2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
52 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
55 hci_conn_check_pending(hdev);
58 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60 __u8 status = *((__u8 *) skb->data);
62 BT_DBG("%s status 0x%2.2x", hdev->name, status);
67 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%2.2x", hdev->name, status);
79 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
87 BT_DBG("%s", hdev->name);
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
95 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->link_mode &= ~HCI_LM_MASTER;
107 conn->link_mode |= HCI_LM_MASTER;
110 hci_dev_unlock(hdev);
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
118 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 conn->link_policy = __le16_to_cpu(rp->policy);
129 hci_dev_unlock(hdev);
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
135 struct hci_conn *conn;
138 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 conn->link_policy = get_unaligned_le16(sent + 2);
153 hci_dev_unlock(hdev);
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
166 hdev->link_policy = __le16_to_cpu(rp->policy);
169 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
172 __u8 status = *((__u8 *) skb->data);
175 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 hdev->link_policy = get_unaligned_le16(sent);
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%2.2x", hdev->name, status);
191 clear_bit(HCI_RESET, &hdev->flags);
193 /* Reset all non-persistent flags */
194 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
196 hdev->discovery.state = DISCOVERY_STOPPED;
197 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
198 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
200 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
201 hdev->adv_data_len = 0;
203 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
204 hdev->scan_rsp_data_len = 0;
206 hdev->le_scan_type = LE_SCAN_PASSIVE;
208 hdev->ssp_debug_mode = 0;
211 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213 __u8 status = *((__u8 *) skb->data);
216 BT_DBG("%s status 0x%2.2x", hdev->name, status);
218 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
224 if (test_bit(HCI_MGMT, &hdev->dev_flags))
225 mgmt_set_local_name_complete(hdev, sent, status);
227 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
229 hci_dev_unlock(hdev);
232 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234 struct hci_rp_read_local_name *rp = (void *) skb->data;
236 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
241 if (test_bit(HCI_SETUP, &hdev->dev_flags))
242 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
245 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247 __u8 status = *((__u8 *) skb->data);
250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
252 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
257 __u8 param = *((__u8 *) sent);
259 if (param == AUTH_ENABLED)
260 set_bit(HCI_AUTH, &hdev->flags);
262 clear_bit(HCI_AUTH, &hdev->flags);
265 if (test_bit(HCI_MGMT, &hdev->dev_flags))
266 mgmt_auth_enable_complete(hdev, status);
269 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
271 __u8 status = *((__u8 *) skb->data);
274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
281 __u8 param = *((__u8 *) sent);
284 set_bit(HCI_ENCRYPT, &hdev->flags);
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 param = *((__u8 *) sent);
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
312 /* We need to ensure that we set this back on if someone changed
313 * the scan mode through a raw HCI socket.
315 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
317 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
318 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
320 if (param & SCAN_INQUIRY) {
321 set_bit(HCI_ISCAN, &hdev->flags);
323 mgmt_discoverable(hdev, 1);
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
335 hci_dev_unlock(hdev);
338 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
347 memcpy(hdev->dev_class, rp->dev_class, 3);
349 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
350 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
353 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355 __u8 status = *((__u8 *) skb->data);
358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 memcpy(hdev->dev_class, sent, 3);
369 if (test_bit(HCI_MGMT, &hdev->dev_flags))
370 mgmt_set_class_of_dev_complete(hdev, sent, status);
372 hci_dev_unlock(hdev);
375 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
380 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
385 setting = __le16_to_cpu(rp->voice_setting);
387 if (hdev->voice_setting == setting)
390 hdev->voice_setting = setting;
392 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
398 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
401 __u8 status = *((__u8 *) skb->data);
405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
410 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 setting = get_unaligned_le16(sent);
416 if (hdev->voice_setting == setting)
419 hdev->voice_setting = setting;
421 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
424 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
427 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
430 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
432 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
437 hdev->num_iac = rp->num_iac;
439 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
442 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
444 __u8 status = *((__u8 *) skb->data);
445 struct hci_cp_write_ssp_mode *sent;
447 BT_DBG("%s status 0x%2.2x", hdev->name, status);
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 hdev->features[1][0] |= LMP_HOST_SSP;
457 hdev->features[1][0] &= ~LMP_HOST_SSP;
460 if (test_bit(HCI_MGMT, &hdev->dev_flags))
461 mgmt_ssp_enable_complete(hdev, sent->mode, status);
464 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
472 u8 status = *((u8 *) skb->data);
473 struct hci_cp_write_sc_support *sent;
475 BT_DBG("%s status 0x%2.2x", hdev->name, status);
477 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
483 hdev->features[1][0] |= LMP_HOST_SC;
485 hdev->features[1][0] &= ~LMP_HOST_SC;
488 if (test_bit(HCI_MGMT, &hdev->dev_flags))
489 mgmt_sc_enable_complete(hdev, sent->support, status);
492 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
498 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
500 struct hci_rp_read_local_version *rp = (void *) skb->data;
502 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
507 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
508 hdev->hci_ver = rp->hci_ver;
509 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
510 hdev->lmp_ver = rp->lmp_ver;
511 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
512 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
516 static void hci_cc_read_local_commands(struct hci_dev *hdev,
519 struct hci_rp_read_local_commands *rp = (void *) skb->data;
521 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
526 if (test_bit(HCI_SETUP, &hdev->dev_flags))
527 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
530 static void hci_cc_read_local_features(struct hci_dev *hdev,
533 struct hci_rp_read_local_features *rp = (void *) skb->data;
535 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
540 memcpy(hdev->features, rp->features, 8);
542 /* Adjust default settings according to features
543 * supported by device. */
545 if (hdev->features[0][0] & LMP_3SLOT)
546 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
548 if (hdev->features[0][0] & LMP_5SLOT)
549 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
551 if (hdev->features[0][1] & LMP_HV2) {
552 hdev->pkt_type |= (HCI_HV2);
553 hdev->esco_type |= (ESCO_HV2);
556 if (hdev->features[0][1] & LMP_HV3) {
557 hdev->pkt_type |= (HCI_HV3);
558 hdev->esco_type |= (ESCO_HV3);
561 if (lmp_esco_capable(hdev))
562 hdev->esco_type |= (ESCO_EV3);
564 if (hdev->features[0][4] & LMP_EV4)
565 hdev->esco_type |= (ESCO_EV4);
567 if (hdev->features[0][4] & LMP_EV5)
568 hdev->esco_type |= (ESCO_EV5);
570 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
571 hdev->esco_type |= (ESCO_2EV3);
573 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
574 hdev->esco_type |= (ESCO_3EV3);
576 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
577 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
580 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
583 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
585 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
590 if (hdev->max_page < rp->max_page)
591 hdev->max_page = rp->max_page;
593 if (rp->page < HCI_MAX_PAGES)
594 memcpy(hdev->features[rp->page], rp->features, 8);
597 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
600 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605 hdev->flow_ctl_mode = rp->mode;
608 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
610 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
612 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
617 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
618 hdev->sco_mtu = rp->sco_mtu;
619 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
620 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
622 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
627 hdev->acl_cnt = hdev->acl_pkts;
628 hdev->sco_cnt = hdev->sco_pkts;
630 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
631 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
634 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
636 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
638 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
641 bacpy(&hdev->bdaddr, &rp->bdaddr);
644 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
647 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
649 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
652 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
653 hdev->page_scan_window = __le16_to_cpu(rp->window);
657 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
660 u8 status = *((u8 *) skb->data);
661 struct hci_cp_write_page_scan_activity *sent;
663 BT_DBG("%s status 0x%2.2x", hdev->name, status);
668 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
672 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
673 hdev->page_scan_window = __le16_to_cpu(sent->window);
676 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
679 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
683 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
684 hdev->page_scan_type = rp->type;
687 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
690 u8 status = *((u8 *) skb->data);
693 BT_DBG("%s status 0x%2.2x", hdev->name, status);
698 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
700 hdev->page_scan_type = *type;
703 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
706 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
708 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
713 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
714 hdev->block_len = __le16_to_cpu(rp->block_len);
715 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
717 hdev->block_cnt = hdev->num_blocks;
719 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
720 hdev->block_cnt, hdev->block_len);
723 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
726 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
733 hdev->amp_status = rp->amp_status;
734 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
735 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
736 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
737 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
738 hdev->amp_type = rp->amp_type;
739 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
740 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
741 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
742 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
745 a2mp_send_getinfo_rsp(hdev);
748 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
751 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
752 struct amp_assoc *assoc = &hdev->loc_assoc;
753 size_t rem_len, frag_len;
755 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
760 frag_len = skb->len - sizeof(*rp);
761 rem_len = __le16_to_cpu(rp->rem_len);
763 if (rem_len > frag_len) {
764 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
766 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
767 assoc->offset += frag_len;
769 /* Read other fragments */
770 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
775 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
776 assoc->len = assoc->offset + rem_len;
780 /* Send A2MP Rsp when all fragments are received */
781 a2mp_send_getampassoc_rsp(hdev, rp->status);
782 a2mp_send_create_phy_link_req(hdev, rp->status);
785 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
788 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
790 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
793 hdev->inq_tx_power = rp->tx_power;
796 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
798 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
799 struct hci_cp_pin_code_reply *cp;
800 struct hci_conn *conn;
802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
806 if (test_bit(HCI_MGMT, &hdev->dev_flags))
807 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
812 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
816 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
818 conn->pin_length = cp->pin_len;
821 hci_dev_unlock(hdev);
824 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
826 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
832 if (test_bit(HCI_MGMT, &hdev->dev_flags))
833 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
836 hci_dev_unlock(hdev);
839 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
842 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
844 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
849 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
850 hdev->le_pkts = rp->le_max_pkt;
852 hdev->le_cnt = hdev->le_pkts;
854 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
857 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
860 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
865 memcpy(hdev->le_features, rp->features, 8);
868 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
871 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
873 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
876 hdev->adv_tx_power = rp->tx_power;
879 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887 if (test_bit(HCI_MGMT, &hdev->dev_flags))
888 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
891 hci_dev_unlock(hdev);
894 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
897 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903 if (test_bit(HCI_MGMT, &hdev->dev_flags))
904 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
905 ACL_LINK, 0, rp->status);
907 hci_dev_unlock(hdev);
910 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
912 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
914 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
918 if (test_bit(HCI_MGMT, &hdev->dev_flags))
919 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
922 hci_dev_unlock(hdev);
925 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
928 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
930 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
935 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
936 ACL_LINK, 0, rp->status);
938 hci_dev_unlock(hdev);
941 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
944 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
949 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
950 NULL, NULL, rp->status);
951 hci_dev_unlock(hdev);
954 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
957 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
959 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
962 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
963 rp->hash256, rp->randomizer256,
965 hci_dev_unlock(hdev);
969 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
971 __u8 status = *((__u8 *) skb->data);
974 BT_DBG("%s status 0x%2.2x", hdev->name, status);
976 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
983 bacpy(&hdev->random_addr, sent);
985 hci_dev_unlock(hdev);
988 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
990 __u8 *sent, status = *((__u8 *) skb->data);
992 BT_DBG("%s status 0x%2.2x", hdev->name, status);
994 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1003 /* If we're doing connection initation as peripheral. Set a
1004 * timeout in case something goes wrong.
