2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->le_scan_type = LE_SCAN_PASSIVE;
204 hdev->ssp_debug_mode = 0;
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209 __u8 status = *((__u8 *) skb->data);
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
225 hci_dev_unlock(hdev);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
267 __u8 status = *((__u8 *) skb->data);
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 __u8 param = *((__u8 *) sent);
280 set_bit(HCI_ENCRYPT, &hdev->flags);
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
319 mgmt_discoverable(hdev, 1);
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343 memcpy(hdev->dev_class, rp->dev_class, 3);
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 __u8 status = *((__u8 *) skb->data);
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 memcpy(hdev->dev_class, sent, 3);
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
368 hci_dev_unlock(hdev);
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381 setting = __le16_to_cpu(rp->voice_setting);
383 if (hdev->voice_setting == setting)
386 hdev->voice_setting = setting;
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
397 __u8 status = *((__u8 *) skb->data);
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 setting = get_unaligned_le16(sent);
412 if (hdev->voice_setting == setting)
415 hdev->voice_setting = setting;
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
423 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
433 hdev->num_iac = rp->num_iac;
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
438 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440 __u8 status = *((__u8 *) skb->data);
441 struct hci_cp_write_ssp_mode *sent;
443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 hdev->features[1][0] |= LMP_HOST_SSP;
453 hdev->features[1][0] &= ~LMP_HOST_SSP;
456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 hdev->features[1][0] |= LMP_HOST_SC;
481 hdev->features[1][0] &= ~LMP_HOST_SC;
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
512 static void hci_cc_read_local_commands(struct hci_dev *hdev,
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
526 static void hci_cc_read_local_features(struct hci_dev *hdev,
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
536 memcpy(hdev->features, rp->features, 8);
538 /* Adjust default settings according to features
539 * supported by device. */
541 if (hdev->features[0][0] & LMP_3SLOT)
542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
544 if (hdev->features[0][0] & LMP_5SLOT)
545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
547 if (hdev->features[0][1] & LMP_HV2) {
548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
552 if (hdev->features[0][1] & LMP_HV3) {
553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
557 if (lmp_esco_capable(hdev))
558 hdev->esco_type |= (ESCO_EV3);
560 if (hdev->features[0][4] & LMP_EV4)
561 hdev->esco_type |= (ESCO_EV4);
563 if (hdev->features[0][4] & LMP_EV5)
564 hdev->esco_type |= (ESCO_EV5);
566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
567 hdev->esco_type |= (ESCO_2EV3);
569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
570 hdev->esco_type |= (ESCO_3EV3);
572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
576 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
593 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 hdev->flow_ctl_mode = rp->mode;
604 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
630 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
640 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
653 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
672 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
683 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
686 u8 status = *((u8 *) skb->data);
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
696 hdev->page_scan_type = *type;
699 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
713 hdev->block_cnt = hdev->num_blocks;
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
716 hdev->block_cnt, hdev->block_len);
719 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
741 a2mp_send_getinfo_rsp(hdev);
744 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
759 if (rem_len > frag_len) {
760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
778 a2mp_send_create_phy_link_req(hdev, rp->status);
781 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
789 hdev->inq_tx_power = rp->tx_power;
792 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
814 conn->pin_length = cp->pin_len;
817 hci_dev_unlock(hdev);
820 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
832 hci_dev_unlock(hdev);
835 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
848 hdev->le_cnt = hdev->le_pkts;
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
853 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
861 memcpy(hdev->le_features, rp->features, 8);
864 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
872 hdev->adv_tx_power = rp->tx_power;
875 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
887 hci_dev_unlock(hdev);
890 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
901 ACL_LINK, 0, rp->status);
903 hci_dev_unlock(hdev);
906 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
918 hci_dev_unlock(hdev);
921 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
932 ACL_LINK, 0, rp->status);
934 hci_dev_unlock(hdev);
937 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
950 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
961 hci_dev_unlock(hdev);
965 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
967 __u8 status = *((__u8 *) skb->data);
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
979 bacpy(&hdev->random_addr, sent);
981 hci_dev_unlock(hdev);
984 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
986 __u8 *sent, status = *((__u8 *) skb->data);
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
997 mgmt_advertising(hdev, *sent);
999 hci_dev_unlock(hdev);
1002 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1004 struct hci_cp_le_set_scan_param *cp;
1005 __u8 status = *((__u8 *) skb->data);
1007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1009 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1016 hdev->le_scan_type = cp->type;
1018 hci_dev_unlock(hdev);
1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1036 switch (cp->enable) {
1037 case LE_SCAN_ENABLE:
1038 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1041 case LE_SCAN_DISABLE:
1042 /* Cancel this timer so that we don't try to disable scanning
1043 * when it's already disabled.
1045 cancel_delayed_work(&hdev->le_scan_disable);
1047 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1048 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1049 * interrupted scanning due to a connect request. Mark
1050 * therefore discovery as stopped.
1052 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1054 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1058 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1063 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1068 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1071 hdev->le_white_list_size = rp->size;
1074 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1075 struct sk_buff *skb)
1077 __u8 status = *((__u8 *) skb->data);
1079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1082 hci_white_list_clear(hdev);
1085 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1088 struct hci_cp_le_add_to_white_list *sent;
1089 __u8 status = *((__u8 *) skb->data);
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1093 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1098 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1101 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1102 struct sk_buff *skb)
1104 struct hci_cp_le_del_from_white_list *sent;
1105 __u8 status = *((__u8 *) skb->data);
1107 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1109 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1114 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1117 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1118 struct sk_buff *skb)
1120 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1125 memcpy(hdev->le_states, rp->le_states, 8);
1128 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1129 struct sk_buff *skb)
1131 struct hci_cp_write_le_host_supported *sent;
1132 __u8 status = *((__u8 *) skb->data);
1134 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1142 hdev->features[1][0] |= LMP_HOST_LE;
1143 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1145 hdev->features[1][0] &= ~LMP_HOST_LE;
1146 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1147 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1151 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1153 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1157 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1159 struct hci_cp_le_set_adv_param *cp;
1160 u8 status = *((u8 *) skb->data);
1162 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1172 hdev->adv_addr_type = cp->own_address_type;
1173 hci_dev_unlock(hdev);
1176 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1179 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1181 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1182 hdev->name, rp->status, rp->phy_handle);
1187 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1190 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1195 hci_conn_check_pending(hdev);
1199 set_bit(HCI_INQUIRY, &hdev->flags);
1202 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1204 struct hci_cp_create_conn *cp;
1205 struct hci_conn *conn;
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1217 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1220 if (conn && conn->state == BT_CONNECT) {
1221 if (status != 0x0c || conn->attempt > 2) {
1222 conn->state = BT_CLOSED;
1223 hci_proto_connect_cfm(conn, status);
