);
4391 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4392 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4393 bacpy(&conn->init_addr, &hdev->rpa);
4395 hci_copy_identity_address(hdev,
4397 &conn->init_addr_type);
4401 cancel_delayed_work(&conn->le_conn_timeout);
4405 /* Set the responder (our side) address type based on
4406 * the advertising address type.
4408 conn->resp_addr_type = hdev->adv_addr_type;
4409 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4410 bacpy(&conn->resp_addr, &hdev->random_addr);
4412 bacpy(&conn->resp_addr, &hdev->bdaddr);
4414 conn->init_addr_type = ev->bdaddr_type;
4415 bacpy(&conn->init_addr, &ev->bdaddr);
4417 /* For incoming connections, set the default minimum
4418 * and maximum connection interval. They will be used
4419 * to check if the parameters are in range and if not
4420 * trigger the connection update procedure.
4422 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4423 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4426 /* Lookup the identity address from the stored connection
4427 * address and address type.
4429 * When establishing connections to an identity address, the
4430 * connection procedure will store the resolvable random
4431 * address first. Now if it can be converted back into the
4432 * identity address, start using the identity address from
4435 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4437 bacpy(&conn->dst, &irk->bdaddr);
4438 conn->dst_type = irk->addr_type;
4442 hci_le_conn_failed(conn, ev->status);
4446 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4447 addr_type = BDADDR_LE_PUBLIC;
4449 addr_type = BDADDR_LE_RANDOM;
4451 /* Drop the connection if the device is blocked */
4452 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4453 hci_conn_drop(conn);
4457 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4458 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4460 conn->sec_level = BT_SECURITY_LOW;
4461 conn->handle = __le16_to_cpu(ev->handle);
4462 conn->state = BT_CONNECTED;
4464 conn->le_conn_interval = le16_to_cpu(ev->interval);
4465 conn->le_conn_latency = le16_to_cpu(ev->latency);
4466 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4468 hci_debugfs_create_conn(conn);
4469 hci_conn_add_sysfs(conn);
4471 hci_proto_connect_cfm(conn, ev->status);
4473 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4476 list_del_init(¶ms->action);
4478 hci_conn_drop(params->conn);
4479 hci_conn_put(params->conn);
4480 params->conn = NULL;
4485 hci_update_background_scan(hdev);
4486 hci_dev_unlock(hdev);
4489 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4490 struct sk_buff *skb)
4492 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4493 struct hci_conn *conn;
4495 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4502 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4504 conn->le_conn_interval = le16_to_cpu(ev->interval);
4505 conn->le_conn_latency = le16_to_cpu(ev->latency);
4506 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4509 hci_dev_unlock(hdev);
4512 /* This function requires the caller holds hdev->lock */
4513 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4515 u8 addr_type, u8 adv_type)
4517 struct hci_conn *conn;
4518 struct hci_conn_params *params;
4520 /* If the event is not connectable don't proceed further */
4521 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4524 /* Ignore if the device is blocked */
4525 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4528 /* Most controller will fail if we try to create new connections
4529 * while we have an existing one in slave role.
4531 if (hdev->conn_hash.le_num_slave > 0)
4534 /* If we're not connectable only connect devices that we have in
4535 * our pend_le_conns list.
4537 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4542 switch (params->auto_connect) {
4543 case HCI_AUTO_CONN_DIRECT:
4544 /* Only devices advertising with ADV_DIRECT_IND are
4545 * triggering a connection attempt. This is allowing
4546 * incoming connections from slave devices.
4548 if (adv_type != LE_ADV_DIRECT_IND)
4551 case HCI_AUTO_CONN_ALWAYS:
4552 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4553 * are triggering a connection attempt. This means
4554 * that incoming connectioms from slave device are
4555 * accepted and also outgoing connections to slave
4556 * devices are established when found.
4563 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4564 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4565 if (!IS_ERR(conn)) {
4566 /* Store the pointer since we don't really have any
4567 * other owner of the object besides the params that
4568 * triggered it. This way we can abort the connection if
4569 * the parameters get removed and keep the reference
4570 * count consistent once the connection is established.
4572 params->conn = hci_conn_get(conn);
4576 switch (PTR_ERR(conn)) {
4578 /* If hci_connect() returns -EBUSY it means there is already
4579 * an LE connection attempt going on. Since controllers don't
4580 * support more than one connection attempt at the time, we
4581 * don't consider this an error case.
4585 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4592 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4593 u8 bdaddr_type, bdaddr_t *direct_addr,
4594 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4596 struct discovery_state *d = &hdev->discovery;
4597 struct smp_irk *irk;
4598 struct hci_conn *conn;
4602 /* If the direct address is present, then this report is from
4603 * a LE Direct Advertising Report event. In that case it is
4604 * important to see if the address is matching the local
4605 * controller address.