1007 struct hci_conn *conn;
1009 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1011 queue_delayed_work(hdev->workqueue,
1012 &conn->le_conn_timeout,
1013 HCI_LE_CONN_TIMEOUT);
1016 mgmt_advertising(hdev, *sent);
1018 hci_dev_unlock(hdev);
1021 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1023 struct hci_cp_le_set_scan_param *cp;
1024 __u8 status = *((__u8 *) skb->data);
1026 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1028 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1035 hdev->le_scan_type = cp->type;
1037 hci_dev_unlock(hdev);
1040 static bool has_pending_adv_report(struct hci_dev *hdev)
1042 struct discovery_state *d = &hdev->discovery;
1044 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1047 static void clear_pending_adv_report(struct hci_dev *hdev)
1049 struct discovery_state *d = &hdev->discovery;
1051 bacpy(&d->last_adv_addr, BDADDR_ANY);
1052 d->last_adv_data_len = 0;
1055 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1056 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
1058 struct discovery_state *d = &hdev->discovery;
1060 bacpy(&d->last_adv_addr, bdaddr);
1061 d->last_adv_addr_type = bdaddr_type;
1062 d->last_adv_rssi = rssi;
1063 memcpy(d->last_adv_data, data, len);
1064 d->last_adv_data_len = len;
1067 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1070 struct hci_cp_le_set_scan_enable *cp;
1071 __u8 status = *((__u8 *) skb->data);
1073 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1075 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1082 switch (cp->enable) {
1083 case LE_SCAN_ENABLE:
1084 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1085 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1086 clear_pending_adv_report(hdev);
1089 case LE_SCAN_DISABLE:
1090 /* We do this here instead of when setting DISCOVERY_STOPPED
1091 * since the latter would potentially require waiting for
1092 * inquiry to stop too.
1094 if (has_pending_adv_report(hdev)) {
1095 struct discovery_state *d = &hdev->discovery;
1097 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1098 d->last_adv_addr_type, NULL,
1099 d->last_adv_rssi, 0, 1,
1101 d->last_adv_data_len, NULL, 0);
1104 /* Cancel this timer so that we don't try to disable scanning
1105 * when it's already disabled.
1107 cancel_delayed_work(&hdev->le_scan_disable);
1109 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1110 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1111 * interrupted scanning due to a connect request. Mark
1112 * therefore discovery as stopped.
1114 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1116 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1120 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1125 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1126 struct sk_buff *skb)
1128 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1130 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1133 hdev->le_white_list_size = rp->size;
1136 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1137 struct sk_buff *skb)
1139 __u8 status = *((__u8 *) skb->data);
1141 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1144 hci_white_list_clear(hdev);
1147 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1148 struct sk_buff *skb)
1150 struct hci_cp_le_add_to_white_list *sent;
1151 __u8 status = *((__u8 *) skb->data);
1153 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1155 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1160 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1163 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1164 struct sk_buff *skb)
1166 struct hci_cp_le_del_from_white_list *sent;
1167 __u8 status = *((__u8 *) skb->data);
1169 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1171 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1176 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1179 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1180 struct sk_buff *skb)
1182 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1187 memcpy(hdev->le_states, rp->le_states, 8);
1190 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1191 struct sk_buff *skb)
1193 struct hci_cp_write_le_host_supported *sent;
1194 __u8 status = *((__u8 *) skb->data);
1196 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1198 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1204 hdev->features[1][0] |= LMP_HOST_LE;
1205 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1207 hdev->features[1][0] &= ~LMP_HOST_LE;
1208 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1209 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1213 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1215 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1219 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1221 struct hci_cp_le_set_adv_param *cp;
1222 u8 status = *((u8 *) skb->data);
1224 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1229 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1234 hdev->adv_addr_type = cp->own_address_type;
1235 hci_dev_unlock(hdev);
1238 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1239 struct sk_buff *skb)
1241 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1243 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1244 hdev->name, rp->status, rp->phy_handle);
1249 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1252 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1254 struct hci_rp_read_rssi *rp = (void *) skb->data;
1255 struct hci_conn *conn;
1257 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1264 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1266 conn->rssi = rp->rssi;
1268 hci_dev_unlock(hdev);
1271 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1273 struct hci_cp_read_tx_power *sent;
1274 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1275 struct hci_conn *conn;
1277 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1282 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1292 switch (sent->type) {
1294 conn->tx_power = rp->tx_power;
1297 conn->max_tx_power = rp->tx_power;
1302 hci_dev_unlock(hdev);
1305 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1307 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1310 hci_conn_check_pending(hdev);
1314 set_bit(HCI_INQUIRY, &hdev->flags);
1317 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1319 struct hci_cp_create_conn *cp;
1320 struct hci_conn *conn;
1322 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1324 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1330 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1332 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1335 if (conn && conn->state == BT_CONNECT) {
1336 if (status != 0x0c || conn->attempt > 2) {
1337 conn->state = BT_CLOSED;
1338 hci_proto_connect_cfm(conn, status);
1341 conn->state = BT_CONNECT2;
1345 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1348 conn->link_mode |= HCI_LM_MASTER;
1350 BT_ERR("No memory for new connection");
1354 hci_dev_unlock(hdev);
1357 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1359 struct hci_cp_add_sco *cp;
1360 struct hci_conn *acl, *sco;
1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1372 handle = __le16_to_cpu(cp->handle);
1374 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1378 acl = hci_conn_hash_lookup_handle(hdev, handle);
1382 sco->state = BT_CLOSED;
1384 hci_proto_connect_cfm(sco, status);
1389 hci_dev_unlock(hdev);
1392 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1394 struct hci_cp_auth_requested *cp;
1395 struct hci_conn *conn;
1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1402 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1410 if (conn->state == BT_CONFIG) {
1411 hci_proto_connect_cfm(conn, status);
1412 hci_conn_drop(conn);
1416 hci_dev_unlock(hdev);
1419 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1421 struct hci_cp_set_conn_encrypt *cp;
1422 struct hci_conn *conn;
1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1429 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn->state == BT_CONFIG) {
1438 hci_proto_connect_cfm(conn, status);
1439 hci_conn_drop(conn);
1443 hci_dev_unlock(hdev);
1446 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1447 struct hci_conn *conn)
1449 if (conn->state != BT_CONFIG || !conn->out)
1452 if (conn->pending_sec_level == BT_SECURITY_SDP)
1455 /* Only request authentication for SSP connections or non-SSP
1456 * devices with sec_level MEDIUM or HIGH or if MITM protection
1459 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1460 conn->pending_sec_level != BT_SECURITY_FIPS &&
1461 conn->pending_sec_level != BT_SECURITY_HIGH &&
1462 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1468 static int hci_resolve_name(struct hci_dev *hdev,
1469 struct inquiry_entry *e)
1471 struct hci_cp_remote_name_req cp;
1473 memset(&cp, 0, sizeof(cp));
1475 bacpy(&cp.bdaddr, &e->data.bdaddr);
1476 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1477 cp.pscan_mode = e->data.pscan_mode;
1478 cp.clock_offset = e->data.clock_offset;
1480 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1483 static bool hci_resolve_next_name(struct hci_dev *hdev)
1485 struct discovery_state *discov = &hdev->discovery;
1486 struct inquiry_entry *e;
1488 if (list_empty(&discov->resolve))
1491 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1495 if (hci_resolve_name(hdev, e) == 0) {
1496 e->name_state = NAME_PENDING;
1503 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1504 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1506 struct discovery_state *discov = &hdev->discovery;
1507 struct inquiry_entry *e;
1509 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1510 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1511 name_len, conn->dev_class);
1513 if (discov->state == DISCOVERY_STOPPED)
1516 if (discov->state == DISCOVERY_STOPPING)
1517 goto discov_complete;
1519 if (discov->state != DISCOVERY_RESOLVING)
1522 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1523 /* If the device was not found in a list of found devices names of which
1524 * are pending. there is no need to continue resolving a next name as it
1525 * will be done upon receiving another Remote Name Request Complete
1532 e->name_state = NAME_KNOWN;
1533 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1534 e->data.rssi, name, name_len);
1536 e->name_state = NAME_NOT_KNOWN;
1539 if (hci_resolve_next_name(hdev))
1543 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1546 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1548 struct hci_cp_remote_name_req *cp;
1549 struct hci_conn *conn;
1551 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1553 /* If successful wait for the name req complete event before
1554 * checking for the need to do authentication */
1558 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1564 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1566 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1567 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1572 if (!hci_outgoing_auth_needed(hdev, conn))
1575 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1576 struct hci_cp_auth_requested auth_cp;
1578 auth_cp.handle = __cpu_to_le16(conn->handle);
1579 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1580 sizeof(auth_cp), &auth_cp);
1584 hci_dev_unlock(hdev);
1587 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1589 struct hci_cp_read_remote_features *cp;
1590 struct hci_conn *conn;
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1597 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1605 if (conn->state == BT_CONFIG) {
1606 hci_proto_connect_cfm(conn, status);
1607 hci_conn_drop(conn);
1611 hci_dev_unlock(hdev);
1614 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1616 struct hci_cp_read_remote_ext_features *cp;
1617 struct hci_conn *conn;
1619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1624 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1630 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1632 if (conn->state == BT_CONFIG) {