1226 conn->state = BT_CONNECT2;
1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1233 conn->link_mode |= HCI_LM_MASTER;
1235 BT_ERR("No memory for new connection");
1239 hci_dev_unlock(hdev);
1242 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1244 struct hci_cp_add_sco *cp;
1245 struct hci_conn *acl, *sco;
1248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1257 handle = __le16_to_cpu(cp->handle);
1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1263 acl = hci_conn_hash_lookup_handle(hdev, handle);
1267 sco->state = BT_CLOSED;
1269 hci_proto_connect_cfm(sco, status);
1274 hci_dev_unlock(hdev);
1277 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1279 struct hci_cp_auth_requested *cp;
1280 struct hci_conn *conn;
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1295 if (conn->state == BT_CONFIG) {
1296 hci_proto_connect_cfm(conn, status);
1297 hci_conn_drop(conn);
1301 hci_dev_unlock(hdev);
1304 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1306 struct hci_cp_set_conn_encrypt *cp;
1307 struct hci_conn *conn;
1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1322 if (conn->state == BT_CONFIG) {
1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_drop(conn);
1328 hci_dev_unlock(hdev);
1331 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1332 struct hci_conn *conn)
1334 if (conn->state != BT_CONFIG || !conn->out)
1337 if (conn->pending_sec_level == BT_SECURITY_SDP)
1340 /* Only request authentication for SSP connections or non-SSP
1341 * devices with sec_level MEDIUM or HIGH or if MITM protection
1344 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1345 conn->pending_sec_level != BT_SECURITY_HIGH &&
1346 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1352 static int hci_resolve_name(struct hci_dev *hdev,
1353 struct inquiry_entry *e)
1355 struct hci_cp_remote_name_req cp;
1357 memset(&cp, 0, sizeof(cp));
1359 bacpy(&cp.bdaddr, &e->data.bdaddr);
1360 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1361 cp.pscan_mode = e->data.pscan_mode;
1362 cp.clock_offset = e->data.clock_offset;
1364 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1367 static bool hci_resolve_next_name(struct hci_dev *hdev)
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1372 if (list_empty(&discov->resolve))
1375 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1379 if (hci_resolve_name(hdev, e) == 0) {
1380 e->name_state = NAME_PENDING;
1387 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1388 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1390 struct discovery_state *discov = &hdev->discovery;
1391 struct inquiry_entry *e;
1393 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1394 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1395 name_len, conn->dev_class);
1397 if (discov->state == DISCOVERY_STOPPED)
1400 if (discov->state == DISCOVERY_STOPPING)
1401 goto discov_complete;
1403 if (discov->state != DISCOVERY_RESOLVING)
1406 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1407 /* If the device was not found in a list of found devices names of which
1408 * are pending. there is no need to continue resolving a next name as it
1409 * will be done upon receiving another Remote Name Request Complete
1416 e->name_state = NAME_KNOWN;
1417 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1418 e->data.rssi, name, name_len);
1420 e->name_state = NAME_NOT_KNOWN;
1423 if (hci_resolve_next_name(hdev))
1427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1430 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1432 struct hci_cp_remote_name_req *cp;
1433 struct hci_conn *conn;
1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437 /* If successful wait for the name req complete event before
1438 * checking for the need to do authentication */
1442 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1450 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1451 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1456 if (!hci_outgoing_auth_needed(hdev, conn))
1459 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1460 struct hci_cp_auth_requested auth_cp;
1462 auth_cp.handle = __cpu_to_le16(conn->handle);
1463 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1464 sizeof(auth_cp), &auth_cp);
1468 hci_dev_unlock(hdev);
1471 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1473 struct hci_cp_read_remote_features *cp;
1474 struct hci_conn *conn;
1476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1481 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1489 if (conn->state == BT_CONFIG) {
1490 hci_proto_connect_cfm(conn, status);
1491 hci_conn_drop(conn);
1495 hci_dev_unlock(hdev);
1498 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1500 struct hci_cp_read_remote_ext_features *cp;
1501 struct hci_conn *conn;
1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn->state == BT_CONFIG) {
1517 hci_proto_connect_cfm(conn, status);
1518 hci_conn_drop(conn);
1522 hci_dev_unlock(hdev);
1525 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1527 struct hci_cp_setup_sync_conn *cp;
1528 struct hci_conn *acl, *sco;
1531 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1536 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1540 handle = __le16_to_cpu(cp->handle);
1542 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1546 acl = hci_conn_hash_lookup_handle(hdev, handle);
1550 sco->state = BT_CLOSED;
1552 hci_proto_connect_cfm(sco, status);
1557 hci_dev_unlock(hdev);
1560 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1562 struct hci_cp_sniff_mode *cp;
1563 struct hci_conn *conn;
1565 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1570 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1578 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1581 hci_sco_setup(conn, status);
1584 hci_dev_unlock(hdev);
1587 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1589 struct hci_cp_exit_sniff_mode *cp;
1590 struct hci_conn *conn;
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1597 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1605 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1607 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1608 hci_sco_setup(conn, status);
1611 hci_dev_unlock(hdev);
1614 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1616 struct hci_cp_disconnect *cp;
1617 struct hci_conn *conn;
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1630 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1631 conn->dst_type, status);
1633 hci_dev_unlock(hdev);
1636 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1638 struct hci_cp_create_phy_link *cp;
1640 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1642 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1649 struct hci_conn *hcon;
1651 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1655 amp_write_remote_assoc(hdev, cp->phy_handle);
1658 hci_dev_unlock(hdev);
1661 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1663 struct hci_cp_accept_phy_link *cp;
1665 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1670 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1674 amp_write_remote_assoc(hdev, cp->phy_handle);
1677 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1679 struct hci_cp_le_create_conn *cp;
1680 struct hci_conn *conn;
1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1684 /* All connection failure handling is taken care of by the
1685 * hci_le_conn_failed function which is triggered by the HCI
1686 * request completion callbacks used for connecting.
1691 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1697 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1701 /* Store the initiator and responder address information which
1702 * is needed for SMP. These values will not change during the
1703 * lifetime of the connection.
1705 conn->init_addr_type = cp->own_address_type;
1706 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1707 bacpy(&conn->init_addr, &hdev->random_addr);
1709 bacpy(&conn->init_addr, &hdev->bdaddr);
1711 conn->resp_addr_type = cp->peer_addr_type;
1712 bacpy(&conn->resp_addr, &cp->peer_addr);
1714 /* We don't want the connection attempt to stick around
1715 * indefinitely since LE doesn't have a page timeout concept
1716 * like BR/EDR. Set a timer for any connection that doesn't use
1717 * the white list for connecting.
1719 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1720 queue_delayed_work(conn->hdev->workqueue,
1721 &conn->le_conn_timeout,
1722 HCI_LE_CONN_TIMEOUT);
1725 hci_dev_unlock(hdev);
1728 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1730 struct hci_cp_le_start_enc *cp;
1731 struct hci_conn *conn;
1733 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1748 if (conn->state != BT_CONNECTED)
1751 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1752 hci_conn_drop(conn);
1755 hci_dev_unlock(hdev);
1758 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1760 __u8 status = *((__u8 *) skb->data);
1761 struct discovery_state *discov = &hdev->discovery;
1762 struct inquiry_entry *e;
1764 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1766 hci_conn_check_pending(hdev);
1768 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1771 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1772 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1774 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1779 if (discov->state != DISCOVERY_FINDING)
1782 if (list_empty(&discov->resolve)) {
1783 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1787 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1788 if (e && hci_resolve_name(hdev, e) == 0) {
1789 e->name_state = NAME_PENDING;
1790 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1792 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1796 hci_dev_unlock(hdev);
1799 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1801 struct inquiry_data data;
1802 struct inquiry_info *info = (void *) (skb->data + 1);
1803 int num_rsp = *((__u8 *) skb->data);
1805 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1810 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1815 for (; num_rsp; num_rsp--, info++) {
1816 bool name_known, ssp;
1818 bacpy(&data.bdaddr, &info->bdaddr);
1819 data.pscan_rep_mode = info->pscan_rep_mode;
1820 data.pscan_period_mode = info->pscan_period_mode;
1821 data.pscan_mode = info->pscan_mode;
1822 memcpy(data.dev_class, info->dev_class, 3);
1823 data.clock_offset = info->clock_offset;
1825 data.ssp_mode = 0x00;
1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1829 info->dev_class, 0, !name_known, ssp, NULL,
1833 hci_dev_unlock(hdev);
1836 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1838 struct hci_ev_conn_complete *ev = (void *) skb->data;
1839 struct hci_conn *conn;
1841 BT_DBG("%s", hdev->name);
1845 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1847 if (ev->link_type != SCO_LINK)
1850 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1854 conn->type = SCO_LINK;
1858 conn->handle = __le16_to_cpu(ev->handle);
1860 if (conn->type == ACL_LINK) {
1861 conn->state = BT_CONFIG;
1862 hci_conn_hold(conn);
1864 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1865 !hci_find_link_key(hdev, &ev->bdaddr))
1866 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1868 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1870 conn->state = BT_CONNECTED;
1872 hci_conn_add_sysfs(conn);
1874 if (test_bit(HCI_AUTH, &hdev->flags))
1875 conn->link_mode |= HCI_LM_AUTH;
1877 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1878 conn->link_mode |= HCI_LM_ENCRYPT;
1880 /* Get remote features */
1881 if (conn->type == ACL_LINK) {
1882 struct hci_cp_read_remote_features cp;
1883 cp.handle = ev->handle;
1884 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1888 /* Set packet type for incoming connection */
1889 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1890 struct hci_cp_change_conn_ptype cp;
1891 cp.handle = ev->handle;
1892 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1893 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1897 conn->state = BT_CLOSED;
1898 if (conn->type == ACL_LINK)
1899 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1900 conn->dst_type, ev->status);
1903 if (conn->type == ACL_LINK)
1904 hci_sco_setup(conn, ev->status);
1907 hci_proto_connect_cfm(conn, ev->status);
1909 } else if (ev->link_type != ACL_LINK)
1910 hci_proto_connect_cfm(conn, ev->status);
1913 hci_dev_unlock(hdev);
1915 hci_conn_check_pending(hdev);
1918 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1920 struct hci_ev_conn_request *ev = (void *) skb->data;
1921 int mask = hdev->link_mode;
1924 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1927 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1930 if ((mask & HCI_LM_ACCEPT) &&
1931 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1932 /* Connection accepted */
1933 struct inquiry_entry *ie;
1934 struct hci_conn *conn;
1938 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1940 memcpy(ie->data.dev_class, ev->dev_class, 3);
1942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1945 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1947 BT_ERR("No memory for new connection");
1948 hci_dev_unlock(hdev);
1953 memcpy(conn->dev_class, ev->dev_class, 3);
1955 hci_dev_unlock(hdev);
1957 if (ev->link_type == ACL_LINK ||
1958 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1959 struct hci_cp_accept_conn_req cp;
1960 conn->state = BT_CONNECT;
1962 bacpy(&cp.bdaddr, &ev->bdaddr);
1964 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1965 cp.role = 0x00; /* Become master */
1967 cp.role = 0x01; /* Remain slave */
1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1971 } else if (!(flags & HCI_PROTO_DEFER)) {
1972 struct hci_cp_accept_sync_conn_req cp;
1973 conn->state = BT_CONNECT;
1975 bacpy(&cp.bdaddr, &ev->bdaddr);
1976 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1978 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1979 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1980 cp.max_latency = cpu_to_le16(0xffff);
1981 cp.content_format = cpu_to_le16(hdev->voice_setting);
1982 cp.retrans_effort = 0xff;
1984 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1987 conn->state = BT_CONNECT2;
1988 hci_proto_connect_cfm(conn, 0);
1991 /* Connection rejected */
1992 struct hci_cp_reject_conn_req cp;
1994 bacpy(&cp.bdaddr, &ev->bdaddr);
1995 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1996 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2000 static u8 hci_to_mgmt_reason(u8 err)
2003 case HCI_ERROR_CONNECTION_TIMEOUT:
2004 return MGMT_DEV_DISCONN_TIMEOUT;
2005 case HCI_ERROR_REMOTE_USER_TERM:
2006 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2007 case HCI_ERROR_REMOTE_POWER_OFF:
2008 return MGMT_DEV_DISCONN_REMOTE;
2009 case HCI_ERROR_LOCAL_HOST_TERM:
2010 return MGMT_DEV_DISCONN_LOCAL_HOST;
2012 return MGMT_DEV_DISCONN_UNKNOWN;
2016 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2018 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2019 u8 reason = hci_to_mgmt_reason(ev->reason);
2020 struct hci_conn_params *params;
2021 struct hci_conn *conn;
2022 bool mgmt_connected;
2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2034 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2035 conn->dst_type, ev->status);
2039 conn->state = BT_CLOSED;
2041 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2042 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2043 reason, mgmt_connected);
2045 if (conn->type == ACL_LINK && conn->flush_key)
2046 hci_remove_link_key(hdev, &conn->dst);
2048 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2050 switch (params->auto_connect) {
2051 case HCI_AUTO_CONN_LINK_LOSS:
2052 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2056 case HCI_AUTO_CONN_ALWAYS:
2057 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2067 hci_proto_disconn_cfm(conn, ev->reason);
2070 /* Re-enable advertising if necessary, since it might
2071 * have been disabled by the connection. From the
2072 * HCI_LE_Set_Advertise_Enable command description in
2073 * the core specification (v4.0):
2074 * "The Controller shall continue advertising until the Host
2075 * issues an LE_Set_Advertise_Enable command with
2076 * Advertising_Enable set to 0x00 (Advertising is disabled)
2077 * or until a connection is created or until the Advertising
2078 * is timed out due to Directed Advertising."
2080 if (type == LE_LINK)
2081 mgmt_reenable_advertising(hdev);
2084 hci_dev_unlock(hdev);
2087 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2089 struct hci_ev_auth_complete *ev = (void *) skb->data;
2090 struct hci_conn *conn;
2092 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2101 if (!hci_conn_ssp_enabled(conn) &&
2102 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2103 BT_INFO("re-auth of legacy device is not possible.");
2105 conn->link_mode |= HCI_LM_AUTH;
2106 conn->sec_level = conn->pending_sec_level;
2109 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2113 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2114 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2116 if (conn->state == BT_CONFIG) {
2117 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2118 struct hci_cp_set_conn_encrypt cp;
2119 cp.handle = ev->handle;
2121 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2124 conn->state = BT_CONNECTED;
2125 hci_proto_connect_cfm(conn, ev->status);
2126 hci_conn_drop(conn);
2129 hci_auth_cfm(conn, ev->status);
2131 hci_conn_hold(conn);
2132 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2133 hci_conn_drop(conn);
2136 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2138 struct hci_cp_set_conn_encrypt cp;
2139 cp.handle = ev->handle;
2141 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2144 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2145 hci_encrypt_cfm(conn, ev->status, 0x00);
2150 hci_dev_unlock(hdev);
2153 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2155 struct hci_ev_remote_name *ev = (void *) skb->data;
2156 struct hci_conn *conn;
2158 BT_DBG("%s", hdev->name);
2160 hci_conn_check_pending(hdev);
2164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2166 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2169 if (ev->status == 0)
2170 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2171 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2173 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2179 if (!hci_outgoing_auth_needed(hdev, conn))
2182 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2183 struct hci_cp_auth_requested cp;
2184 cp.handle = __cpu_to_le16(conn->handle);
2185 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2189 hci_dev_unlock(hdev);
2192 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2194 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2195 struct hci_conn *conn;
2197 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2207 /* Encryption implies authentication */
2208 conn->link_mode |= HCI_LM_AUTH;
2209 conn->link_mode |= HCI_LM_ENCRYPT;
2210 conn->sec_level = conn->pending_sec_level;
2212 /* P-256 authentication key implies FIPS */
2213 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2214 conn->link_mode |= HCI_LM_FIPS;
2216 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2217 conn->type == LE_LINK)
2218 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2220 conn->link_mode &= ~HCI_LM_ENCRYPT;
2221 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2225 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2227 if (ev->status && conn->state == BT_CONNECTED) {
2228 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2229 hci_conn_drop(conn);
2233 if (conn->state == BT_CONFIG) {
2235 conn->state = BT_CONNECTED;
2237 /* In Secure Connections Only mode, do not allow any
2238 * connections that are not encrypted with AES-CCM
2239 * using a P-256 authenticated combination key.
2241 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2242 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2243 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2244 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2245 hci_conn_drop(conn);
2249 hci_proto_connect_cfm(conn, ev->status);
2250 hci_conn_drop(conn);
2252 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2255 hci_dev_unlock(hdev);
2258 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2259 struct sk_buff *skb)
2261 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2262 struct hci_conn *conn;
2264 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2271 conn->link_mode |= HCI_LM_SECURE;
2273 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2275 hci_key_change_cfm(conn, ev->status);
2278 hci_dev_unlock(hdev);
2281 static void hci_remote_features_evt(struct hci_dev *hdev,
2282 struct sk_buff *skb)
2284 struct hci_ev_remote_features *ev = (void *) skb->data;
2285 struct hci_conn *conn;
2287 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2296 memcpy(conn->features[0], ev->features, 8);
2298 if (conn->state != BT_CONFIG)
2301 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2302 struct hci_cp_read_remote_ext_features cp;
2303 cp.handle = ev->handle;
2305 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2310 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2311 struct hci_cp_remote_name_req cp;
2312 memset(&cp, 0, sizeof(cp));
2313 bacpy(&cp.bdaddr, &conn->dst);
2314 cp.pscan_rep_mode = 0x02;
2315 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2316 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2317 mgmt_device_connected(hdev, &conn->dst, conn->type,
2318 conn->dst_type, 0, NULL, 0,
2321 if (!hci_outgoing_auth_needed(hdev, conn)) {
2322 conn->state = BT_CONNECTED;
2323 hci_proto_connect_cfm(conn, ev->status);
2324 hci_conn_drop(conn);
2328 hci_dev_unlock(hdev);
2331 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2333 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2334 u8 status = skb->data[sizeof(*ev)];
2337 skb_pull(skb, sizeof(*ev));
2339 opcode = __le16_to_cpu(ev->opcode);
2342 case HCI_OP_INQUIRY_CANCEL:
2343 hci_cc_inquiry_cancel(hdev, skb);
2346 case HCI_OP_PERIODIC_INQ:
2347 hci_cc_periodic_inq(hdev, skb);
2350 case HCI_OP_EXIT_PERIODIC_INQ:
2351 hci_cc_exit_periodic_inq(hdev, skb);
2354 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2355 hci_cc_remote_name_req_cancel(hdev, skb);
2358 case HCI_OP_ROLE_DISCOVERY:
2359 hci_cc_role_discovery(hdev, skb);
2362 case HCI_OP_READ_LINK_POLICY:
2363 hci_cc_read_link_policy(hdev, skb);
2366 case HCI_OP_WRITE_LINK_POLICY:
2367 hci_cc_write_link_policy(hdev, skb);
2370 case HCI_OP_READ_DEF_LINK_POLICY:
2371 hci_cc_read_def_link_policy(hdev, skb);
2374 case HCI_OP_WRITE_DEF_LINK_POLICY:
2375 hci_cc_write_def_link_policy(hdev, skb);
2379 hci_cc_reset(hdev, skb);
2382 case HCI_OP_WRITE_LOCAL_NAME:
2383 hci_cc_write_local_name(hdev, skb);
2386 case HCI_OP_READ_LOCAL_NAME:
2387 hci_cc_read_local_name(hdev, skb);
2390 case HCI_OP_WRITE_AUTH_ENABLE:
2391 hci_cc_write_auth_enable(hdev, skb);
2394 case HCI_OP_WRITE_ENCRYPT_MODE:
2395 hci_cc_write_encrypt_mode(hdev, skb);
2398 case HCI_OP_WRITE_SCAN_ENABLE:
2399 hci_cc_write_scan_enable(hdev, skb);
2402 case HCI_OP_READ_CLASS_OF_DEV:
2403 hci_cc_read_class_of_dev(hdev, skb);
2406 case HCI_OP_WRITE_CLASS_OF_DEV:
2407 hci_cc_write_class_of_dev(hdev, skb);
2410 case HCI_OP_READ_VOICE_SETTING:
2411 hci_cc_read_voice_setting(hdev, skb);
2414 case HCI_OP_WRITE_VOICE_SETTING:
2415 hci_cc_write_voice_setting(hdev, skb);
2418 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2419 hci_cc_read_num_supported_iac(hdev, skb);
2422 case HCI_OP_WRITE_SSP_MODE:
2423 hci_cc_write_ssp_mode(hdev, skb);
2426 case HCI_OP_WRITE_SC_SUPPORT:
2427 hci_cc_write_sc_support(hdev, skb);
2430 case HCI_OP_READ_LOCAL_VERSION:
2431 hci_cc_read_local_version(hdev, skb);
2434 case HCI_OP_READ_LOCAL_COMMANDS:
2435 hci_cc_read_local_commands(hdev, skb);
2438 case HCI_OP_READ_LOCAL_FEATURES:
2439 hci_cc_read_local_features(hdev, skb);
2442 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2443 hci_cc_read_local_ext_features(hdev, skb);
2446 case HCI_OP_READ_BUFFER_SIZE:
2447 hci_cc_read_buffer_size(hdev, skb);
2450 case HCI_OP_READ_BD_ADDR:
2451 hci_cc_read_bd_addr(hdev, skb);
2454 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2455 hci_cc_read_page_scan_activity(hdev, skb);
2458 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2459 hci_cc_write_page_scan_activity(hdev, skb);
2462 case HCI_OP_READ_PAGE_SCAN_TYPE:
2463 hci_cc_read_page_scan_type(hdev, skb);
2466 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2467 hci_cc_write_page_scan_type(hdev, skb);
2470 case HCI_OP_READ_DATA_BLOCK_SIZE:
2471 hci_cc_read_data_block_size(hdev, skb);
2474 case HCI_OP_READ_FLOW_CONTROL_MODE:
2475 hci_cc_read_flow_control_mode(hdev, skb);
2478 case HCI_OP_READ_LOCAL_AMP_INFO:
2479 hci_cc_read_local_amp_info(hdev, skb);
2482 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2483 hci_cc_read_local_amp_assoc(hdev, skb);
2486 case HCI_OP_READ_INQ_RSP_TX_POWER:
2487 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2490 case HCI_OP_PIN_CODE_REPLY:
2491 hci_cc_pin_code_reply(hdev, skb);
2494 case HCI_OP_PIN_CODE_NEG_REPLY:
2495 hci_cc_pin_code_neg_reply(hdev, skb);
2498 case HCI_OP_READ_LOCAL_OOB_DATA:
2499 hci_cc_read_local_oob_data(hdev, skb);
2502 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2503 hci_cc_read_local_oob_ext_data(hdev, skb);
2506 case HCI_OP_LE_READ_BUFFER_SIZE:
2507 hci_cc_le_read_buffer_size(hdev, skb);
2510 case HCI_OP_LE_READ_LOCAL_FEATURES:
2511 hci_cc_le_read_local_features(hdev, skb);
2514 case HCI_OP_LE_READ_ADV_TX_POWER:
2515 hci_cc_le_read_adv_tx_power(hdev, skb);
2518 case HCI_OP_USER_CONFIRM_REPLY:
2519 hci_cc_user_confirm_reply(hdev, skb);
2522 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2523 hci_cc_user_confirm_neg_reply(hdev, skb);
2526 case HCI_OP_USER_PASSKEY_REPLY:
2527 hci_cc_user_passkey_reply(hdev, skb);
2530 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2531 hci_cc_user_passkey_neg_reply(hdev, skb);
2534 case HCI_OP_LE_SET_RANDOM_ADDR:
2535 hci_cc_le_set_random_addr(hdev, skb);
2538 case HCI_OP_LE_SET_ADV_ENABLE:
2539 hci_cc_le_set_adv_enable(hdev, skb);
2542 case HCI_OP_LE_SET_SCAN_PARAM:
2543 hci_cc_le_set_scan_param(hdev, skb);
2546 case HCI_OP_LE_SET_SCAN_ENABLE:
2547 hci_cc_le_set_scan_enable(hdev, skb);
2550 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2551 hci_cc_le_read_white_list_size(hdev, skb);
2554 case HCI_OP_LE_CLEAR_WHITE_LIST:
2555 hci_cc_le_clear_white_list(hdev, skb);
2558 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2559 hci_cc_le_add_to_white_list(hdev, skb);
2562 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2563 hci_cc_le_del_from_white_list(hdev, skb);
2566 case HCI_OP_LE_READ_SUPPORTED_STATES:
2567 hci_cc_le_read_supported_states(hdev, skb);
2570 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2571 hci_cc_write_le_host_supported(hdev, skb);
2574 case HCI_OP_LE_SET_ADV_PARAM:
2575 hci_cc_set_adv_param(hdev, skb);
2578 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2579 hci_cc_write_remote_amp_assoc(hdev, skb);
2583 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2587 if (opcode != HCI_OP_NOP)
2588 del_timer(&hdev->cmd_timer);
2590 hci_req_cmd_complete(hdev, opcode, status);
2592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2593 atomic_set(&hdev->cmd_cnt, 1);
2594 if (!skb_queue_empty(&hdev->cmd_q))
2595 queue_work(hdev->workqueue, &hdev->cmd_work);
2599 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2601 struct hci_ev_cmd_status *ev = (void *) skb->data;
2604 skb_pull(skb, sizeof(*ev));
2606 opcode = __le16_to_cpu(ev->opcode);
2609 case HCI_OP_INQUIRY:
2610 hci_cs_inquiry(hdev, ev->status);
2613 case HCI_OP_CREATE_CONN:
2614 hci_cs_create_conn(hdev, ev->status);
2617 case HCI_OP_ADD_SCO:
2618 hci_cs_add_sco(hdev, ev->status);
2621 case HCI_OP_AUTH_REQUESTED:
2622 hci_cs_auth_requested(hdev, ev->status);
2625 case HCI_OP_SET_CONN_ENCRYPT:
2626 hci_cs_set_conn_encrypt(hdev, ev->status);
2629 case HCI_OP_REMOTE_NAME_REQ:
2630 hci_cs_remote_name_req(hdev, ev->status);
2633 case HCI_OP_READ_REMOTE_FEATURES:
2634 hci_cs_read_remote_features(hdev, ev->status);
2637 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2638 hci_cs_read_remote_ext_features(hdev, ev->status);
2641 case HCI_OP_SETUP_SYNC_CONN:
2642 hci_cs_setup_sync_conn(hdev, ev->status);
2645 case HCI_OP_SNIFF_MODE:
2646 hci_cs_sniff_mode(hdev, ev->status);
2649 case HCI_OP_EXIT_SNIFF_MODE:
2650 hci_cs_exit_sniff_mode(hdev, ev->status);
2653 case HCI_OP_DISCONNECT:
2654 hci_cs_disconnect(hdev, ev->status);
2657 case HCI_OP_CREATE_PHY_LINK:
2658 hci_cs_create_phylink(hdev, ev->status);
2661 case HCI_OP_ACCEPT_PHY_LINK:
2662 hci_cs_accept_phylink(hdev, ev->status);
2665 case HCI_OP_LE_CREATE_CONN:
2666 hci_cs_le_create_conn(hdev, ev->status);
2669 case HCI_OP_LE_START_ENC:
2670 hci_cs_le_start_enc(hdev, ev->status);
2674 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2678 if (opcode != HCI_OP_NOP)
2679 del_timer(&hdev->cmd_timer);
2682 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2683 hci_req_cmd_complete(hdev, opcode, ev->status);
2685 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2686 atomic_set(&hdev->cmd_cnt, 1);
2687 if (!skb_queue_empty(&hdev->cmd_q))
2688 queue_work(hdev->workqueue, &hdev->cmd_work);
2692 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2694 struct hci_ev_role_change *ev = (void *) skb->data;
2695 struct hci_conn *conn;
2697 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2701 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2705 conn->link_mode &= ~HCI_LM_MASTER;
2707 conn->link_mode |= HCI_LM_MASTER;
2710 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2712 hci_role_switch_cfm(conn, ev->status, ev->role);
2715 hci_dev_unlock(hdev);
2718 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2720 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2723 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2724 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2728 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2729 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2730 BT_DBG("%s bad parameters", hdev->name);
2734 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2736 for (i = 0; i < ev->num_hndl; i++) {
2737 struct hci_comp_pkts_info *info = &ev->handles[i];
2738 struct hci_conn *conn;
2739 __u16 handle, count;
2741 handle = __le16_to_cpu(info->handle);
2742 count = __le16_to_cpu(info->count);
2744 conn = hci_conn_hash_lookup_handle(hdev, handle);
2748 conn->sent -= count;
2750 switch (conn->type) {
2752 hdev->acl_cnt += count;
2753 if (hdev->acl_cnt > hdev->acl_pkts)
2754 hdev->acl_cnt = hdev->acl_pkts;
2758 if (hdev->le_pkts) {
2759 hdev->le_cnt += count;
2760 if (hdev->le_cnt > hdev->le_pkts)
2761 hdev->le_cnt = hdev->le_pkts;
2763 hdev->acl_cnt += count;
2764 if (hdev->acl_cnt > hdev->acl_pkts)
2765 hdev->acl_cnt = hdev->acl_pkts;
2770 hdev->sco_cnt += count;
2771 if (hdev->sco_cnt > hdev->sco_pkts)
2772 hdev->sco_cnt = hdev->sco_pkts;
2776 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2781 queue_work(hdev->workqueue, &hdev->tx_work);
2784 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2787 struct hci_chan *chan;
2789 switch (hdev->dev_type) {
2791 return hci_conn_hash_lookup_handle(hdev, handle);
2793 chan = hci_chan_lookup_handle(hdev, handle);
2798 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2805 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2807 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2810 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2811 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2815 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2816 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2817 BT_DBG("%s bad parameters", hdev->name);
2821 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2824 for (i = 0; i < ev->num_hndl; i++) {
2825 struct hci_comp_blocks_info *info = &ev->handles[i];
2826 struct hci_conn *conn = NULL;
2827 __u16 handle, block_count;
2829 handle = __le16_to_cpu(info->handle);
2830 block_count = __le16_to_cpu(info->blocks);
2832 conn = __hci_conn_lookup_handle(hdev, handle);
2836 conn->sent -= block_count;
2838 switch (conn->type) {
2841 hdev->block_cnt += block_count;
2842 if (hdev->block_cnt > hdev->num_blocks)
2843 hdev->block_cnt = hdev->num_blocks;
2847 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2852 queue_work(hdev->workqueue, &hdev->tx_work);
2855 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2857 struct hci_ev_mode_change *ev = (void *) skb->data;
2858 struct hci_conn *conn;
2860 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2866 conn->mode = ev->mode;
2868 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2870 if (conn->mode == HCI_CM_ACTIVE)
2871 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2873 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2876 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2877 hci_sco_setup(conn, ev->status);
2880 hci_dev_unlock(hdev);
2883 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2886 struct hci_conn *conn;
2888 BT_DBG("%s", hdev->name);
2892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2896 if (conn->state == BT_CONNECTED) {
2897 hci_conn_hold(conn);
2898 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2899 hci_conn_drop(conn);
2902 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2903 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2904 sizeof(ev->bdaddr), &ev->bdaddr);
2905 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2908 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2913 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2917 hci_dev_unlock(hdev);
2920 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2922 struct hci_ev_link_key_req *ev = (void *) skb->data;
2923 struct hci_cp_link_key_reply cp;
2924 struct hci_conn *conn;
2925 struct link_key *key;
2927 BT_DBG("%s", hdev->name);
2929 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2934 key = hci_find_link_key(hdev, &ev->bdaddr);
2936 BT_DBG("%s link key not found for %pMR", hdev->name,
2941 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2944 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2945 key->type == HCI_LK_DEBUG_COMBINATION) {
2946 BT_DBG("%s ignoring debug key", hdev->name);
2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2952 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2953 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2954 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2955 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2959 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2960 conn->pending_sec_level == BT_SECURITY_HIGH) {
2961 BT_DBG("%s ignoring key unauthenticated for high security",
2966 conn->key_type = key->type;
2967 conn->pin_length = key->pin_len;
2970 bacpy(&cp.bdaddr, &ev->bdaddr);
2971 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2973 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2975 hci_dev_unlock(hdev);
2980 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2981 hci_dev_unlock(hdev);
2984 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2986 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2987 struct hci_conn *conn;
2990 BT_DBG("%s", hdev->name);
2994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2996 hci_conn_hold(conn);
2997 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2998 pin_len = conn->pin_length;
3000 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3001 conn->key_type = ev->key_type;
3003 hci_conn_drop(conn);
3006 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3007 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3008 ev->key_type, pin_len);
3010 hci_dev_unlock(hdev);
3013 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3015 struct hci_ev_clock_offset *ev = (void *) skb->data;
3016 struct hci_conn *conn;
3018 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3023 if (conn && !ev->status) {
3024 struct inquiry_entry *ie;
3026 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3028 ie->data.clock_offset = ev->clock_offset;
3029 ie->timestamp = jiffies;
3033 hci_dev_unlock(hdev);
3036 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3038 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3039 struct hci_conn *conn;
3041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3046 if (conn && !ev->status)
3047 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3049 hci_dev_unlock(hdev);
3052 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3054 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3055 struct inquiry_entry *ie;
3057 BT_DBG("%s", hdev->name);
3061 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3063 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3064 ie->timestamp = jiffies;
3067 hci_dev_unlock(hdev);
3070 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3071 struct sk_buff *skb)
3073 struct inquiry_data data;
3074 int num_rsp = *((__u8 *) skb->data);
3075 bool name_known, ssp;
3077 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3082 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3087 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3088 struct inquiry_info_with_rssi_and_pscan_mode *info;
3089 info = (void *) (skb->data + 1);
3091 for (; num_rsp; num_rsp--, info++) {
3092 bacpy(&data.bdaddr, &info->bdaddr);
3093 data.pscan_rep_mode = info->pscan_rep_mode;
3094 data.pscan_period_mode = info->pscan_period_mode;
3095 data.pscan_mode = info->pscan_mode;
3096 memcpy(data.dev_class, info->dev_class, 3);
3097 data.clock_offset = info->clock_offset;
3098 data.rssi = info->rssi;
3099 data.ssp_mode = 0x00;
3101 name_known = hci_inquiry_cache_update(hdev, &data,
3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3104 info->dev_class, info->rssi,
3105 !name_known, ssp, NULL, 0);
3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3110 for (; num_rsp; num_rsp--, info++) {
3111 bacpy(&data.bdaddr, &info->bdaddr);
3112 data.pscan_rep_mode = info->pscan_rep_mode;
3113 data.pscan_period_mode = info->pscan_period_mode;
3114 data.pscan_mode = 0x00;
3115 memcpy(data.dev_class, info->dev_class, 3);
3116 data.clock_offset = info->clock_offset;
3117 data.rssi = info->rssi;
3118 data.ssp_mode = 0x00;
3119 name_known = hci_inquiry_cache_update(hdev, &data,
3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3122 info->dev_class, info->rssi,
3123 !name_known, ssp, NULL, 0);
3127 hci_dev_unlock(hdev);
3130 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3131 struct sk_buff *skb)
3133 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3134 struct hci_conn *conn;
3136 BT_DBG("%s", hdev->name);
3140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3144 if (ev->page < HCI_MAX_PAGES)
3145 memcpy(conn->features[ev->page], ev->features, 8);
3147 if (!ev->status && ev->page == 0x01) {
3148 struct inquiry_entry *ie;
3150 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3152 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3154 if (ev->features[0] & LMP_HOST_SSP) {
3155 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3157 /* It is mandatory by the Bluetooth specification that
3158 * Extended Inquiry Results are only used when Secure
3159 * Simple Pairing is enabled, but some devices violate
3162 * To make these devices work, the internal SSP
3163 * enabled flag needs to be cleared if the remote host
3164 * features do not indicate SSP support */
3165 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3168 if (ev->features[0] & LMP_HOST_SC)
3169 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3172 if (conn->state != BT_CONFIG)
3175 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3176 struct hci_cp_remote_name_req cp;
3177 memset(&cp, 0, sizeof(cp));
3178 bacpy(&cp.bdaddr, &conn->dst);
3179 cp.pscan_rep_mode = 0x02;
3180 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3181 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3182 mgmt_device_connected(hdev, &conn->dst, conn->type,
3183 conn->dst_type, 0, NULL, 0,
3186 if (!hci_outgoing_auth_needed(hdev, conn)) {
3187 conn->state = BT_CONNECTED;
3188 hci_proto_connect_cfm(conn, ev->status);
3189 hci_conn_drop(conn);
3193 hci_dev_unlock(hdev);
3196 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
3199 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3200 struct hci_conn *conn;
3202 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3206 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3208 if (ev->link_type == ESCO_LINK)
3211 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3215 conn->type = SCO_LINK;
3218 switch (ev->status) {
3220 conn->handle = __le16_to_cpu(ev->handle);
3221 conn->state = BT_CONNECTED;
3223 hci_conn_add_sysfs(conn);
3226 case 0x0d: /* Connection Rejected due to Limited Resources */
3227 case 0x11: /* Unsupported Feature or Parameter Value */
3228 case 0x1c: /* SCO interval rejected */
3229 case 0x1a: /* Unsupported Remote Feature */
3230 case 0x1f: /* Unspecified error */
3231 case 0x20: /* Unsupported LMP Parameter value */
3233 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3234 (hdev->esco_type & EDR_ESCO_MASK);
3235 if (hci_setup_sync(conn, conn->link->handle))
3241 conn->state = BT_CLOSED;
3245 hci_proto_connect_cfm(conn, ev->status);
3250 hci_dev_unlock(hdev);
3253 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3257 while (parsed < eir_len) {
3258 u8 field_len = eir[0];
3263 parsed += field_len + 1;
3264 eir += field_len + 1;
3270 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3271 struct sk_buff *skb)
3273 struct inquiry_data data;
3274 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3275 int num_rsp = *((__u8 *) skb->data);
3278 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3283 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3288 for (; num_rsp; num_rsp--, info++) {
3289 bool name_known, ssp;
3291 bacpy(&data.bdaddr, &info->bdaddr);
3292 data.pscan_rep_mode = info->pscan_rep_mode;
3293 data.pscan_period_mode = info->pscan_period_mode;
3294 data.pscan_mode = 0x00;
3295 memcpy(data.dev_class, info->dev_class, 3);
3296 data.clock_offset = info->clock_offset;
3297 data.rssi = info->rssi;
3298 data.ssp_mode = 0x01;
3300 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3301 name_known = eir_has_data_type(info->data,
3307 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3309 eir_len = eir_get_length(info->data, sizeof(info->data));
3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3311 info->dev_class, info->rssi, !name_known,
3312 ssp, info->data, eir_len);
3315 hci_dev_unlock(hdev);
3318 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3319 struct sk_buff *skb)
3321 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3322 struct hci_conn *conn;
3324 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3325 __le16_to_cpu(ev->handle));
3329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3333 /* For BR/EDR the necessary steps are taken through the
3334 * auth_complete event.
3336 if (conn->type != LE_LINK)
3340 conn->sec_level = conn->pending_sec_level;
3342 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3344 if (ev->status && conn->state == BT_CONNECTED) {
3345 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3346 hci_conn_drop(conn);
3350 if (conn->state == BT_CONFIG) {
3352 conn->state = BT_CONNECTED;
3354 hci_proto_connect_cfm(conn, ev->status);
3355 hci_conn_drop(conn);
3357 hci_auth_cfm(conn, ev->status);
3359 hci_conn_hold(conn);
3360 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3361 hci_conn_drop(conn);
3365 hci_dev_unlock(hdev);
3368 static u8 hci_get_auth_req(struct hci_conn *conn)
3370 /* If remote requests dedicated bonding follow that lead */
3371 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3372 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3373 /* If both remote and local IO capabilities allow MITM
3374 * protection then require it, otherwise don't */
3375 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3376 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3377 return HCI_AT_DEDICATED_BONDING;
3379 return HCI_AT_DEDICATED_BONDING_MITM;
3382 /* If remote requests no-bonding follow that lead */
3383 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3384 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3385 return conn->remote_auth | (conn->auth_type & 0x01);
3387 return conn->auth_type;
3390 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3392 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3393 struct hci_conn *conn;
3395 BT_DBG("%s", hdev->name);
3399 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3403 hci_conn_hold(conn);
3405 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3409 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3410 struct hci_cp_io_capability_reply cp;
3412 bacpy(&cp.bdaddr, &ev->bdaddr);
3413 /* Change the IO capability from KeyboardDisplay
3414 * to DisplayYesNo as it is not supported by BT spec. */
3415 cp.capability = (conn->io_capability == 0x04) ?
3416 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3417 conn->auth_type = hci_get_auth_req(conn);
3418 cp.authentication = conn->auth_type;
3420 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3421 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3426 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3429 struct hci_cp_io_capability_neg_reply cp;
3431 bacpy(&cp.bdaddr, &ev->bdaddr);
3432 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3434 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3439 hci_dev_unlock(hdev);
3442 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3444 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3445 struct hci_conn *conn;
3447 BT_DBG("%s", hdev->name);
3451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3455 conn->remote_cap = ev->capability;
3456 conn->remote_auth = ev->authentication;
3458 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3461 hci_dev_unlock(hdev);
3464 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3465 struct sk_buff *skb)
3467 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3468 int loc_mitm, rem_mitm, confirm_hint = 0;
3469 struct hci_conn *conn;
3471 BT_DBG("%s", hdev->name);
3475 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3478 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3482 loc_mitm = (conn->auth_type & 0x01);
3483 rem_mitm = (conn->remote_auth & 0x01);
3485 /* If we require MITM but the remote device can't provide that
3486 * (it has NoInputNoOutput) then reject the confirmation
3487 * request. The only exception is when we're dedicated bonding
3488 * initiators (connect_cfm_cb set) since then we always have the MITM
3490 if (!conn->connect_cfm_cb && loc_mitm &&
3491 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3492 BT_DBG("Rejecting request: remote device can't provide MITM");
3493 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3494 sizeof(ev->bdaddr), &ev->bdaddr);
3498 /* If no side requires MITM protection; auto-accept */
3499 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3500 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3502 /* If we're not the initiators request authorization to
3503 * proceed from user space (mgmt_user_confirm with
3504 * confirm_hint set to 1). */
3505 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3506 BT_DBG("Confirming auto-accept as acceptor");
3511 BT_DBG("Auto-accept of user confirmation with %ums delay",
3512 hdev->auto_accept_delay);
3514 if (hdev->auto_accept_delay > 0) {
3515 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3516 queue_delayed_work(conn->hdev->workqueue,
3517 &conn->auto_accept_work, delay);
3521 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3522 sizeof(ev->bdaddr), &ev->bdaddr);
3527 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3528 le32_to_cpu(ev->passkey), confirm_hint);
3531 hci_dev_unlock(hdev);
3534 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3535 struct sk_buff *skb)
3537 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3539 BT_DBG("%s", hdev->name);
3541 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3542 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3545 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3546 struct sk_buff *skb)
3548 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3549 struct hci_conn *conn;
3551 BT_DBG("%s", hdev->name);
3553 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3557 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3558 conn->passkey_entered = 0;
3560 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3561 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3562 conn->dst_type, conn->passkey_notify,
3563 conn->passkey_entered);
3566 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3568 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3569 struct hci_conn *conn;
3571 BT_DBG("%s", hdev->name);
3573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3578 case HCI_KEYPRESS_STARTED:
3579 conn->passkey_entered = 0;
3582 case HCI_KEYPRESS_ENTERED:
3583 conn->passkey_entered++;
3586 case HCI_KEYPRESS_ERASED:
3587 conn->passkey_entered--;
3590 case HCI_KEYPRESS_CLEARED:
3591 conn->passkey_entered = 0;
3594 case HCI_KEYPRESS_COMPLETED:
3598 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3599 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3600 conn->dst_type, conn->passkey_notify,
3601 conn->passkey_entered);
3604 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3605 struct sk_buff *skb)
3607 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3608 struct hci_conn *conn;
3610 BT_DBG("%s", hdev->name);
3614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3618 /* To avoid duplicate auth_failed events to user space we check
3619 * the HCI_CONN_AUTH_PEND flag which will be set if we
3620 * initiated the authentication. A traditional auth_complete
3621 * event gets always produced as initiator and is also mapped to
3622 * the mgmt_auth_failed event */
3623 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3624 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3627 hci_conn_drop(conn);
3630 hci_dev_unlock(hdev);
3633 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3634 struct sk_buff *skb)
3636 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3637 struct inquiry_entry *ie;
3638 struct hci_conn *conn;
3640 BT_DBG("%s", hdev->name);
3644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3646 memcpy(conn->features[1], ev->features, 8);
3648 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3650 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3652 hci_dev_unlock(hdev);
3655 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3656 struct sk_buff *skb)
3658 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3659 struct oob_data *data;
3661 BT_DBG("%s", hdev->name);
3665 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3668 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3670 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3671 struct hci_cp_remote_oob_ext_data_reply cp;
3673 bacpy(&cp.bdaddr, &ev->bdaddr);
3674 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3675 memcpy(cp.randomizer192, data->randomizer192,
3676 sizeof(cp.randomizer192));
3677 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3678 memcpy(cp.randomizer256, data->randomizer256,
3679 sizeof(cp.randomizer256));
3681 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3684 struct hci_cp_remote_oob_data_reply cp;
3686 bacpy(&cp.bdaddr, &ev->bdaddr);
3687 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3688 memcpy(cp.randomizer, data->randomizer192,
3689 sizeof(cp.randomizer));
3691 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3695 struct hci_cp_remote_oob_data_neg_reply cp;
3697 bacpy(&cp.bdaddr, &ev->bdaddr);
3698 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3703 hci_dev_unlock(hdev);
3706 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3707 struct sk_buff *skb)
3709 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3710 struct hci_conn *hcon, *bredr_hcon;
3712 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3717 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3719 hci_dev_unlock(hdev);
3725 hci_dev_unlock(hdev);
3729 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3731 hcon->state = BT_CONNECTED;
3732 bacpy(&hcon->dst, &bredr_hcon->dst);
3734 hci_conn_hold(hcon);
3735 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3736 hci_conn_drop(hcon);
3738 hci_conn_add_sysfs(hcon);
3740 amp_physical_cfm(bredr_hcon, hcon);
3742 hci_dev_unlock(hdev);
3745 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3747 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3748 struct hci_conn *hcon;
3749 struct hci_chan *hchan;
3750 struct amp_mgr *mgr;
3752 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3753 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3756 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3760 /* Create AMP hchan */
3761 hchan = hci_chan_create(hcon);
3765 hchan->handle = le16_to_cpu(ev->handle);
3767 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3769 mgr = hcon->amp_mgr;
3770 if (mgr && mgr->bredr_chan) {
3771 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3773 l2cap_chan_lock(bredr_chan);
3775 bredr_chan->conn->mtu = hdev->block_mtu;
3776 l2cap_logical_cfm(bredr_chan, hchan, 0);
3777 hci_conn_hold(hcon);
3779 l2cap_chan_unlock(bredr_chan);
3783 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3784 struct sk_buff *skb)
3786 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3787 struct hci_chan *hchan;
3789 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3790 le16_to_cpu(ev->handle), ev->status);
3797 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3801 amp_destroy_logical_link(hchan, ev->reason);
3804 hci_dev_unlock(hdev);
3807 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3808 struct sk_buff *skb)
3810 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3811 struct hci_conn *hcon;
3813 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3820 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3822 hcon->state = BT_CLOSED;
3826 hci_dev_unlock(hdev);
3829 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3831 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3832 struct hci_conn *conn;
3833 struct smp_irk *irk;
3835 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3839 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3841 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3843 BT_ERR("No memory for new connection");
3847 conn->dst_type = ev->bdaddr_type;
3849 /* The advertising parameters for own address type
3850 * define which source address and source address
3851 * type this connections has.
3853 if (bacmp(&conn->src, BDADDR_ANY)) {
3854 conn->src_type = ADDR_LE_DEV_PUBLIC;
3856 bacpy(&conn->src, &hdev->static_addr);
3857 conn->src_type = ADDR_LE_DEV_RANDOM;
3860 if (ev->role == LE_CONN_ROLE_MASTER) {
3862 conn->link_mode |= HCI_LM_MASTER;
3865 /* If we didn't have a hci_conn object previously
3866 * but we're in master role this must be something
3867 * initiated using a white list. Since white list based
3868 * connections are not "first class citizens" we don't
3869 * have full tracking of them. Therefore, we go ahead
3870 * with a "best effort" approach of determining the
3871 * initiator address based on the HCI_PRIVACY flag.
3874 conn->resp_addr_type = ev->bdaddr_type;
3875 bacpy(&conn->resp_addr, &ev->bdaddr);
3876 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3877 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3878 bacpy(&conn->init_addr, &hdev->rpa);
3880 hci_copy_identity_address(hdev,
3882 &conn->init_addr_type);
3885 /* Set the responder (our side) address type based on
3886 * the advertising address type.
3888 conn->resp_addr_type = hdev->adv_addr_type;
3889 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3890 bacpy(&conn->resp_addr, &hdev->random_addr);
3892 bacpy(&conn->resp_addr, &hdev->bdaddr);
3894 conn->init_addr_type = ev->bdaddr_type;
3895 bacpy(&conn->init_addr, &ev->bdaddr);
3898 cancel_delayed_work(&conn->le_conn_timeout);
3901 /* Ensure that the hci_conn contains the identity address type
3902 * regardless of which address the connection was made with.
3904 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
3906 /* Lookup the identity address from the stored connection
3907 * address and address type.
3909 * When establishing connections to an identity address, the
3910 * connection procedure will store the resolvable random
3911 * address first. Now if it can be converted back into the
3912 * identity address, start using the identity address from
3915 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3917 bacpy(&conn->dst, &irk->bdaddr);
3918 conn->dst_type = irk->addr_type;
3922 hci_le_conn_failed(conn, ev->status);
3926 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3927 mgmt_device_connected(hdev, &conn->dst, conn->type,
3928 conn->dst_type, 0, NULL, 0, NULL);
3930 conn->sec_level = BT_SECURITY_LOW;
3931 conn->handle = __le16_to_cpu(ev->handle);
3932 conn->state = BT_CONNECTED;
3934 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3935 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3937 hci_conn_add_sysfs(conn);
3939 hci_proto_connect_cfm(conn, ev->status);
3941 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3944 hci_dev_unlock(hdev);
3947 /* This function requires the caller holds hdev->lock */
3948 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3951 struct hci_conn *conn;
3952 struct smp_irk *irk;
3954 /* If this is a resolvable address, we should resolve it and then
3955 * update address and address type variables.
3957 irk = hci_get_irk(hdev, addr, addr_type);
3959 addr = &irk->bdaddr;
3960 addr_type = irk->addr_type;
3963 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3966 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3971 switch (PTR_ERR(conn)) {
3973 /* If hci_connect() returns -EBUSY it means there is already
3974 * an LE connection attempt going on. Since controllers don't
3975 * support more than one connection attempt at the time, we
3976 * don't consider this an error case.
3980 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3984 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3986 u8 num_reports = skb->data[0];
3987 void *ptr = &skb->data[1];
3992 while (num_reports--) {
3993 struct hci_ev_le_advertising_info *ev = ptr;
3995 if (ev->evt_type == LE_ADV_IND ||
3996 ev->evt_type == LE_ADV_DIRECT_IND)
3997 check_pending_le_conn(hdev, &ev->bdaddr,
4000 rssi = ev->data[ev->length];
4001 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
4002 NULL, rssi, 0, 1, ev->data, ev->length);
4004 ptr += sizeof(*ev) + ev->length + 1;
4007 hci_dev_unlock(hdev);
4010 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4012 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4013 struct hci_cp_le_ltk_reply cp;
4014 struct hci_cp_le_ltk_neg_reply neg;
4015 struct hci_conn *conn;
4016 struct smp_ltk *ltk;
4018 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4026 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4030 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4031 cp.handle = cpu_to_le16(conn->handle);
4033 if (ltk->authenticated)
4034 conn->pending_sec_level = BT_SECURITY_HIGH;
4036 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4038 conn->enc_key_size = ltk->enc_size;
4040 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4042 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4043 * temporary key used to encrypt a connection following
4044 * pairing. It is used during the Encrypted Session Setup to
4045 * distribute the keys. Later, security can be re-established
4046 * using a distributed LTK.
4048 if (ltk->type == HCI_SMP_STK_SLAVE) {
4049 list_del(<k->list);
4053 hci_dev_unlock(hdev);
4058 neg.handle = ev->handle;
4059 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4060 hci_dev_unlock(hdev);
4063 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4065 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4067 skb_pull(skb, sizeof(*le_ev));
4069 switch (le_ev->subevent) {
4070 case HCI_EV_LE_CONN_COMPLETE:
4071 hci_le_conn_complete_evt(hdev, skb);
4074 case HCI_EV_LE_ADVERTISING_REPORT:
4075 hci_le_adv_report_evt(hdev, skb);
4078 case HCI_EV_LE_LTK_REQ:
4079 hci_le_ltk_request_evt(hdev, skb);
4087 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4089 struct hci_ev_channel_selected *ev = (void *) skb->data;
4090 struct hci_conn *hcon;
4092 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4094 skb_pull(skb, sizeof(*ev));
4096 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4100 amp_read_loc_assoc_final_data(hdev, hcon);
4103 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4105 struct hci_event_hdr *hdr = (void *) skb->data;
4106 __u8 event = hdr->evt;
4110 /* Received events are (currently) only needed when a request is
4111 * ongoing so avoid unnecessary memory allocation.
4113 if (hdev->req_status == HCI_REQ_PEND) {
4114 kfree_skb(hdev->recv_evt);
4115 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4118 hci_dev_unlock(hdev);
4120 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4122 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4123 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4124 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4126 hci_req_cmd_complete(hdev, opcode, 0);
4130 case HCI_EV_INQUIRY_COMPLETE:
4131 hci_inquiry_complete_evt(hdev, skb);
4134 case HCI_EV_INQUIRY_RESULT:
4135 hci_inquiry_result_evt(hdev, skb);
4138 case HCI_EV_CONN_COMPLETE:
4139 hci_conn_complete_evt(hdev, skb);
4142 case HCI_EV_CONN_REQUEST:
4143 hci_conn_request_evt(hdev, skb);
4146 case HCI_EV_DISCONN_COMPLETE:
4147 hci_disconn_complete_evt(hdev, skb);
4150 case HCI_EV_AUTH_COMPLETE:
4151 hci_auth_complete_evt(hdev, skb);
4154 case HCI_EV_REMOTE_NAME:
4155 hci_remote_name_evt(hdev, skb);
4158 case HCI_EV_ENCRYPT_CHANGE:
4159 hci_encrypt_change_evt(hdev, skb);
4162 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4163 hci_change_link_key_complete_evt(hdev, skb);
4166 case HCI_EV_REMOTE_FEATURES:
4167 hci_remote_features_evt(hdev, skb);
4170 case HCI_EV_CMD_COMPLETE:
4171 hci_cmd_complete_evt(hdev, skb);
4174 case HCI_EV_CMD_STATUS:
4175 hci_cmd_status_evt(hdev, skb);
4178 case HCI_EV_ROLE_CHANGE:
4179 hci_role_change_evt(hdev, skb);
4182 case HCI_EV_NUM_COMP_PKTS:
4183 hci_num_comp_pkts_evt(hdev, skb);
4186 case HCI_EV_MODE_CHANGE:
4187 hci_mode_change_evt(hdev, skb);
4190 case HCI_EV_PIN_CODE_REQ:
4191 hci_pin_code_request_evt(hdev, skb);
4194 case HCI_EV_LINK_KEY_REQ:
4195 hci_link_key_request_evt(hdev, skb);
4198 case HCI_EV_LINK_KEY_NOTIFY:
4199 hci_link_key_notify_evt(hdev, skb);
4202 case HCI_EV_CLOCK_OFFSET:
4203 hci_clock_offset_evt(hdev, skb);
4206 case HCI_EV_PKT_TYPE_CHANGE:
4207 hci_pkt_type_change_evt(hdev, skb);
4210 case HCI_EV_PSCAN_REP_MODE:
4211 hci_pscan_rep_mode_evt(hdev, skb);
4214 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4215 hci_inquiry_result_with_rssi_evt(hdev, skb);
4218 case HCI_EV_REMOTE_EXT_FEATURES:
4219 hci_remote_ext_features_evt(hdev, skb);
4222 case HCI_EV_SYNC_CONN_COMPLETE:
4223 hci_sync_conn_complete_evt(hdev, skb);
4226 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4227 hci_extended_inquiry_result_evt(hdev, skb);
4230 case HCI_EV_KEY_REFRESH_COMPLETE:
4231 hci_key_refresh_complete_evt(hdev, skb);
4234 case HCI_EV_IO_CAPA_REQUEST:
4235 hci_io_capa_request_evt(hdev, skb);
4238 case HCI_EV_IO_CAPA_REPLY:
4239 hci_io_capa_reply_evt(hdev, skb);
4242 case HCI_EV_USER_CONFIRM_REQUEST:
4243 hci_user_confirm_request_evt(hdev, skb);
4246 case HCI_EV_USER_PASSKEY_REQUEST:
4247 hci_user_passkey_request_evt(hdev, skb);
4250 case HCI_EV_USER_PASSKEY_NOTIFY:
4251 hci_user_passkey_notify_evt(hdev, skb);
4254 case HCI_EV_KEYPRESS_NOTIFY:
4255 hci_keypress_notify_evt(hdev, skb);
4258 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4259 hci_simple_pair_complete_evt(hdev, skb);
4262 case HCI_EV_REMOTE_HOST_FEATURES:
4263 hci_remote_host_features_evt(hdev, skb);
4266 case HCI_EV_LE_META:
4267 hci_le_meta_evt(hdev, skb);
4270 case HCI_EV_CHANNEL_SELECTED:
4271 hci_chan_selected_evt(hdev, skb);
4274 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4275 hci_remote_oob_data_request_evt(hdev, skb);
4278 case HCI_EV_PHY_LINK_COMPLETE:
4279 hci_phy_link_complete_evt(hdev, skb);
4282 case HCI_EV_LOGICAL_LINK_COMPLETE:
4283 hci_loglink_complete_evt(hdev, skb);
4286 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4287 hci_disconn_loglink_complete_evt(hdev, skb);
4290 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4291 hci_disconn_phylink_complete_evt(hdev, skb);
4294 case HCI_EV_NUM_COMP_BLOCKS:
4295 hci_num_comp_blocks_evt(hdev, skb);
4299 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4304 hdev->stat.evt_rx++;