4608 /* Only resolvable random addresses are valid for these
4609 * kind of reports and others can be ignored.
4611 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4614 /* If the controller is not using resolvable random
4615 * addresses, then this report can be ignored.
4617 if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
4620 /* If the local IRK of the controller does not match
4621 * with the resolvable random address provided, then
4622 * this report can be ignored.
4624 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4628 /* Check if we need to convert to identity address */
4629 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4631 bdaddr = &irk->bdaddr;
4632 bdaddr_type = irk->addr_type;
4635 /* Check if we have been requested to connect to this device */
4636 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4637 if (conn && type == LE_ADV_IND) {
4638 /* Store report for later inclusion by
4639 * mgmt_device_connected
4641 memcpy(conn->le_adv_data, data, len);
4642 conn->le_adv_data_len = len;
4645 /* Passive scanning shouldn't trigger any device found events,
4646 * except for devices marked as CONN_REPORT for which we do send
4647 * device found events.
4649 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4650 if (type == LE_ADV_DIRECT_IND)
4653 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4654 bdaddr, bdaddr_type))
4657 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4658 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4661 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4662 rssi, flags, data, len, NULL, 0);
4666 /* When receiving non-connectable or scannable undirected
4667 * advertising reports, this means that the remote device is
4668 * not connectable and then clearly indicate this in the
4669 * device found event.
4671 * When receiving a scan response, then there is no way to
4672 * know if the remote device is connectable or not. However
4673 * since scan responses are merged with a previously seen
4674 * advertising report, the flags field from that report
4677 * In the really unlikely case that a controller get confused
4678 * and just sends a scan response event, then it is marked as
4679 * not connectable as well.
4681 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4682 type == LE_ADV_SCAN_RSP)
4683 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4687 /* If there's nothing pending either store the data from this
4688 * event or send an immediate device found event if the data
4689 * should not be stored for later.
4691 if (!has_pending_adv_report(hdev)) {
4692 /* If the report will trigger a SCAN_REQ store it for
4695 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4696 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4697 rssi, flags, data, len);
4701 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4702 rssi, flags, data, len, NULL, 0);
4706 /* Check if the pending report is for the same device as the new one */
4707 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4708 bdaddr_type == d->last_adv_addr_type);
4710 /* If the pending data doesn't match this report or this isn't a
4711 * scan response (e.g. we got a duplicate ADV_IND) then force
4712 * sending of the pending data.
4714 if (type != LE_ADV_SCAN_RSP || !match) {
4715 /* Send out whatever is in the cache, but skip duplicates */
4717 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4718 d->last_adv_addr_type, NULL,
4719 d->last_adv_rssi, d->last_adv_flags,
4721 d->last_adv_data_len, NULL, 0);
4723 /* If the new report will trigger a SCAN_REQ store it for
4726 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4727 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4728 rssi, flags, data, len);
4732 /* The advertising reports cannot be merged, so clear
4733 * the pending report and send out a device found event.
4735 clear_pending_adv_report(hdev);
4736 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4737 rssi, flags, data, len, NULL, 0);
4741 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4742 * the new event is a SCAN_RSP. We can therefore proceed with
4743 * sending a merged device found event.
4745 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4746 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4747 d->last_adv_data, d->last_adv_data_len, data, len);
4748 clear_pending_adv_report(hdev);
4751 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4753 u8 num_reports = skb->data[0];
4754 void *ptr = &skb->data[1];
4758 while (num_reports--) {
4759 struct hci_ev_le_advertising_info *ev = ptr;
4762 rssi = ev->data[ev->length];
4763 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4764 ev->bdaddr_type, NULL, 0, rssi,
4765 ev->data, ev->length);
4767 ptr += sizeof(*ev) + ev->length + 1;
4770 hci_dev_unlock(hdev);
4773 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4775 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4776 struct hci_cp_le_ltk_reply cp;
4777 struct hci_cp_le_ltk_neg_reply neg;
4778 struct hci_conn *conn;
4779 struct smp_ltk *ltk;
4781 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4785 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4789 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
4793 if (smp_ltk_is_sc(ltk)) {
4794 /* With SC both EDiv and Rand are set to zero */
4795 if (ev->ediv || ev->rand)
4798 /* For non-SC keys check that EDiv and Rand match */
4799 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
4803 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4804 cp.handle = cpu_to_le16(conn->handle);
4806 conn->pending_sec_level = smp_ltk_sec_level(ltk);
4808 conn->enc_key_size = ltk->enc_size;
4810 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4812 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4813 * temporary key used to encrypt a connection following
4814 * pairing. It is used during the Encrypted Session Setup to
4815 * distribute the keys. Later, security can be re-established
4816 * using a distributed LTK.