1633 hci_proto_connect_cfm(conn, status);
1634 hci_conn_drop(conn);
1638 hci_dev_unlock(hdev);
1641 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1643 struct hci_cp_setup_sync_conn *cp;
1644 struct hci_conn *acl, *sco;
1647 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1652 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1656 handle = __le16_to_cpu(cp->handle);
1658 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1662 acl = hci_conn_hash_lookup_handle(hdev, handle);
1666 sco->state = BT_CLOSED;
1668 hci_proto_connect_cfm(sco, status);
1673 hci_dev_unlock(hdev);
1676 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1678 struct hci_cp_sniff_mode *cp;
1679 struct hci_conn *conn;
1681 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1686 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1692 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1694 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1696 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1697 hci_sco_setup(conn, status);
1700 hci_dev_unlock(hdev);
1703 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1705 struct hci_cp_exit_sniff_mode *cp;
1706 struct hci_conn *conn;
1708 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1713 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1719 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1721 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1723 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1724 hci_sco_setup(conn, status);
1727 hci_dev_unlock(hdev);
1730 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1732 struct hci_cp_disconnect *cp;
1733 struct hci_conn *conn;
1738 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1746 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1747 conn->dst_type, status);
1749 hci_dev_unlock(hdev);
1752 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1754 struct hci_cp_create_phy_link *cp;
1756 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1758 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1765 struct hci_conn *hcon;
1767 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1771 amp_write_remote_assoc(hdev, cp->phy_handle);
1774 hci_dev_unlock(hdev);
1777 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1779 struct hci_cp_accept_phy_link *cp;
1781 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1786 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1790 amp_write_remote_assoc(hdev, cp->phy_handle);
1793 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1795 struct hci_cp_le_create_conn *cp;
1796 struct hci_conn *conn;
1798 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1800 /* All connection failure handling is taken care of by the
1801 * hci_le_conn_failed function which is triggered by the HCI
1802 * request completion callbacks used for connecting.
1807 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1813 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1817 /* Store the initiator and responder address information which
1818 * is needed for SMP. These values will not change during the
1819 * lifetime of the connection.
1821 conn->init_addr_type = cp->own_address_type;
1822 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1823 bacpy(&conn->init_addr, &hdev->random_addr);
1825 bacpy(&conn->init_addr, &hdev->bdaddr);
1827 conn->resp_addr_type = cp->peer_addr_type;
1828 bacpy(&conn->resp_addr, &cp->peer_addr);
1830 /* We don't want the connection attempt to stick around
1831 * indefinitely since LE doesn't have a page timeout concept
1832 * like BR/EDR. Set a timer for any connection that doesn't use
1833 * the white list for connecting.
1835 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1836 queue_delayed_work(conn->hdev->workqueue,
1837 &conn->le_conn_timeout,
1838 HCI_LE_CONN_TIMEOUT);
1841 hci_dev_unlock(hdev);
1844 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1846 struct hci_cp_le_start_enc *cp;
1847 struct hci_conn *conn;
1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1856 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1860 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1864 if (conn->state != BT_CONNECTED)
1867 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1868 hci_conn_drop(conn);
1871 hci_dev_unlock(hdev);
1874 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1876 __u8 status = *((__u8 *) skb->data);
1877 struct discovery_state *discov = &hdev->discovery;
1878 struct inquiry_entry *e;
1880 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1882 hci_conn_check_pending(hdev);
1884 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1887 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1888 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1890 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1895 if (discov->state != DISCOVERY_FINDING)
1898 if (list_empty(&discov->resolve)) {
1899 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1903 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1904 if (e && hci_resolve_name(hdev, e) == 0) {
1905 e->name_state = NAME_PENDING;
1906 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1908 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1912 hci_dev_unlock(hdev);
1915 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1917 struct inquiry_data data;
1918 struct inquiry_info *info = (void *) (skb->data + 1);
1919 int num_rsp = *((__u8 *) skb->data);
1921 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1926 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1931 for (; num_rsp; num_rsp--, info++) {
1932 bool name_known, ssp;
1934 bacpy(&data.bdaddr, &info->bdaddr);
1935 data.pscan_rep_mode = info->pscan_rep_mode;
1936 data.pscan_period_mode = info->pscan_period_mode;
1937 data.pscan_mode = info->pscan_mode;
1938 memcpy(data.dev_class, info->dev_class, 3);
1939 data.clock_offset = info->clock_offset;
1941 data.ssp_mode = 0x00;
1943 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1944 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1945 info->dev_class, 0, !name_known, ssp, NULL,
1949 hci_dev_unlock(hdev);
1952 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1954 struct hci_ev_conn_complete *ev = (void *) skb->data;
1955 struct hci_conn *conn;
1957 BT_DBG("%s", hdev->name);
1961 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1963 if (ev->link_type != SCO_LINK)
1966 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1970 conn->type = SCO_LINK;
1974 conn->handle = __le16_to_cpu(ev->handle);
1976 if (conn->type == ACL_LINK) {
1977 conn->state = BT_CONFIG;
1978 hci_conn_hold(conn);
1980 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1981 !hci_find_link_key(hdev, &ev->bdaddr))
1982 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1984 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1986 conn->state = BT_CONNECTED;
1988 hci_conn_add_sysfs(conn);
1990 if (test_bit(HCI_AUTH, &hdev->flags))
1991 conn->link_mode |= HCI_LM_AUTH;
1993 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1994 conn->link_mode |= HCI_LM_ENCRYPT;
1996 /* Get remote features */
1997 if (conn->type == ACL_LINK) {
1998 struct hci_cp_read_remote_features cp;
1999 cp.handle = ev->handle;
2000 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2004 /* Set packet type for incoming connection */
2005 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2006 struct hci_cp_change_conn_ptype cp;
2007 cp.handle = ev->handle;
2008 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2009 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2013 conn->state = BT_CLOSED;
2014 if (conn->type == ACL_LINK)
2015 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2016 conn->dst_type, ev->status);
2019 if (conn->type == ACL_LINK)
2020 hci_sco_setup(conn, ev->status);
2023 hci_proto_connect_cfm(conn, ev->status);
2025 } else if (ev->link_type != ACL_LINK)
2026 hci_proto_connect_cfm(conn, ev->status);
2029 hci_dev_unlock(hdev);
2031 hci_conn_check_pending(hdev);
2034 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2036 struct hci_ev_conn_request *ev = (void *) skb->data;
2037 int mask = hdev->link_mode;
2040 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2043 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2046 if ((mask & HCI_LM_ACCEPT) &&
2047 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2048 /* Connection accepted */
2049 struct inquiry_entry *ie;
2050 struct hci_conn *conn;
2054 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2056 memcpy(ie->data.dev_class, ev->dev_class, 3);
2058 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2061 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2063 BT_ERR("No memory for new connection");
2064 hci_dev_unlock(hdev);
2069 memcpy(conn->dev_class, ev->dev_class, 3);
2071 hci_dev_unlock(hdev);
2073 if (ev->link_type == ACL_LINK ||
2074 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2075 struct hci_cp_accept_conn_req cp;
2076 conn->state = BT_CONNECT;
2078 bacpy(&cp.bdaddr, &ev->bdaddr);
2080 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2081 cp.role = 0x00; /* Become master */
2083 cp.role = 0x01; /* Remain slave */
2085 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2087 } else if (!(flags & HCI_PROTO_DEFER)) {
2088 struct hci_cp_accept_sync_conn_req cp;
2089 conn->state = BT_CONNECT;
2091 bacpy(&cp.bdaddr, &ev->bdaddr);
2092 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2094 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2095 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2096 cp.max_latency = cpu_to_le16(0xffff);
2097 cp.content_format = cpu_to_le16(hdev->voice_setting);
2098 cp.retrans_effort = 0xff;
2100 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2103 conn->state = BT_CONNECT2;
2104 hci_proto_connect_cfm(conn, 0);
2107 /* Connection rejected */
2108 struct hci_cp_reject_conn_req cp;
2110 bacpy(&cp.bdaddr, &ev->bdaddr);
2111 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2112 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2116 static u8 hci_to_mgmt_reason(u8 err)
2119 case HCI_ERROR_CONNECTION_TIMEOUT:
2120 return MGMT_DEV_DISCONN_TIMEOUT;
2121 case HCI_ERROR_REMOTE_USER_TERM:
2122 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2123 case HCI_ERROR_REMOTE_POWER_OFF:
2124 return MGMT_DEV_DISCONN_REMOTE;
2125 case HCI_ERROR_LOCAL_HOST_TERM:
2126 return MGMT_DEV_DISCONN_LOCAL_HOST;
2128 return MGMT_DEV_DISCONN_UNKNOWN;
2132 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2134 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2135 u8 reason = hci_to_mgmt_reason(ev->reason);
2136 struct hci_conn_params *params;
2137 struct hci_conn *conn;
2138 bool mgmt_connected;
2141 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2150 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2151 conn->dst_type, ev->status);
2155 conn->state = BT_CLOSED;
2157 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2158 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2159 reason, mgmt_connected);
2161 if (conn->type == ACL_LINK && conn->flush_key)
2162 hci_remove_link_key(hdev, &conn->dst);
2164 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2166 switch (params->auto_connect) {
2167 case HCI_AUTO_CONN_LINK_LOSS:
2168 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2172 case HCI_AUTO_CONN_ALWAYS:
2173 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2183 hci_proto_disconn_cfm(conn, ev->reason);
2186 /* Re-enable advertising if necessary, since it might
2187 * have been disabled by the connection. From the
2188 * HCI_LE_Set_Advertise_Enable command description in
2189 * the core specification (v4.0):
2190 * "The Controller shall continue advertising until the Host
2191 * issues an LE_Set_Advertise_Enable command with
2192 * Advertising_Enable set to 0x00 (Advertising is disabled)
2193 * or until a connection is created or until the Advertising
2194 * is timed out due to Directed Advertising."
2196 if (type == LE_LINK)
2197 mgmt_reenable_advertising(hdev);
2200 hci_dev_unlock(hdev);
2203 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2205 struct hci_ev_auth_complete *ev = (void *) skb->data;
2206 struct hci_conn *conn;
2208 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2217 if (!hci_conn_ssp_enabled(conn) &&
2218 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2219 BT_INFO("re-auth of legacy device is not possible.");
2221 conn->link_mode |= HCI_LM_AUTH;
2222 conn->sec_level = conn->pending_sec_level;
2225 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2229 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2230 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2232 if (conn->state == BT_CONFIG) {
2233 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2234 struct hci_cp_set_conn_encrypt cp;
2235 cp.handle = ev->handle;
2237 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2240 conn->state = BT_CONNECTED;
2241 hci_proto_connect_cfm(conn, ev->status);
2242 hci_conn_drop(conn);
2245 hci_auth_cfm(conn, ev->status);
2247 hci_conn_hold(conn);
2248 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2249 hci_conn_drop(conn);
2252 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2254 struct hci_cp_set_conn_encrypt cp;
2255 cp.handle = ev->handle;
2257 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2260 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2261 hci_encrypt_cfm(conn, ev->status, 0x00);
2266 hci_dev_unlock(hdev);
2269 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2271 struct hci_ev_remote_name *ev = (void *) skb->data;
2272 struct hci_conn *conn;
2274 BT_DBG("%s", hdev->name);
2276 hci_conn_check_pending(hdev);
2280 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2282 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2285 if (ev->status == 0)
2286 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2287 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2289 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2295 if (!hci_outgoing_auth_needed(hdev, conn))
2298 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2299 struct hci_cp_auth_requested cp;
2300 cp.handle = __cpu_to_le16(conn->handle);
2301 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2305 hci_dev_unlock(hdev);
2308 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2310 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2311 struct hci_conn *conn;
2313 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2317 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2323 /* Encryption implies authentication */
2324 conn->link_mode |= HCI_LM_AUTH;
2325 conn->link_mode |= HCI_LM_ENCRYPT;
2326 conn->sec_level = conn->pending_sec_level;
2328 /* P-256 authentication key implies FIPS */
2329 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2330 conn->link_mode |= HCI_LM_FIPS;
2332 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2333 conn->type == LE_LINK)
2334 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2336 conn->link_mode &= ~HCI_LM_ENCRYPT;
2337 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2341 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2343 if (ev->status && conn->state == BT_CONNECTED) {
2344 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2345 hci_conn_drop(conn);
2349 if (conn->state == BT_CONFIG) {
2351 conn->state = BT_CONNECTED;
2353 /* In Secure Connections Only mode, do not allow any
2354 * connections that are not encrypted with AES-CCM
2355 * using a P-256 authenticated combination key.
2357 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2358 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2359 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2360 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2361 hci_conn_drop(conn);
2365 hci_proto_connect_cfm(conn, ev->status);
2366 hci_conn_drop(conn);
2368 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2371 hci_dev_unlock(hdev);
2374 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2375 struct sk_buff *skb)
2377 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2378 struct hci_conn *conn;
2380 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2384 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2387 conn->link_mode |= HCI_LM_SECURE;
2389 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2391 hci_key_change_cfm(conn, ev->status);
2394 hci_dev_unlock(hdev);
2397 static void hci_remote_features_evt(struct hci_dev *hdev,
2398 struct sk_buff *skb)
2400 struct hci_ev_remote_features *ev = (void *) skb->data;
2401 struct hci_conn *conn;
2403 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2407 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2412 memcpy(conn->features[0], ev->features, 8);
2414 if (conn->state != BT_CONFIG)
2417 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2418 struct hci_cp_read_remote_ext_features cp;
2419 cp.handle = ev->handle;
2421 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2426 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2427 struct hci_cp_remote_name_req cp;
2428 memset(&cp, 0, sizeof(cp));
2429 bacpy(&cp.bdaddr, &conn->dst);
2430 cp.pscan_rep_mode = 0x02;
2431 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2432 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2433 mgmt_device_connected(hdev, &conn->dst, conn->type,
2434 conn->dst_type, 0, NULL, 0,
2437 if (!hci_outgoing_auth_needed(hdev, conn)) {
2438 conn->state = BT_CONNECTED;
2439 hci_proto_connect_cfm(conn, ev->status);
2440 hci_conn_drop(conn);
2444 hci_dev_unlock(hdev);
2447 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2449 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2450 u8 status = skb->data[sizeof(*ev)];
2453 skb_pull(skb, sizeof(*ev));
2455 opcode = __le16_to_cpu(ev->opcode);
2458 case HCI_OP_INQUIRY_CANCEL:
2459 hci_cc_inquiry_cancel(hdev, skb);
2462 case HCI_OP_PERIODIC_INQ:
2463 hci_cc_periodic_inq(hdev, skb);
2466 case HCI_OP_EXIT_PERIODIC_INQ:
2467 hci_cc_exit_periodic_inq(hdev, skb);
2470 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2471 hci_cc_remote_name_req_cancel(hdev, skb);
2474 case HCI_OP_ROLE_DISCOVERY:
2475 hci_cc_role_discovery(hdev, skb);
2478 case HCI_OP_READ_LINK_POLICY:
2479 hci_cc_read_link_policy(hdev, skb);
2482 case HCI_OP_WRITE_LINK_POLICY:
2483 hci_cc_write_link_policy(hdev, skb);
2486 case HCI_OP_READ_DEF_LINK_POLICY:
2487 hci_cc_read_def_link_policy(hdev, skb);
2490 case HCI_OP_WRITE_DEF_LINK_POLICY:
2491 hci_cc_write_def_link_policy(hdev, skb);
2495 hci_cc_reset(hdev, skb);
2498 case HCI_OP_WRITE_LOCAL_NAME:
2499 hci_cc_write_local_name(hdev, skb);
2502 case HCI_OP_READ_LOCAL_NAME:
2503 hci_cc_read_local_name(hdev, skb);
2506 case HCI_OP_WRITE_AUTH_ENABLE:
2507 hci_cc_write_auth_enable(hdev, skb);
2510 case HCI_OP_WRITE_ENCRYPT_MODE:
2511 hci_cc_write_encrypt_mode(hdev, skb);
2514 case HCI_OP_WRITE_SCAN_ENABLE:
2515 hci_cc_write_scan_enable(hdev, skb);
2518 case HCI_OP_READ_CLASS_OF_DEV:
2519 hci_cc_read_class_of_dev(hdev, skb);
2522 case HCI_OP_WRITE_CLASS_OF_DEV:
2523 hci_cc_write_class_of_dev(hdev, skb);
2526 case HCI_OP_READ_VOICE_SETTING:
2527 hci_cc_read_voice_setting(hdev, skb);
2530 case HCI_OP_WRITE_VOICE_SETTING:
2531 hci_cc_write_voice_setting(hdev, skb);
2534 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2535 hci_cc_read_num_supported_iac(hdev, skb);
2538 case HCI_OP_WRITE_SSP_MODE:
2539 hci_cc_write_ssp_mode(hdev, skb);
2542 case HCI_OP_WRITE_SC_SUPPORT:
2543 hci_cc_write_sc_support(hdev, skb);
2546 case HCI_OP_READ_LOCAL_VERSION:
2547 hci_cc_read_local_version(hdev, skb);
2550 case HCI_OP_READ_LOCAL_COMMANDS:
2551 hci_cc_read_local_commands(hdev, skb);
2554 case HCI_OP_READ_LOCAL_FEATURES:
2555 hci_cc_read_local_features(hdev, skb);
2558 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2559 hci_cc_read_local_ext_features(hdev, skb);
2562 case HCI_OP_READ_BUFFER_SIZE:
2563 hci_cc_read_buffer_size(hdev, skb);
2566 case HCI_OP_READ_BD_ADDR:
2567 hci_cc_read_bd_addr(hdev, skb);
2570 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2571 hci_cc_read_page_scan_activity(hdev, skb);
2574 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2575 hci_cc_write_page_scan_activity(hdev, skb);
2578 case HCI_OP_READ_PAGE_SCAN_TYPE:
2579 hci_cc_read_page_scan_type(hdev, skb);
2582 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2583 hci_cc_write_page_scan_type(hdev, skb);
2586 case HCI_OP_READ_DATA_BLOCK_SIZE:
2587 hci_cc_read_data_block_size(hdev, skb);
2590 case HCI_OP_READ_FLOW_CONTROL_MODE:
2591 hci_cc_read_flow_control_mode(hdev, skb);
2594 case HCI_OP_READ_LOCAL_AMP_INFO:
2595 hci_cc_read_local_amp_info(hdev, skb);
2598 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2599 hci_cc_read_local_amp_assoc(hdev, skb);
2602 case HCI_OP_READ_INQ_RSP_TX_POWER:
2603 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2606 case HCI_OP_PIN_CODE_REPLY:
2607 hci_cc_pin_code_reply(hdev, skb);
2610 case HCI_OP_PIN_CODE_NEG_REPLY:
2611 hci_cc_pin_code_neg_reply(hdev, skb);
2614 case HCI_OP_READ_LOCAL_OOB_DATA:
2615 hci_cc_read_local_oob_data(hdev, skb);
2618 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2619 hci_cc_read_local_oob_ext_data(hdev, skb);
2622 case HCI_OP_LE_READ_BUFFER_SIZE:
2623 hci_cc_le_read_buffer_size(hdev, skb);
2626 case HCI_OP_LE_READ_LOCAL_FEATURES:
2627 hci_cc_le_read_local_features(hdev, skb);
2630 case HCI_OP_LE_READ_ADV_TX_POWER:
2631 hci_cc_le_read_adv_tx_power(hdev, skb);
2634 case HCI_OP_USER_CONFIRM_REPLY:
2635 hci_cc_user_confirm_reply(hdev, skb);
2638 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2639 hci_cc_user_confirm_neg_reply(hdev, skb);
2642 case HCI_OP_USER_PASSKEY_REPLY:
2643 hci_cc_user_passkey_reply(hdev, skb);
2646 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2647 hci_cc_user_passkey_neg_reply(hdev, skb);