4818 if (ltk->type == SMP_STK) {
4819 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4820 list_del_rcu(<k->list);
4821 kfree_rcu(ltk, rcu);
4823 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4826 hci_dev_unlock(hdev);
4831 neg.handle = ev->handle;
4832 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4833 hci_dev_unlock(hdev);
4836 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4839 struct hci_cp_le_conn_param_req_neg_reply cp;
4841 cp.handle = cpu_to_le16(handle);
4844 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4848 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4849 struct sk_buff *skb)
4851 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4852 struct hci_cp_le_conn_param_req_reply cp;
4853 struct hci_conn *hcon;
4854 u16 handle, min, max, latency, timeout;
4856 handle = le16_to_cpu(ev->handle);
4857 min = le16_to_cpu(ev->interval_min);
4858 max = le16_to_cpu(ev->interval_max);
4859 latency = le16_to_cpu(ev->latency);
4860 timeout = le16_to_cpu(ev->timeout);
4862 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4863 if (!hcon || hcon->state != BT_CONNECTED)
4864 return send_conn_param_neg_reply(hdev, handle,
4865 HCI_ERROR_UNKNOWN_CONN_ID);
4867 if (hci_check_conn_params(min, max, latency, timeout))
4868 return send_conn_param_neg_reply(hdev, handle,
4869 HCI_ERROR_INVALID_LL_PARAMS);
4871 if (hcon->role == HCI_ROLE_MASTER) {
4872 struct hci_conn_params *params;
4877 params = hci_conn_params_lookup(hdev, &hcon->dst,
4880 params->conn_min_interval = min;
4881 params->conn_max_interval = max;
4882 params->conn_latency = latency;
4883 params->supervision_timeout = timeout;
4889 hci_dev_unlock(hdev);
4891 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4892 store_hint, min, max, latency, timeout);
4895 cp.handle = ev->handle;
4896 cp.interval_min = ev->interval_min;
4897 cp.interval_max = ev->interval_max;
4898 cp.latency = ev->latency;
4899 cp.timeout = ev->timeout;
4903 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4906 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
4907 struct sk_buff *skb)
4909 u8 num_reports = skb->data[0];
4910 void *ptr = &skb->data[1];
4914 while (num_reports--) {
4915 struct hci_ev_le_direct_adv_info *ev = ptr;
4917 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4918 ev->bdaddr_type, &ev->direct_addr,
4919 ev->direct_addr_type, ev->rssi, NULL, 0);
4924 hci_dev_unlock(hdev);
4927 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4929 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4931 skb_pull(skb, sizeof(*le_ev));
4933 switch (le_ev->subevent) {
4934 case HCI_EV_LE_CONN_COMPLETE:
4935 hci_le_conn_complete_evt(hdev, skb);
4938 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4939 hci_le_conn_update_complete_evt(hdev, skb);
4942 case HCI_EV_LE_ADVERTISING_REPORT:
4943 hci_le_adv_report_evt(hdev, skb);
4946 case HCI_EV_LE_LTK_REQ:
4947 hci_le_ltk_request_evt(hdev, skb);
4950 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4951 hci_le_remote_conn_param_req_evt(hdev, skb);
4954 case HCI_EV_LE_DIRECT_ADV_REPORT:
4955 hci_le_direct_adv_report_evt(hdev, skb);
4963 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4965 struct hci_ev_channel_selected *ev = (void *) skb->data;
4966 struct hci_conn *hcon;
4968 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4970 skb_pull(skb, sizeof(*ev));
4972 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4976 amp_read_loc_assoc_final_data(hdev, hcon);
4979 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4981 struct hci_event_hdr *hdr = (void *) skb->data;
4982 __u8 event = hdr->evt;
4986 /* Received events are (currently) only needed when a request is
4987 * ongoing so avoid unnecessary memory allocation.