2650 case HCI_OP_LE_SET_RANDOM_ADDR:
2651 hci_cc_le_set_random_addr(hdev, skb);
2654 case HCI_OP_LE_SET_ADV_ENABLE:
2655 hci_cc_le_set_adv_enable(hdev, skb);
2658 case HCI_OP_LE_SET_SCAN_PARAM:
2659 hci_cc_le_set_scan_param(hdev, skb);
2662 case HCI_OP_LE_SET_SCAN_ENABLE:
2663 hci_cc_le_set_scan_enable(hdev, skb);
2666 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2667 hci_cc_le_read_white_list_size(hdev, skb);
2670 case HCI_OP_LE_CLEAR_WHITE_LIST:
2671 hci_cc_le_clear_white_list(hdev, skb);
2674 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2675 hci_cc_le_add_to_white_list(hdev, skb);
2678 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2679 hci_cc_le_del_from_white_list(hdev, skb);
2682 case HCI_OP_LE_READ_SUPPORTED_STATES:
2683 hci_cc_le_read_supported_states(hdev, skb);
2686 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2687 hci_cc_write_le_host_supported(hdev, skb);
2690 case HCI_OP_LE_SET_ADV_PARAM:
2691 hci_cc_set_adv_param(hdev, skb);
2694 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2695 hci_cc_write_remote_amp_assoc(hdev, skb);
2698 case HCI_OP_READ_RSSI:
2699 hci_cc_read_rssi(hdev, skb);
2702 case HCI_OP_READ_TX_POWER:
2703 hci_cc_read_tx_power(hdev, skb);
2707 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2711 if (opcode != HCI_OP_NOP)
2712 del_timer(&hdev->cmd_timer);
2714 hci_req_cmd_complete(hdev, opcode, status);
2716 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2717 atomic_set(&hdev->cmd_cnt, 1);
2718 if (!skb_queue_empty(&hdev->cmd_q))
2719 queue_work(hdev->workqueue, &hdev->cmd_work);
2723 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2725 struct hci_ev_cmd_status *ev = (void *) skb->data;
2728 skb_pull(skb, sizeof(*ev));
2730 opcode = __le16_to_cpu(ev->opcode);
2733 case HCI_OP_INQUIRY:
2734 hci_cs_inquiry(hdev, ev->status);
2737 case HCI_OP_CREATE_CONN:
2738 hci_cs_create_conn(hdev, ev->status);
2741 case HCI_OP_ADD_SCO:
2742 hci_cs_add_sco(hdev, ev->status);
2745 case HCI_OP_AUTH_REQUESTED:
2746 hci_cs_auth_requested(hdev, ev->status);
2749 case HCI_OP_SET_CONN_ENCRYPT:
2750 hci_cs_set_conn_encrypt(hdev, ev->status);
2753 case HCI_OP_REMOTE_NAME_REQ:
2754 hci_cs_remote_name_req(hdev, ev->status);
2757 case HCI_OP_READ_REMOTE_FEATURES:
2758 hci_cs_read_remote_features(hdev, ev->status);
2761 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2762 hci_cs_read_remote_ext_features(hdev, ev->status);
2765 case HCI_OP_SETUP_SYNC_CONN:
2766 hci_cs_setup_sync_conn(hdev, ev->status);
2769 case HCI_OP_SNIFF_MODE:
2770 hci_cs_sniff_mode(hdev, ev->status);
2773 case HCI_OP_EXIT_SNIFF_MODE:
2774 hci_cs_exit_sniff_mode(hdev, ev->status);
2777 case HCI_OP_DISCONNECT:
2778 hci_cs_disconnect(hdev, ev->status);
2781 case HCI_OP_CREATE_PHY_LINK:
2782 hci_cs_create_phylink(hdev, ev->status);
2785 case HCI_OP_ACCEPT_PHY_LINK:
2786 hci_cs_accept_phylink(hdev, ev->status);
2789 case HCI_OP_LE_CREATE_CONN:
2790 hci_cs_le_create_conn(hdev, ev->status);
2793 case HCI_OP_LE_START_ENC:
2794 hci_cs_le_start_enc(hdev, ev->status);
2798 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2802 if (opcode != HCI_OP_NOP)
2803 del_timer(&hdev->cmd_timer);
2806 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2807 hci_req_cmd_complete(hdev, opcode, ev->status);
2809 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2810 atomic_set(&hdev->cmd_cnt, 1);
2811 if (!skb_queue_empty(&hdev->cmd_q))
2812 queue_work(hdev->workqueue, &hdev->cmd_work);
2816 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2818 struct hci_ev_role_change *ev = (void *) skb->data;
2819 struct hci_conn *conn;
2821 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2829 conn->link_mode &= ~HCI_LM_MASTER;
2831 conn->link_mode |= HCI_LM_MASTER;
2834 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2836 hci_role_switch_cfm(conn, ev->status, ev->role);
2839 hci_dev_unlock(hdev);
2842 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2844 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2847 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2848 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2852 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2853 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2854 BT_DBG("%s bad parameters", hdev->name);
2858 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2860 for (i = 0; i < ev->num_hndl; i++) {
2861 struct hci_comp_pkts_info *info = &ev->handles[i];
2862 struct hci_conn *conn;
2863 __u16 handle, count;
2865 handle = __le16_to_cpu(info->handle);
2866 count = __le16_to_cpu(info->count);
2868 conn = hci_conn_hash_lookup_handle(hdev, handle);
2872 conn->sent -= count;
2874 switch (conn->type) {
2876 hdev->acl_cnt += count;
2877 if (hdev->acl_cnt > hdev->acl_pkts)
2878 hdev->acl_cnt = hdev->acl_pkts;
2882 if (hdev->le_pkts) {
2883 hdev->le_cnt += count;
2884 if (hdev->le_cnt > hdev->le_pkts)
2885 hdev->le_cnt = hdev->le_pkts;
2887 hdev->acl_cnt += count;
2888 if (hdev->acl_cnt > hdev->acl_pkts)
2889 hdev->acl_cnt = hdev->acl_pkts;
2894 hdev->sco_cnt += count;
2895 if (hdev->sco_cnt > hdev->sco_pkts)
2896 hdev->sco_cnt = hdev->sco_pkts;
2900 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2905 queue_work(hdev->workqueue, &hdev->tx_work);
2908 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2911 struct hci_chan *chan;
2913 switch (hdev->dev_type) {
2915 return hci_conn_hash_lookup_handle(hdev, handle);
2917 chan = hci_chan_lookup_handle(hdev, handle);
2922 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2929 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2931 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2934 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2935 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2939 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2940 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2941 BT_DBG("%s bad parameters", hdev->name);
2945 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2948 for (i = 0; i < ev->num_hndl; i++) {
2949 struct hci_comp_blocks_info *info = &ev->handles[i];
2950 struct hci_conn *conn = NULL;
2951 __u16 handle, block_count;
2953 handle = __le16_to_cpu(info->handle);
2954 block_count = __le16_to_cpu(info->blocks);
2956 conn = __hci_conn_lookup_handle(hdev, handle);
2960 conn->sent -= block_count;
2962 switch (conn->type) {
2965 hdev->block_cnt += block_count;
2966 if (hdev->block_cnt > hdev->num_blocks)
2967 hdev->block_cnt = hdev->num_blocks;
2971 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2976 queue_work(hdev->workqueue, &hdev->tx_work);
2979 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2981 struct hci_ev_mode_change *ev = (void *) skb->data;
2982 struct hci_conn *conn;
2984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2988 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2990 conn->mode = ev->mode;
2992 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2994 if (conn->mode == HCI_CM_ACTIVE)
2995 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2997 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3000 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3001 hci_sco_setup(conn, ev->status);
3004 hci_dev_unlock(hdev);
3007 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3009 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3010 struct hci_conn *conn;
3012 BT_DBG("%s", hdev->name);
3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3020 if (conn->state == BT_CONNECTED) {
3021 hci_conn_hold(conn);
3022 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3023 hci_conn_drop(conn);
3026 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3027 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3028 sizeof(ev->bdaddr), &ev->bdaddr);
3029 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3032 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3037 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3041 hci_dev_unlock(hdev);
3044 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3046 struct hci_ev_link_key_req *ev = (void *) skb->data;
3047 struct hci_cp_link_key_reply cp;
3048 struct hci_conn *conn;
3049 struct link_key *key;
3051 BT_DBG("%s", hdev->name);
3053 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3058 key = hci_find_link_key(hdev, &ev->bdaddr);
3060 BT_DBG("%s link key not found for %pMR", hdev->name,
3065 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3068 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
3069 key->type == HCI_LK_DEBUG_COMBINATION) {
3070 BT_DBG("%s ignoring debug key", hdev->name);
3074 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3076 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3077 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3078 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3079 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3083 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3084 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3085 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3086 BT_DBG("%s ignoring key unauthenticated for high security",
3091 conn->key_type = key->type;
3092 conn->pin_length = key->pin_len;
3095 bacpy(&cp.bdaddr, &ev->bdaddr);
3096 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3098 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3100 hci_dev_unlock(hdev);
3105 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3106 hci_dev_unlock(hdev);
3109 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3111 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3112 struct hci_conn *conn;
3115 BT_DBG("%s", hdev->name);
3119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3121 hci_conn_hold(conn);
3122 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3123 pin_len = conn->pin_length;
3125 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3126 conn->key_type = ev->key_type;
3128 hci_conn_drop(conn);
3131 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3132 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3133 ev->key_type, pin_len);
3135 hci_dev_unlock(hdev);
3138 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3140 struct hci_ev_clock_offset *ev = (void *) skb->data;
3141 struct hci_conn *conn;
3143 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3147 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3148 if (conn && !ev->status) {
3149 struct inquiry_entry *ie;
3151 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3153 ie->data.clock_offset = ev->clock_offset;
3154 ie->timestamp = jiffies;
3158 hci_dev_unlock(hdev);
3161 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3163 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3164 struct hci_conn *conn;
3166 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3170 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3171 if (conn && !ev->status)
3172 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3174 hci_dev_unlock(hdev);
3177 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3179 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3180 struct inquiry_entry *ie;
3182 BT_DBG("%s", hdev->name);
3186 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3188 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3189 ie->timestamp = jiffies;
3192 hci_dev_unlock(hdev);
3195 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3196 struct sk_buff *skb)
3198 struct inquiry_data data;
3199 int num_rsp = *((__u8 *) skb->data);
3200 bool name_known, ssp;
3202 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3207 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3212 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3213 struct inquiry_info_with_rssi_and_pscan_mode *info;
3214 info = (void *) (skb->data + 1);
3216 for (; num_rsp; num_rsp--, info++) {
3217 bacpy(&data.bdaddr, &info->bdaddr);
3218 data.pscan_rep_mode = info->pscan_rep_mode;
3219 data.pscan_period_mode = info->pscan_period_mode;
3220 data.pscan_mode = info->pscan_mode;
3221 memcpy(data.dev_class, info->dev_class, 3);
3222 data.clock_offset = info->clock_offset;
3223 data.rssi = info->rssi;
3224 data.ssp_mode = 0x00;
3226 name_known = hci_inquiry_cache_update(hdev, &data,
3228 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3229 info->dev_class, info->rssi,
3230 !name_known, ssp, NULL, 0, NULL, 0);
3233 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3235 for (; num_rsp; num_rsp--, info++) {
3236 bacpy(&data.bdaddr, &info->bdaddr);
3237 data.pscan_rep_mode = info->pscan_rep_mode;
3238 data.pscan_period_mode = info->pscan_period_mode;
3239 data.pscan_mode = 0x00;
3240 memcpy(data.dev_class, info->dev_class, 3);
3241 data.clock_offset = info->clock_offset;
3242 data.rssi = info->rssi;
3243 data.ssp_mode = 0x00;
3244 name_known = hci_inquiry_cache_update(hdev, &data,
3246 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3247 info->dev_class, info->rssi,
3248 !name_known, ssp, NULL, 0, NULL, 0);
3252 hci_dev_unlock(hdev);
3255 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
3258 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3259 struct hci_conn *conn;
3261 BT_DBG("%s", hdev->name);
3265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3269 if (ev->page < HCI_MAX_PAGES)
3270 memcpy(conn->features[ev->page], ev->features, 8);
3272 if (!ev->status && ev->page == 0x01) {
3273 struct inquiry_entry *ie;
3275 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3277 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3279 if (ev->features[0] & LMP_HOST_SSP) {
3280 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3282 /* It is mandatory by the Bluetooth specification that
3283 * Extended Inquiry Results are only used when Secure
3284 * Simple Pairing is enabled, but some devices violate
3287 * To make these devices work, the internal SSP
3288 * enabled flag needs to be cleared if the remote host
3289 * features do not indicate SSP support */
3290 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3293 if (ev->features[0] & LMP_HOST_SC)
3294 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3297 if (conn->state != BT_CONFIG)
3300 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3301 struct hci_cp_remote_name_req cp;
3302 memset(&cp, 0, sizeof(cp));
3303 bacpy(&cp.bdaddr, &conn->dst);
3304 cp.pscan_rep_mode = 0x02;
3305 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3306 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3307 mgmt_device_connected(hdev, &conn->dst, conn->type,
3308 conn->dst_type, 0, NULL, 0,
3311 if (!hci_outgoing_auth_needed(hdev, conn)) {
3312 conn->state = BT_CONNECTED;
3313 hci_proto_connect_cfm(conn, ev->status);
3314 hci_conn_drop(conn);
3318 hci_dev_unlock(hdev);
3321 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3322 struct sk_buff *skb)
3324 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3325 struct hci_conn *conn;
3327 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3331 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3333 if (ev->link_type == ESCO_LINK)
3336 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3340 conn->type = SCO_LINK;
3343 switch (ev->status) {
3345 conn->handle = __le16_to_cpu(ev->handle);
3346 conn->state = BT_CONNECTED;
3348 hci_conn_add_sysfs(conn);
3351 case 0x0d: /* Connection Rejected due to Limited Resources */
3352 case 0x11: /* Unsupported Feature or Parameter Value */
3353 case 0x1c: /* SCO interval rejected */
3354 case 0x1a: /* Unsupported Remote Feature */
3355 case 0x1f: /* Unspecified error */
3356 case 0x20: /* Unsupported LMP Parameter value */
3358 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3359 (hdev->esco_type & EDR_ESCO_MASK);
3360 if (hci_setup_sync(conn, conn->link->handle))
3366 conn->state = BT_CLOSED;
3370 hci_proto_connect_cfm(conn, ev->status);
3375 hci_dev_unlock(hdev);
3378 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3382 while (parsed < eir_len) {
3383 u8 field_len = eir[0];
3388 parsed += field_len + 1;
3389 eir += field_len + 1;
3395 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3396 struct sk_buff *skb)
3398 struct inquiry_data data;
3399 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3400 int num_rsp = *((__u8 *) skb->data);
3403 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3408 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3413 for (; num_rsp; num_rsp--, info++) {
3414 bool name_known, ssp;
3416 bacpy(&data.bdaddr, &info->bdaddr);
3417 data.pscan_rep_mode = info->pscan_rep_mode;
3418 data.pscan_period_mode = info->pscan_period_mode;
3419 data.pscan_mode = 0x00;
3420 memcpy(data.dev_class, info->dev_class, 3);
3421 data.clock_offset = info->clock_offset;
3422 data.rssi = info->rssi;
3423 data.ssp_mode = 0x01;
3425 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3426 name_known = eir_has_data_type(info->data,
3432 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3434 eir_len = eir_get_length(info->data, sizeof(info->data));
3435 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3436 info->dev_class, info->rssi, !name_known,
3437 ssp, info->data, eir_len, NULL, 0);
3440 hci_dev_unlock(hdev);
3443 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3444 struct sk_buff *skb)
3446 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3447 struct hci_conn *conn;
3449 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3450 __le16_to_cpu(ev->handle));
3454 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3458 /* For BR/EDR the necessary steps are taken through the
3459 * auth_complete event.
3461 if (conn->type != LE_LINK)
3465 conn->sec_level = conn->pending_sec_level;
3467 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3469 if (ev->status && conn->state == BT_CONNECTED) {
3470 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3471 hci_conn_drop(conn);
3475 if (conn->state == BT_CONFIG) {
3477 conn->state = BT_CONNECTED;
3479 hci_proto_connect_cfm(conn, ev->status);
3480 hci_conn_drop(conn);
3482 hci_auth_cfm(conn, ev->status);
3484 hci_conn_hold(conn);
3485 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3486 hci_conn_drop(conn);
3490 hci_dev_unlock(hdev);
3493 static u8 hci_get_auth_req(struct hci_conn *conn)
3495 /* If remote requests no-bonding follow that lead */
3496 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3497 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3498 return conn->remote_auth | (conn->auth_type & 0x01);
3500 /* If both remote and local have enough IO capabilities, require
3503 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3504 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3505 return conn->remote_auth | 0x01;
3507 /* No MITM protection possible so ignore remote requirement */
3508 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3511 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3513 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3514 struct hci_conn *conn;
3516 BT_DBG("%s", hdev->name);
3520 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3524 hci_conn_hold(conn);
3526 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3529 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3530 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3531 struct hci_cp_io_capability_reply cp;
3533 bacpy(&cp.bdaddr, &ev->bdaddr);
3534 /* Change the IO capability from KeyboardDisplay
3535 * to DisplayYesNo as it is not supported by BT spec. */
3536 cp.capability = (conn->io_capability == 0x04) ?
3537 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3539 /* If we are initiators, there is no remote information yet */
3540 if (conn->remote_auth == 0xff) {
3541 cp.authentication = conn->auth_type;
3543 /* Request MITM protection if our IO caps allow it
3544 * except for the no-bonding case.
3545 * conn->auth_type is not updated here since
3546 * that might cause the user confirmation to be
3547 * rejected in case the remote doesn't have the
3548 * IO capabilities for MITM.
3550 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3551 cp.authentication != HCI_AT_NO_BONDING)
3552 cp.authentication |= 0x01;
3554 conn->auth_type = hci_get_auth_req(conn);
3555 cp.authentication = conn->auth_type;
3558 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3559 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3564 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3567 struct hci_cp_io_capability_neg_reply cp;
3569 bacpy(&cp.bdaddr, &ev->bdaddr);
3570 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3572 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3577 hci_dev_unlock(hdev);
3580 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3582 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3583 struct hci_conn *conn;
3585 BT_DBG("%s", hdev->name);
3589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3593 conn->remote_cap = ev->capability;
3594 conn->remote_auth = ev->authentication;
3596 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3599 hci_dev_unlock(hdev);
3602 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3603 struct sk_buff *skb)
3605 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3606 int loc_mitm, rem_mitm, confirm_hint = 0;
3607 struct hci_conn *conn;
3609 BT_DBG("%s", hdev->name);
3613 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3616 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3620 loc_mitm = (conn->auth_type & 0x01);
3621 rem_mitm = (conn->remote_auth & 0x01);
3623 /* If we require MITM but the remote device can't provide that
3624 * (it has NoInputNoOutput) then reject the confirmation request
3626 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3627 BT_DBG("Rejecting request: remote device can't provide MITM");
3628 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3629 sizeof(ev->bdaddr), &ev->bdaddr);
3633 /* If no side requires MITM protection; auto-accept */
3634 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3635 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3637 /* If we're not the initiators request authorization to
3638 * proceed from user space (mgmt_user_confirm with
3639 * confirm_hint set to 1). The exception is if neither
3640 * side had MITM in which case we do auto-accept.
3642 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3643 (loc_mitm || rem_mitm)) {
3644 BT_DBG("Confirming auto-accept as acceptor");
3649 BT_DBG("Auto-accept of user confirmation with %ums delay",
3650 hdev->auto_accept_delay);
3652 if (hdev->auto_accept_delay > 0) {
3653 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3654 queue_delayed_work(conn->hdev->workqueue,
3655 &conn->auto_accept_work, delay);
3659 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3660 sizeof(ev->bdaddr), &ev->bdaddr);
3665 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3666 le32_to_cpu(ev->passkey), confirm_hint);
3669 hci_dev_unlock(hdev);
3672 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3673 struct sk_buff *skb)
3675 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3677 BT_DBG("%s", hdev->name);
3679 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3680 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3683 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3684 struct sk_buff *skb)
3686 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3687 struct hci_conn *conn;
3689 BT_DBG("%s", hdev->name);
3691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3695 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3696 conn->passkey_entered = 0;
3698 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3699 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3700 conn->dst_type, conn->passkey_notify,
3701 conn->passkey_entered);
3704 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3706 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3707 struct hci_conn *conn;
3709 BT_DBG("%s", hdev->name);
3711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3716 case HCI_KEYPRESS_STARTED:
3717 conn->passkey_entered = 0;
3720 case HCI_KEYPRESS_ENTERED:
3721 conn->passkey_entered++;
3724 case HCI_KEYPRESS_ERASED:
3725 conn->passkey_entered--;
3728 case HCI_KEYPRESS_CLEARED:
3729 conn->passkey_entered = 0;
3732 case HCI_KEYPRESS_COMPLETED:
3736 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3737 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3738 conn->dst_type, conn->passkey_notify,
3739 conn->passkey_entered);
3742 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3743 struct sk_buff *skb)
3745 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3746 struct hci_conn *conn;
3748 BT_DBG("%s", hdev->name);
3752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3756 /* To avoid duplicate auth_failed events to user space we check
3757 * the HCI_CONN_AUTH_PEND flag which will be set if we
3758 * initiated the authentication. A traditional auth_complete
3759 * event gets always produced as initiator and is also mapped to
3760 * the mgmt_auth_failed event */
3761 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3762 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3765 hci_conn_drop(conn);
3768 hci_dev_unlock(hdev);
3771 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3772 struct sk_buff *skb)
3774 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3775 struct inquiry_entry *ie;
3776 struct hci_conn *conn;
3778 BT_DBG("%s", hdev->name);
3782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3784 memcpy(conn->features[1], ev->features, 8);
3786 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3788 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3790 hci_dev_unlock(hdev);
3793 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3794 struct sk_buff *skb)
3796 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3797 struct oob_data *data;
3799 BT_DBG("%s", hdev->name);
3803 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3806 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3808 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3809 struct hci_cp_remote_oob_ext_data_reply cp;
3811 bacpy(&cp.bdaddr, &ev->bdaddr);
3812 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3813 memcpy(cp.randomizer192, data->randomizer192,
3814 sizeof(cp.randomizer192));
3815 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3816 memcpy(cp.randomizer256, data->randomizer256,
3817 sizeof(cp.randomizer256));
3819 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3822 struct hci_cp_remote_oob_data_reply cp;
3824 bacpy(&cp.bdaddr, &ev->bdaddr);
3825 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3826 memcpy(cp.randomizer, data->randomizer192,
3827 sizeof(cp.randomizer));
3829 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3833 struct hci_cp_remote_oob_data_neg_reply cp;
3835 bacpy(&cp.bdaddr, &ev->bdaddr);
3836 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3841 hci_dev_unlock(hdev);
3844 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3845 struct sk_buff *skb)
3847 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3848 struct hci_conn *hcon, *bredr_hcon;
3850 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3855 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3857 hci_dev_unlock(hdev);
3863 hci_dev_unlock(hdev);
3867 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3869 hcon->state = BT_CONNECTED;
3870 bacpy(&hcon->dst, &bredr_hcon->dst);
3872 hci_conn_hold(hcon);
3873 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3874 hci_conn_drop(hcon);
3876 hci_conn_add_sysfs(hcon);
3878 amp_physical_cfm(bredr_hcon, hcon);
3880 hci_dev_unlock(hdev);
3883 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3885 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3886 struct hci_conn *hcon;
3887 struct hci_chan *hchan;
3888 struct amp_mgr *mgr;
3890 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3891 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3894 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3898 /* Create AMP hchan */
3899 hchan = hci_chan_create(hcon);
3903 hchan->handle = le16_to_cpu(ev->handle);
3905 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3907 mgr = hcon->amp_mgr;
3908 if (mgr && mgr->bredr_chan) {
3909 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3911 l2cap_chan_lock(bredr_chan);
3913 bredr_chan->conn->mtu = hdev->block_mtu;
3914 l2cap_logical_cfm(bredr_chan, hchan, 0);
3915 hci_conn_hold(hcon);
3917 l2cap_chan_unlock(bredr_chan);
3921 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3922 struct sk_buff *skb)
3924 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3925 struct hci_chan *hchan;
3927 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3928 le16_to_cpu(ev->handle), ev->status);
3935 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3939 amp_destroy_logical_link(hchan, ev->reason);
3942 hci_dev_unlock(hdev);
3945 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3946 struct sk_buff *skb)
3948 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3949 struct hci_conn *hcon;
3951 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3958 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3960 hcon->state = BT_CLOSED;
3964 hci_dev_unlock(hdev);
3967 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3969 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3970 struct hci_conn *conn;
3971 struct smp_irk *irk;
3973 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3977 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3979 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3981 BT_ERR("No memory for new connection");
3985 conn->dst_type = ev->bdaddr_type;
3987 if (ev->role == LE_CONN_ROLE_MASTER) {
3989 conn->link_mode |= HCI_LM_MASTER;
3992 /* If we didn't have a hci_conn object previously
3993 * but we're in master role this must be something
3994 * initiated using a white list. Since white list based
3995 * connections are not "first class citizens" we don't
3996 * have full tracking of them. Therefore, we go ahead
3997 * with a "best effort" approach of determining the
3998 * initiator address based on the HCI_PRIVACY flag.
4001 conn->resp_addr_type = ev->bdaddr_type;
4002 bacpy(&conn->resp_addr, &ev->bdaddr);
4003 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4004 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4005 bacpy(&conn->init_addr, &hdev->rpa);
4007 hci_copy_identity_address(hdev,
4009 &conn->init_addr_type);
4013 cancel_delayed_work(&conn->le_conn_timeout);
4017 /* Set the responder (our side) address type based on
4018 * the advertising address type.
4020 conn->resp_addr_type = hdev->adv_addr_type;
4021 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4022 bacpy(&conn->resp_addr, &hdev->random_addr);
4024 bacpy(&conn->resp_addr, &hdev->bdaddr);
4026 conn->init_addr_type = ev->bdaddr_type;
4027 bacpy(&conn->init_addr, &ev->bdaddr);
4030 /* Lookup the identity address from the stored connection
4031 * address and address type.
4033 * When establishing connections to an identity address, the
4034 * connection procedure will store the resolvable random
4035 * address first. Now if it can be converted back into the
4036 * identity address, start using the identity address from
4039 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4041 bacpy(&conn->dst, &irk->bdaddr);
4042 conn->dst_type = irk->addr_type;
4046 hci_le_conn_failed(conn, ev->status);
4050 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4051 mgmt_device_connected(hdev, &conn->dst, conn->type,
4052 conn->dst_type, 0, NULL, 0, NULL);
4054 conn->sec_level = BT_SECURITY_LOW;
4055 conn->handle = __le16_to_cpu(ev->handle);
4056 conn->state = BT_CONNECTED;
4058 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
4059 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
4061 hci_conn_add_sysfs(conn);
4063 hci_proto_connect_cfm(conn, ev->status);
4065 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4068 hci_dev_unlock(hdev);
4071 /* This function requires the caller holds hdev->lock */
4072 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4075 struct hci_conn *conn;
4076 struct smp_irk *irk;
4078 /* If this is a resolvable address, we should resolve it and then
4079 * update address and address type variables.
4081 irk = hci_get_irk(hdev, addr, addr_type);
4083 addr = &irk->bdaddr;
4084 addr_type = irk->addr_type;
4087 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4090 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4095 switch (PTR_ERR(conn)) {
4097 /* If hci_connect() returns -EBUSY it means there is already
4098 * an LE connection attempt going on. Since controllers don't
4099 * support more than one connection attempt at the time, we
4100 * don't consider this an error case.
4104 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4108 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4109 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4111 struct discovery_state *d = &hdev->discovery;
4114 /* Passive scanning shouldn't trigger any device found events */
4115 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4116 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4117 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4121 /* If there's nothing pending either store the data from this
4122 * event or send an immediate device found event if the data
4123 * should not be stored for later.
4125 if (!has_pending_adv_report(hdev)) {
4126 /* If the report will trigger a SCAN_REQ store it for
4129 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4130 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4135 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4136 rssi, 0, 1, data, len, NULL, 0);
4140 /* Check if the pending report is for the same device as the new one */
4141 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4142 bdaddr_type == d->last_adv_addr_type);
4144 /* If the pending data doesn't match this report or this isn't a
4145 * scan response (e.g. we got a duplicate ADV_IND) then force
4146 * sending of the pending data.
4148 if (type != LE_ADV_SCAN_RSP || !match) {
4149 /* Send out whatever is in the cache, but skip duplicates */
4151 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4152 d->last_adv_addr_type, NULL,
4153 d->last_adv_rssi, 0, 1,
4155 d->last_adv_data_len, NULL, 0);
4157 /* If the new report will trigger a SCAN_REQ store it for
4160 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4161 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4166 /* The advertising reports cannot be merged, so clear
4167 * the pending report and send out a device found event.
4169 clear_pending_adv_report(hdev);
4170 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4171 rssi, 0, 1, data, len, NULL, 0);
4175 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4176 * the new event is a SCAN_RSP. We can therefore proceed with
4177 * sending a merged device found event.
4179 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4180 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4181 d->last_adv_data, d->last_adv_data_len);
4182 clear_pending_adv_report(hdev);
4185 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4187 u8 num_reports = skb->data[0];
4188 void *ptr = &skb->data[1];
4192 while (num_reports--) {
4193 struct hci_ev_le_advertising_info *ev = ptr;
4196 rssi = ev->data[ev->length];
4197 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4198 ev->bdaddr_type, rssi, ev->data, ev->length);
4200 ptr += sizeof(*ev) + ev->length + 1;
4203 hci_dev_unlock(hdev);
4206 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4208 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4209 struct hci_cp_le_ltk_reply cp;
4210 struct hci_cp_le_ltk_neg_reply neg;
4211 struct hci_conn *conn;
4212 struct smp_ltk *ltk;
4214 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4218 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4222 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4226 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4227 cp.handle = cpu_to_le16(conn->handle);
4229 if (ltk->authenticated)
4230 conn->pending_sec_level = BT_SECURITY_HIGH;
4232 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4234 conn->enc_key_size = ltk->enc_size;
4236 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4238 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4239 * temporary key used to encrypt a connection following
4240 * pairing. It is used during the Encrypted Session Setup to
4241 * distribute the keys. Later, security can be re-established
4242 * using a distributed LTK.
4244 if (ltk->type == HCI_SMP_STK_SLAVE) {
4245 list_del(<k->list);
4249 hci_dev_unlock(hdev);
4254 neg.handle = ev->handle;
4255 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4256 hci_dev_unlock(hdev);
4259 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4261 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4263 skb_pull(skb, sizeof(*le_ev));
4265 switch (le_ev->subevent) {
4266 case HCI_EV_LE_CONN_COMPLETE:
4267 hci_le_conn_complete_evt(hdev, skb);
4270 case HCI_EV_LE_ADVERTISING_REPORT:
4271 hci_le_adv_report_evt(hdev, skb);
4274 case HCI_EV_LE_LTK_REQ:
4275 hci_le_ltk_request_evt(hdev, skb);
4283 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4285 struct hci_ev_channel_selected *ev = (void *) skb->data;
4286 struct hci_conn *hcon;
4288 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4290 skb_pull(skb, sizeof(*ev));
4292 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4296 amp_read_loc_assoc_final_data(hdev, hcon);
4299 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4301 struct hci_event_hdr *hdr = (void *) skb->data;
4302 __u8 event = hdr->evt;
4306 /* Received events are (currently) only needed when a request is
4307 * ongoing so avoid unnecessary memory allocation.
4309 if (hdev->req_status == HCI_REQ_PEND) {
4310 kfree_skb(hdev->recv_evt);
4311 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4314 hci_dev_unlock(hdev);
4316 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4318 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4319 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4320 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4322 hci_req_cmd_complete(hdev, opcode, 0);
4326 case HCI_EV_INQUIRY_COMPLETE:
4327 hci_inquiry_complete_evt(hdev, skb);
4330 case HCI_EV_INQUIRY_RESULT:
4331 hci_inquiry_result_evt(hdev, skb);
4334 case HCI_EV_CONN_COMPLETE:
4335 hci_conn_complete_evt(hdev, skb);
4338 case HCI_EV_CONN_REQUEST:
4339 hci_conn_request_evt(hdev, skb);
4342 case HCI_EV_DISCONN_COMPLETE:
4343 hci_disconn_complete_evt(hdev, skb);
4346 case HCI_EV_AUTH_COMPLETE:
4347 hci_auth_complete_evt(hdev, skb);
4350 case HCI_EV_REMOTE_NAME:
4351 hci_remote_name_evt(hdev, skb);
4354 case HCI_EV_ENCRYPT_CHANGE:
4355 hci_encrypt_change_evt(hdev, skb);
4358 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4359 hci_change_link_key_complete_evt(hdev, skb);
4362 case HCI_EV_REMOTE_FEATURES:
4363 hci_remote_features_evt(hdev, skb);
4366 case HCI_EV_CMD_COMPLETE:
4367 hci_cmd_complete_evt(hdev, skb);
4370 case HCI_EV_CMD_STATUS:
4371 hci_cmd_status_evt(hdev, skb);
4374 case HCI_EV_ROLE_CHANGE:
4375 hci_role_change_evt(hdev, skb);
4378 case HCI_EV_NUM_COMP_PKTS:
4379 hci_num_comp_pkts_evt(hdev, skb);
4382 case HCI_EV_MODE_CHANGE:
4383 hci_mode_change_evt(hdev, skb);
4386 case HCI_EV_PIN_CODE_REQ:
4387 hci_pin_code_request_evt(hdev, skb);
4390 case HCI_EV_LINK_KEY_REQ:
4391 hci_link_key_request_evt(hdev, skb);
4394 case HCI_EV_LINK_KEY_NOTIFY:
4395 hci_link_key_notify_evt(hdev, skb);
4398 case HCI_EV_CLOCK_OFFSET:
4399 hci_clock_offset_evt(hdev, skb);
4402 case HCI_EV_PKT_TYPE_CHANGE:
4403 hci_pkt_type_change_evt(hdev, skb);
4406 case HCI_EV_PSCAN_REP_MODE:
4407 hci_pscan_rep_mode_evt(hdev, skb);
4410 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4411 hci_inquiry_result_with_rssi_evt(hdev, skb);
4414 case HCI_EV_REMOTE_EXT_FEATURES:
4415 hci_remote_ext_features_evt(hdev, skb);
4418 case HCI_EV_SYNC_CONN_COMPLETE:
4419 hci_sync_conn_complete_evt(hdev, skb);
4422 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4423 hci_extended_inquiry_result_evt(hdev, skb);
4426 case HCI_EV_KEY_REFRESH_COMPLETE:
4427 hci_key_refresh_complete_evt(hdev, skb);
4430 case HCI_EV_IO_CAPA_REQUEST:
4431 hci_io_capa_request_evt(hdev, skb);
4434 case HCI_EV_IO_CAPA_REPLY:
4435 hci_io_capa_reply_evt(hdev, skb);
4438 case HCI_EV_USER_CONFIRM_REQUEST:
4439 hci_user_confirm_request_evt(hdev, skb);
4442 case HCI_EV_USER_PASSKEY_REQUEST:
4443 hci_user_passkey_request_evt(hdev, skb);
4446 case HCI_EV_USER_PASSKEY_NOTIFY:
4447 hci_user_passkey_notify_evt(hdev, skb);
4450 case HCI_EV_KEYPRESS_NOTIFY:
4451 hci_keypress_notify_evt(hdev, skb);
4454 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4455 hci_simple_pair_complete_evt(hdev, skb);
4458 case HCI_EV_REMOTE_HOST_FEATURES:
4459 hci_remote_host_features_evt(hdev, skb);
4462 case HCI_EV_LE_META:
4463 hci_le_meta_evt(hdev, skb);
4466 case HCI_EV_CHANNEL_SELECTED:
4467 hci_chan_selected_evt(hdev, skb);
4470 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4471 hci_remote_oob_data_request_evt(hdev, skb);
4474 case HCI_EV_PHY_LINK_COMPLETE:
4475 hci_phy_link_complete_evt(hdev, skb);
4478 case HCI_EV_LOGICAL_LINK_COMPLETE:
4479 hci_loglink_complete_evt(hdev, skb);
4482 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4483 hci_disconn_loglink_complete_evt(hdev, skb);
4486 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4487 hci_disconn_phylink_complete_evt(hdev, skb);
4490 case HCI_EV_NUM_COMP_BLOCKS:
4491 hci_num_comp_blocks_evt(hdev, skb);
4495 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4500 hdev->stat.evt_rx++;