4989 if (hci_req_pending(hdev)) {
4990 kfree_skb(hdev->recv_evt);
4991 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4994 hci_dev_unlock(hdev);
4996 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4998 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4999 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5000 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
5002 hci_req_cmd_complete(hdev, opcode, 0);
5006 case HCI_EV_INQUIRY_COMPLETE:
5007 hci_inquiry_complete_evt(hdev, skb);
5010 case HCI_EV_INQUIRY_RESULT:
5011 hci_inquiry_result_evt(hdev, skb);
5014 case HCI_EV_CONN_COMPLETE:
5015 hci_conn_complete_evt(hdev, skb);
5018 case HCI_EV_CONN_REQUEST:
5019 hci_conn_request_evt(hdev, skb);
5022 case HCI_EV_DISCONN_COMPLETE:
5023 hci_disconn_complete_evt(hdev, skb);
5026 case HCI_EV_AUTH_COMPLETE:
5027 hci_auth_complete_evt(hdev, skb);
5030 case HCI_EV_REMOTE_NAME:
5031 hci_remote_name_evt(hdev, skb);
5034 case HCI_EV_ENCRYPT_CHANGE:
5035 hci_encrypt_change_evt(hdev, skb);
5038 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5039 hci_change_link_key_complete_evt(hdev, skb);
5042 case HCI_EV_REMOTE_FEATURES:
5043 hci_remote_features_evt(hdev, skb);
5046 case HCI_EV_CMD_COMPLETE:
5047 hci_cmd_complete_evt(hdev, skb);
5050 case HCI_EV_CMD_STATUS:
5051 hci_cmd_status_evt(hdev, skb);
5054 case HCI_EV_HARDWARE_ERROR:
5055 hci_hardware_error_evt(hdev, skb);
5058 case HCI_EV_ROLE_CHANGE:
5059 hci_role_change_evt(hdev, skb);
5062 case HCI_EV_NUM_COMP_PKTS:
5063 hci_num_comp_pkts_evt(hdev, skb);
5066 case HCI_EV_MODE_CHANGE:
5067 hci_mode_change_evt(hdev, skb);
5070 case HCI_EV_PIN_CODE_REQ:
5071 hci_pin_code_request_evt(hdev, skb);
5074 case HCI_EV_LINK_KEY_REQ:
5075 hci_link_key_request_evt(hdev, skb);
5078 case HCI_EV_LINK_KEY_NOTIFY:
5079 hci_link_key_notify_evt(hdev, skb);
5082 case HCI_EV_CLOCK_OFFSET:
5083 hci_clock_offset_evt(hdev, skb);
5086 case HCI_EV_PKT_TYPE_CHANGE:
5087 hci_pkt_type_change_evt(hdev, skb);
5090 case HCI_EV_PSCAN_REP_MODE:
5091 hci_pscan_rep_mode_evt(hdev, skb);
5094 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5095 hci_inquiry_result_with_rssi_evt(hdev, skb);
5098 case HCI_EV_REMOTE_EXT_FEATURES:
5099 hci_remote_ext_features_evt(hdev, skb);
5102 case HCI_EV_SYNC_CONN_COMPLETE:
5103 hci_sync_conn_complete_evt(hdev, skb);
5106 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5107 hci_extended_inquiry_result_evt(hdev, skb);
5110 case HCI_EV_KEY_REFRESH_COMPLETE:
5111 hci_key_refresh_complete_evt(hdev, skb);
5114 case HCI_EV_IO_CAPA_REQUEST:
5115 hci_io_capa_request_evt(hdev, skb);
5118 case HCI_EV_IO_CAPA_REPLY:
5119 hci_io_capa_reply_evt(hdev, skb);
5122 case HCI_EV_USER_CONFIRM_REQUEST:
5123 hci_user_confirm_request_evt(hdev, skb);
5126 case HCI_EV_USER_PASSKEY_REQUEST:
5127 hci_user_passkey_request_evt(hdev, skb);
5130 case HCI_EV_USER_PASSKEY_NOTIFY:
5131 hci_user_passkey_notify_evt(hdev, skb);
5134 case HCI_EV_KEYPRESS_NOTIFY:
5135 hci_keypress_notify_evt(hdev, skb);
5138 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5139 hci_simple_pair_complete_evt(hdev, skb);
5142 case HCI_EV_REMOTE_HOST_FEATURES:
5143 hci_remote_host_features_evt(hdev, skb);
5146 case HCI_EV_LE_META:
5147 hci_le_meta_evt(hdev, skb);
5150 case HCI_EV_CHANNEL_SELECTED:
5151 hci_chan_selected_evt(hdev, skb);
5154 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5155 hci_remote_oob_data_request_evt(hdev, skb);
5158 case HCI_EV_PHY_LINK_COMPLETE:
5159 hci_phy_link_complete_evt(hdev, skb);
5162 case HCI_EV_LOGICAL_LINK_COMPLETE:
5163 hci_loglink_complete_evt(hdev, skb);
5166 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5167 hci_disconn_loglink_complete_evt(hdev, skb);
5170 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5171 hci_disconn_phylink_complete_evt(hdev, skb);
5174 case HCI_EV_NUM_COMP_BLOCKS:
5175 hci_num_comp_blocks_evt(hdev, skb);
5179 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5184 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob