2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
58 /* Set discovery state to stopped if we're not doing LE active
61 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
62 hdev->le_scan_type != LE_SCAN_ACTIVE)
63 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
66 hci_conn_check_pending(hdev);
69 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71 __u8 status = *((__u8 *) skb->data);
73 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
81 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
83 __u8 status = *((__u8 *) skb->data);
85 BT_DBG("%s status 0x%2.2x", hdev->name, status);
90 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
92 hci_conn_check_pending(hdev);
95 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
98 BT_DBG("%s", hdev->name);
101 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
103 struct hci_rp_role_discovery *rp = (void *) skb->data;
104 struct hci_conn *conn;
106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
115 conn->role = rp->role;
117 hci_dev_unlock(hdev);
120 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
122 struct hci_rp_read_link_policy *rp = (void *) skb->data;
123 struct hci_conn *conn;
125 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
134 conn->link_policy = __le16_to_cpu(rp->policy);
136 hci_dev_unlock(hdev);
139 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
141 struct hci_rp_write_link_policy *rp = (void *) skb->data;
142 struct hci_conn *conn;
145 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
158 conn->link_policy = get_unaligned_le16(sent + 2);
160 hci_dev_unlock(hdev);
163 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
166 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
173 hdev->link_policy = __le16_to_cpu(rp->policy);
176 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
179 __u8 status = *((__u8 *) skb->data);
182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
191 hdev->link_policy = get_unaligned_le16(sent);
194 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
196 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
200 clear_bit(HCI_RESET, &hdev->flags);
205 /* Reset all non-persistent flags */
206 hci_dev_clear_volatile_flags(hdev);
208 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
210 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
211 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
213 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
214 hdev->adv_data_len = 0;
216 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
217 hdev->scan_rsp_data_len = 0;
219 hdev->le_scan_type = LE_SCAN_PASSIVE;
221 hdev->ssp_debug_mode = 0;
223 hci_bdaddr_list_clear(&hdev->le_white_list);
224 hci_bdaddr_list_clear(&hdev->le_resolv_list);
227 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
230 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
231 struct hci_cp_read_stored_link_key *sent;
233 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
239 if (!rp->status && sent->read_all == 0x01) {
240 hdev->stored_max_keys = rp->max_keys;
241 hdev->stored_num_keys = rp->num_keys;
245 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
248 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
250 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
255 if (rp->num_keys <= hdev->stored_num_keys)
256 hdev->stored_num_keys -= rp->num_keys;
258 hdev->stored_num_keys = 0;
261 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
263 __u8 status = *((__u8 *) skb->data);
266 BT_DBG("%s status 0x%2.2x", hdev->name, status);
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
274 if (hci_dev_test_flag(hdev, HCI_MGMT))
275 mgmt_set_local_name_complete(hdev, sent, status);
277 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
279 hci_dev_unlock(hdev);
282 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
284 struct hci_rp_read_local_name *rp = (void *) skb->data;
286 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
291 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
292 hci_dev_test_flag(hdev, HCI_CONFIG))
293 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
296 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
298 __u8 status = *((__u8 *) skb->data);
301 BT_DBG("%s status 0x%2.2x", hdev->name, status);
303 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
310 __u8 param = *((__u8 *) sent);
312 if (param == AUTH_ENABLED)
313 set_bit(HCI_AUTH, &hdev->flags);
315 clear_bit(HCI_AUTH, &hdev->flags);
318 if (hci_dev_test_flag(hdev, HCI_MGMT))
319 mgmt_auth_enable_complete(hdev, status);
321 hci_dev_unlock(hdev);
324 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
330 BT_DBG("%s status 0x%2.2x", hdev->name, status);
335 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
339 param = *((__u8 *) sent);
342 set_bit(HCI_ENCRYPT, &hdev->flags);
344 clear_bit(HCI_ENCRYPT, &hdev->flags);
347 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
353 BT_DBG("%s status 0x%2.2x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
359 param = *((__u8 *) sent);
364 hdev->discov_timeout = 0;
368 if (param & SCAN_INQUIRY)
369 set_bit(HCI_ISCAN, &hdev->flags);
371 clear_bit(HCI_ISCAN, &hdev->flags);
373 if (param & SCAN_PAGE)
374 set_bit(HCI_PSCAN, &hdev->flags);
376 clear_bit(HCI_PSCAN, &hdev->flags);
379 hci_dev_unlock(hdev);
382 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
384 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
391 memcpy(hdev->dev_class, rp->dev_class, 3);
393 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
394 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
397 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
411 memcpy(hdev->dev_class, sent, 3);
413 if (hci_dev_test_flag(hdev, HCI_MGMT))
414 mgmt_set_class_of_dev_complete(hdev, sent, status);
416 hci_dev_unlock(hdev);
419 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
421 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
424 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429 setting = __le16_to_cpu(rp->voice_setting);
431 if (hdev->voice_setting == setting)
434 hdev->voice_setting = setting;
436 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
439 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
442 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
445 __u8 status = *((__u8 *) skb->data);
449 BT_DBG("%s status 0x%2.2x", hdev->name, status);
454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
458 setting = get_unaligned_le16(sent);
460 if (hdev->voice_setting == setting)
463 hdev->voice_setting = setting;
465 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
468 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
471 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
474 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
476 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
481 hdev->num_iac = rp->num_iac;
483 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
486 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
488 __u8 status = *((__u8 *) skb->data);
489 struct hci_cp_write_ssp_mode *sent;
491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
493 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
501 hdev->features[1][0] |= LMP_HOST_SSP;
503 hdev->features[1][0] &= ~LMP_HOST_SSP;
506 if (hci_dev_test_flag(hdev, HCI_MGMT))
507 mgmt_ssp_enable_complete(hdev, sent->mode, status);
510 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
512 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
515 hci_dev_unlock(hdev);
518 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
520 u8 status = *((u8 *) skb->data);
521 struct hci_cp_write_sc_support *sent;
523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
525 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
533 hdev->features[1][0] |= LMP_HOST_SC;
535 hdev->features[1][0] &= ~LMP_HOST_SC;
538 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
540 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
542 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
545 hci_dev_unlock(hdev);
548 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
550 struct hci_rp_read_local_version *rp = (void *) skb->data;
552 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
557 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
558 hci_dev_test_flag(hdev, HCI_CONFIG)) {
559 hdev->hci_ver = rp->hci_ver;
560 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
561 hdev->lmp_ver = rp->lmp_ver;
562 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
563 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
567 static void hci_cc_read_local_commands(struct hci_dev *hdev,
570 struct hci_rp_read_local_commands *rp = (void *) skb->data;
572 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
577 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
578 hci_dev_test_flag(hdev, HCI_CONFIG))
579 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
582 static void hci_cc_read_local_features(struct hci_dev *hdev,
585 struct hci_rp_read_local_features *rp = (void *) skb->data;
587 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
592 memcpy(hdev->features, rp->features, 8);
594 /* Adjust default settings according to features
595 * supported by device. */
597 if (hdev->features[0][0] & LMP_3SLOT)
598 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
600 if (hdev->features[0][0] & LMP_5SLOT)
601 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
603 if (hdev->features[0][1] & LMP_HV2) {
604 hdev->pkt_type |= (HCI_HV2);
605 hdev->esco_type |= (ESCO_HV2);
608 if (hdev->features[0][1] & LMP_HV3) {
609 hdev->pkt_type |= (HCI_HV3);
610 hdev->esco_type |= (ESCO_HV3);
613 if (lmp_esco_capable(hdev))
614 hdev->esco_type |= (ESCO_EV3);
616 if (hdev->features[0][4] & LMP_EV4)
617 hdev->esco_type |= (ESCO_EV4);
619 if (hdev->features[0][4] & LMP_EV5)
620 hdev->esco_type |= (ESCO_EV5);
622 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
623 hdev->esco_type |= (ESCO_2EV3);
625 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
626 hdev->esco_type |= (ESCO_3EV3);
628 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
629 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
632 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
635 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
637 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 if (hdev->max_page < rp->max_page)
643 hdev->max_page = rp->max_page;
645 if (rp->page < HCI_MAX_PAGES)
646 memcpy(hdev->features[rp->page], rp->features, 8);
649 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
652 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
654 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
659 hdev->flow_ctl_mode = rp->mode;
662 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
664 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
671 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
672 hdev->sco_mtu = rp->sco_mtu;
673 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
674 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
676 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
681 hdev->acl_cnt = hdev->acl_pkts;
682 hdev->sco_cnt = hdev->sco_pkts;
684 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
685 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
692 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
697 if (test_bit(HCI_INIT, &hdev->flags))
698 bacpy(&hdev->bdaddr, &rp->bdaddr);
700 if (hci_dev_test_flag(hdev, HCI_SETUP))
701 bacpy(&hdev->setup_addr, &rp->bdaddr);
704 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
707 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 if (test_bit(HCI_INIT, &hdev->flags)) {
715 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
716 hdev->page_scan_window = __le16_to_cpu(rp->window);
720 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
723 u8 status = *((u8 *) skb->data);
724 struct hci_cp_write_page_scan_activity *sent;
726 BT_DBG("%s status 0x%2.2x", hdev->name, status);
731 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
735 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
736 hdev->page_scan_window = __le16_to_cpu(sent->window);
739 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
742 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
744 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
749 if (test_bit(HCI_INIT, &hdev->flags))
750 hdev->page_scan_type = rp->type;
753 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
756 u8 status = *((u8 *) skb->data);
759 BT_DBG("%s status 0x%2.2x", hdev->name, status);
764 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
766 hdev->page_scan_type = *type;
769 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
772 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
774 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
779 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
780 hdev->block_len = __le16_to_cpu(rp->block_len);
781 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
783 hdev->block_cnt = hdev->num_blocks;
785 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
786 hdev->block_cnt, hdev->block_len);
789 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
791 struct hci_rp_read_clock *rp = (void *) skb->data;
792 struct hci_cp_read_clock *cp;
793 struct hci_conn *conn;
795 BT_DBG("%s", hdev->name);
797 if (skb->len < sizeof(*rp))
805 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
809 if (cp->which == 0x00) {
810 hdev->clock = le32_to_cpu(rp->clock);
814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
816 conn->clock = le32_to_cpu(rp->clock);
817 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
821 hci_dev_unlock(hdev);
824 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
827 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
834 hdev->amp_status = rp->amp_status;
835 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
836 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
837 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
838 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
839 hdev->amp_type = rp->amp_type;
840 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
841 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
842 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
843 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
846 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
849 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
851 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856 hdev->inq_tx_power = rp->tx_power;
859 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
861 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
862 struct hci_cp_pin_code_reply *cp;
863 struct hci_conn *conn;
865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869 if (hci_dev_test_flag(hdev, HCI_MGMT))
870 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
875 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
881 conn->pin_length = cp->pin_len;
884 hci_dev_unlock(hdev);
887 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
889 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
891 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
895 if (hci_dev_test_flag(hdev, HCI_MGMT))
896 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
899 hci_dev_unlock(hdev);
902 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
905 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
907 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
913 hdev->le_pkts = rp->le_max_pkt;
915 hdev->le_cnt = hdev->le_pkts;
917 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
920 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
923 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
925 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 memcpy(hdev->le_features, rp->features, 8);
933 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
936 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
938 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943 hdev->adv_tx_power = rp->tx_power;
946 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954 if (hci_dev_test_flag(hdev, HCI_MGMT))
955 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
958 hci_dev_unlock(hdev);
961 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
970 if (hci_dev_test_flag(hdev, HCI_MGMT))
971 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
972 ACL_LINK, 0, rp->status);
974 hci_dev_unlock(hdev);
977 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 if (hci_dev_test_flag(hdev, HCI_MGMT))
986 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
989 hci_dev_unlock(hdev);
992 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1001 if (hci_dev_test_flag(hdev, HCI_MGMT))
1002 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1003 ACL_LINK, 0, rp->status);
1005 hci_dev_unlock(hdev);
1008 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1011 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1016 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1024 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1026 __u8 status = *((__u8 *) skb->data);
1029 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1034 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1040 bacpy(&hdev->random_addr, sent);
1042 hci_dev_unlock(hdev);
1045 static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1047 __u8 status = *((__u8 *) skb->data);
1048 struct hci_cp_le_set_default_phy *cp;
1050 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1055 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1061 hdev->le_tx_def_phys = cp->tx_phys;
1062 hdev->le_rx_def_phys = cp->rx_phys;
1064 hci_dev_unlock(hdev);
1067 static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1070 __u8 status = *((__u8 *) skb->data);
1071 struct hci_cp_le_set_adv_set_rand_addr *cp;
1072 struct adv_info *adv_instance;
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1083 if (!hdev->cur_adv_instance) {
1084 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1085 bacpy(&hdev->random_addr, &cp->bdaddr);
1087 adv_instance = hci_find_adv_instance(hdev,
1088 hdev->cur_adv_instance);
1090 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1093 hci_dev_unlock(hdev);
1096 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1098 __u8 *sent, status = *((__u8 *) skb->data);
1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1105 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1111 /* If we're doing connection initiation as peripheral. Set a
1112 * timeout in case something goes wrong.
1115 struct hci_conn *conn;
1117 hci_dev_set_flag(hdev, HCI_LE_ADV);
1119 conn = hci_lookup_le_connect(hdev);
1121 queue_delayed_work(hdev->workqueue,
1122 &conn->le_conn_timeout,
1123 conn->conn_timeout);
1125 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1128 hci_dev_unlock(hdev);
1131 static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1132 struct sk_buff *skb)
1134 struct hci_cp_le_set_ext_adv_enable *cp;
1135 __u8 status = *((__u8 *) skb->data);
1137 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1149 struct hci_conn *conn;
1151 hci_dev_set_flag(hdev, HCI_LE_ADV);
1153 conn = hci_lookup_le_connect(hdev);
1155 queue_delayed_work(hdev->workqueue,
1156 &conn->le_conn_timeout,
1157 conn->conn_timeout);
1159 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1162 hci_dev_unlock(hdev);
1165 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1167 struct hci_cp_le_set_scan_param *cp;
1168 __u8 status = *((__u8 *) skb->data);
1170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1181 hdev->le_scan_type = cp->type;
1183 hci_dev_unlock(hdev);
1186 static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1187 struct sk_buff *skb)
1189 struct hci_cp_le_set_ext_scan_params *cp;
1190 __u8 status = *((__u8 *) skb->data);
1191 struct hci_cp_le_scan_phy_params *phy_param;
1193 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1198 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1202 phy_param = (void *)cp->data;
1206 hdev->le_scan_type = phy_param->type;
1208 hci_dev_unlock(hdev);
1211 static bool has_pending_adv_report(struct hci_dev *hdev)
1213 struct discovery_state *d = &hdev->discovery;
1215 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1218 static void clear_pending_adv_report(struct hci_dev *hdev)
1220 struct discovery_state *d = &hdev->discovery;
1222 bacpy(&d->last_adv_addr, BDADDR_ANY);
1223 d->last_adv_data_len = 0;
1226 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1227 u8 bdaddr_type, s8 rssi, u32 flags,
1230 struct discovery_state *d = &hdev->discovery;
1232 bacpy(&d->last_adv_addr, bdaddr);
1233 d->last_adv_addr_type = bdaddr_type;
1234 d->last_adv_rssi = rssi;
1235 d->last_adv_flags = flags;
1236 memcpy(d->last_adv_data, data, len);
1237 d->last_adv_data_len = len;
1240 static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
1245 case LE_SCAN_ENABLE:
1246 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1247 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1248 clear_pending_adv_report(hdev);
1251 case LE_SCAN_DISABLE:
1252 /* We do this here instead of when setting DISCOVERY_STOPPED
1253 * since the latter would potentially require waiting for
1254 * inquiry to stop too.
1256 if (has_pending_adv_report(hdev)) {
1257 struct discovery_state *d = &hdev->discovery;
1259 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1260 d->last_adv_addr_type, NULL,
1261 d->last_adv_rssi, d->last_adv_flags,
1263 d->last_adv_data_len, NULL, 0);
1266 /* Cancel this timer so that we don't try to disable scanning
1267 * when it's already disabled.
1269 cancel_delayed_work(&hdev->le_scan_disable);
1271 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1273 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1274 * interrupted scanning due to a connect request. Mark
1275 * therefore discovery as stopped. If this was not
1276 * because of a connect request advertising might have
1277 * been disabled because of active scanning, so
1278 * re-enable it again if necessary.
1280 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1281 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1282 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1283 hdev->discovery.state == DISCOVERY_FINDING)
1284 hci_req_reenable_advertising(hdev);
1289 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1294 hci_dev_unlock(hdev);
1297 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1298 struct sk_buff *skb)
1300 struct hci_cp_le_set_scan_enable *cp;
1301 __u8 status = *((__u8 *) skb->data);
1303 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1308 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1312 le_set_scan_enable_complete(hdev, cp->enable);
1315 static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1316 struct sk_buff *skb)
1318 struct hci_cp_le_set_ext_scan_enable *cp;
1319 __u8 status = *((__u8 *) skb->data);
1321 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1326 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1330 le_set_scan_enable_complete(hdev, cp->enable);
1333 static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1334 struct sk_buff *skb)
1336 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1338 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1344 hdev->le_num_of_adv_sets = rp->num_of_sets;
1347 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1348 struct sk_buff *skb)
1350 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1352 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1357 hdev->le_white_list_size = rp->size;
1360 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1361 struct sk_buff *skb)
1363 __u8 status = *((__u8 *) skb->data);
1365 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1370 hci_bdaddr_list_clear(&hdev->le_white_list);
1373 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1374 struct sk_buff *skb)
1376 struct hci_cp_le_add_to_white_list *sent;
1377 __u8 status = *((__u8 *) skb->data);
1379 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1384 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1388 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1392 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1393 struct sk_buff *skb)
1395 struct hci_cp_le_del_from_white_list *sent;
1396 __u8 status = *((__u8 *) skb->data);
1398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1403 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1407 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1411 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1412 struct sk_buff *skb)
1414 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1416 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1421 memcpy(hdev->le_states, rp->le_states, 8);
1424 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1425 struct sk_buff *skb)
1427 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1429 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1434 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1435 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1438 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1439 struct sk_buff *skb)
1441 struct hci_cp_le_write_def_data_len *sent;
1442 __u8 status = *((__u8 *) skb->data);
1444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1449 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1453 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1454 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1457 static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1458 struct sk_buff *skb)
1460 struct hci_cp_le_add_to_resolv_list *sent;
1461 __u8 status = *((__u8 *) skb->data);
1463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1468 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1472 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1473 sent->bdaddr_type, sent->peer_irk,
1477 static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1478 struct sk_buff *skb)
1480 struct hci_cp_le_del_from_resolv_list *sent;
1481 __u8 status = *((__u8 *) skb->data);
1483 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1488 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1492 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1496 static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1497 struct sk_buff *skb)
1499 __u8 status = *((__u8 *) skb->data);
1501 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1506 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1509 static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1510 struct sk_buff *skb)
1512 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1514 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1519 hdev->le_resolv_list_size = rp->size;
1522 static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1523 struct sk_buff *skb)
1525 __u8 *sent, status = *((__u8 *) skb->data);
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1532 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1539 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1541 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1543 hci_dev_unlock(hdev);
1546 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1547 struct sk_buff *skb)
1549 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1556 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1557 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1558 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1559 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1562 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1563 struct sk_buff *skb)
1565 struct hci_cp_write_le_host_supported *sent;
1566 __u8 status = *((__u8 *) skb->data);
1568 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1580 hdev->features[1][0] |= LMP_HOST_LE;
1581 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1583 hdev->features[1][0] &= ~LMP_HOST_LE;
1584 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1585 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1589 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1591 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1593 hci_dev_unlock(hdev);
1596 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1598 struct hci_cp_le_set_adv_param *cp;
1599 u8 status = *((u8 *) skb->data);
1601 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1606 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1611 hdev->adv_addr_type = cp->own_address_type;
1612 hci_dev_unlock(hdev);
1615 static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1617 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1618 struct hci_cp_le_set_ext_adv_params *cp;
1619 struct adv_info *adv_instance;
1621 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1626 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1631 hdev->adv_addr_type = cp->own_addr_type;
1632 if (!hdev->cur_adv_instance) {
1633 /* Store in hdev for instance 0 */
1634 hdev->adv_tx_power = rp->tx_power;
1636 adv_instance = hci_find_adv_instance(hdev,
1637 hdev->cur_adv_instance);
1639 adv_instance->tx_power = rp->tx_power;
1641 /* Update adv data as tx power is known now */
1642 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1643 hci_dev_unlock(hdev);
1646 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1648 struct hci_rp_read_rssi *rp = (void *) skb->data;
1649 struct hci_conn *conn;
1651 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1658 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1660 conn->rssi = rp->rssi;
1662 hci_dev_unlock(hdev);
1665 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1667 struct hci_cp_read_tx_power *sent;
1668 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1669 struct hci_conn *conn;
1671 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1676 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1682 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1686 switch (sent->type) {
1688 conn->tx_power = rp->tx_power;
1691 conn->max_tx_power = rp->tx_power;
1696 hci_dev_unlock(hdev);
1699 static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1701 u8 status = *((u8 *) skb->data);
1704 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1709 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1711 hdev->ssp_debug_mode = *mode;
1714 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1716 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1719 hci_conn_check_pending(hdev);
1723 set_bit(HCI_INQUIRY, &hdev->flags);
1726 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1728 struct hci_cp_create_conn *cp;
1729 struct hci_conn *conn;
1731 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1733 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1741 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1744 if (conn && conn->state == BT_CONNECT) {
1745 if (status != 0x0c || conn->attempt > 2) {
1746 conn->state = BT_CLOSED;
1747 hci_connect_cfm(conn, status);
1750 conn->state = BT_CONNECT2;
1754 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1757 bt_dev_err(hdev, "no memory for new connection");
1761 hci_dev_unlock(hdev);
1764 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1766 struct hci_cp_add_sco *cp;
1767 struct hci_conn *acl, *sco;
1770 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1775 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1779 handle = __le16_to_cpu(cp->handle);
1781 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1785 acl = hci_conn_hash_lookup_handle(hdev, handle);
1789 sco->state = BT_CLOSED;
1791 hci_connect_cfm(sco, status);
1796 hci_dev_unlock(hdev);
1799 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1801 struct hci_cp_auth_requested *cp;
1802 struct hci_conn *conn;
1804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1809 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1815 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1817 if (conn->state == BT_CONFIG) {
1818 hci_connect_cfm(conn, status);
1819 hci_conn_drop(conn);
1823 hci_dev_unlock(hdev);
1826 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1828 struct hci_cp_set_conn_encrypt *cp;
1829 struct hci_conn *conn;
1831 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1842 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1844 if (conn->state == BT_CONFIG) {
1845 hci_connect_cfm(conn, status);
1846 hci_conn_drop(conn);
1850 hci_dev_unlock(hdev);
1853 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1854 struct hci_conn *conn)
1856 if (conn->state != BT_CONFIG || !conn->out)
1859 if (conn->pending_sec_level == BT_SECURITY_SDP)
1862 /* Only request authentication for SSP connections or non-SSP
1863 * devices with sec_level MEDIUM or HIGH or if MITM protection
1866 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1867 conn->pending_sec_level != BT_SECURITY_FIPS &&
1868 conn->pending_sec_level != BT_SECURITY_HIGH &&
1869 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1875 static int hci_resolve_name(struct hci_dev *hdev,
1876 struct inquiry_entry *e)
1878 struct hci_cp_remote_name_req cp;
1880 memset(&cp, 0, sizeof(cp));
1882 bacpy(&cp.bdaddr, &e->data.bdaddr);
1883 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1884 cp.pscan_mode = e->data.pscan_mode;
1885 cp.clock_offset = e->data.clock_offset;
1887 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1890 static bool hci_resolve_next_name(struct hci_dev *hdev)
1892 struct discovery_state *discov = &hdev->discovery;
1893 struct inquiry_entry *e;
1895 if (list_empty(&discov->resolve))
1898 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1902 if (hci_resolve_name(hdev, e) == 0) {
1903 e->name_state = NAME_PENDING;
1910 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1911 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1913 struct discovery_state *discov = &hdev->discovery;
1914 struct inquiry_entry *e;
1916 /* Update the mgmt connected state if necessary. Be careful with
1917 * conn objects that exist but are not (yet) connected however.
1918 * Only those in BT_CONFIG or BT_CONNECTED states can be
1919 * considered connected.
1922 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1923 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1924 mgmt_device_connected(hdev, conn, 0, name, name_len);
1926 if (discov->state == DISCOVERY_STOPPED)
1929 if (discov->state == DISCOVERY_STOPPING)
1930 goto discov_complete;
1932 if (discov->state != DISCOVERY_RESOLVING)
1935 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1936 /* If the device was not found in a list of found devices names of which
1937 * are pending. there is no need to continue resolving a next name as it
1938 * will be done upon receiving another Remote Name Request Complete
1945 e->name_state = NAME_KNOWN;
1946 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1947 e->data.rssi, name, name_len);
1949 e->name_state = NAME_NOT_KNOWN;
1952 if (hci_resolve_next_name(hdev))
1956 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1959 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1961 struct hci_cp_remote_name_req *cp;
1962 struct hci_conn *conn;
1964 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1966 /* If successful wait for the name req complete event before
1967 * checking for the need to do authentication */
1971 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1979 if (hci_dev_test_flag(hdev, HCI_MGMT))
1980 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1985 if (!hci_outgoing_auth_needed(hdev, conn))
1988 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1989 struct hci_cp_auth_requested auth_cp;
1991 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1993 auth_cp.handle = __cpu_to_le16(conn->handle);
1994 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1995 sizeof(auth_cp), &auth_cp);
1999 hci_dev_unlock(hdev);
2002 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2004 struct hci_cp_read_remote_features *cp;
2005 struct hci_conn *conn;
2007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2012 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2020 if (conn->state == BT_CONFIG) {
2021 hci_connect_cfm(conn, status);
2022 hci_conn_drop(conn);
2026 hci_dev_unlock(hdev);
2029 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2031 struct hci_cp_read_remote_ext_features *cp;
2032 struct hci_conn *conn;
2034 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2039 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2047 if (conn->state == BT_CONFIG) {
2048 hci_connect_cfm(conn, status);
2049 hci_conn_drop(conn);
2053 hci_dev_unlock(hdev);
2056 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2058 struct hci_cp_setup_sync_conn *cp;
2059 struct hci_conn *acl, *sco;
2062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2067 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2071 handle = __le16_to_cpu(cp->handle);
2073 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
2077 acl = hci_conn_hash_lookup_handle(hdev, handle);
2081 sco->state = BT_CLOSED;
2083 hci_connect_cfm(sco, status);
2088 hci_dev_unlock(hdev);
2091 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
2093 struct hci_cp_sniff_mode *cp;
2094 struct hci_conn *conn;
2096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2101 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2107 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2109 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2111 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2112 hci_sco_setup(conn, status);
2115 hci_dev_unlock(hdev);
2118 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2120 struct hci_cp_exit_sniff_mode *cp;
2121 struct hci_conn *conn;
2123 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2128 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2134 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2136 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2138 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2139 hci_sco_setup(conn, status);
2142 hci_dev_unlock(hdev);
2145 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2147 struct hci_cp_disconnect *cp;
2148 struct hci_conn *conn;
2153 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2159 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2161 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2162 conn->dst_type, status);
2164 hci_dev_unlock(hdev);
2167 static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2168 u8 peer_addr_type, u8 own_address_type,
2171 struct hci_conn *conn;
2173 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2178 /* Store the initiator and responder address information which
2179 * is needed for SMP. These values will not change during the
2180 * lifetime of the connection.
2182 conn->init_addr_type = own_address_type;
2183 if (own_address_type == ADDR_LE_DEV_RANDOM)
2184 bacpy(&conn->init_addr, &hdev->random_addr);
2186 bacpy(&conn->init_addr, &hdev->bdaddr);
2188 conn->resp_addr_type = peer_addr_type;
2189 bacpy(&conn->resp_addr, peer_addr);
2191 /* We don't want the connection attempt to stick around
2192 * indefinitely since LE doesn't have a page timeout concept
2193 * like BR/EDR. Set a timer for any connection that doesn't use
2194 * the white list for connecting.
2196 if (filter_policy == HCI_LE_USE_PEER_ADDR)
2197 queue_delayed_work(conn->hdev->workqueue,
2198 &conn->le_conn_timeout,
2199 conn->conn_timeout);
2202 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2204 struct hci_cp_le_create_conn *cp;
2206 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2208 /* All connection failure handling is taken care of by the
2209 * hci_le_conn_failed function which is triggered by the HCI
2210 * request completion callbacks used for connecting.
2215 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2221 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2222 cp->own_address_type, cp->filter_policy);
2224 hci_dev_unlock(hdev);
2227 static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2229 struct hci_cp_le_ext_create_conn *cp;
2231 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2233 /* All connection failure handling is taken care of by the
2234 * hci_le_conn_failed function which is triggered by the HCI
2235 * request completion callbacks used for connecting.
2240 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2246 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2247 cp->own_addr_type, cp->filter_policy);
2249 hci_dev_unlock(hdev);
2252 static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2254 struct hci_cp_le_read_remote_features *cp;
2255 struct hci_conn *conn;
2257 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2262 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2270 if (conn->state == BT_CONFIG) {
2271 hci_connect_cfm(conn, status);
2272 hci_conn_drop(conn);
2276 hci_dev_unlock(hdev);
2279 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2281 struct hci_cp_le_start_enc *cp;
2282 struct hci_conn *conn;
2284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2291 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2299 if (conn->state != BT_CONNECTED)
2302 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2303 hci_conn_drop(conn);
2306 hci_dev_unlock(hdev);
2309 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2311 struct hci_cp_switch_role *cp;
2312 struct hci_conn *conn;
2314 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2319 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2325 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2327 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2329 hci_dev_unlock(hdev);
2332 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2334 __u8 status = *((__u8 *) skb->data);
2335 struct discovery_state *discov = &hdev->discovery;
2336 struct inquiry_entry *e;
2338 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2340 hci_conn_check_pending(hdev);
2342 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2345 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2346 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2348 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2353 if (discov->state != DISCOVERY_FINDING)
2356 if (list_empty(&discov->resolve)) {
2357 /* When BR/EDR inquiry is active and no LE scanning is in
2358 * progress, then change discovery state to indicate completion.
2360 * When running LE scanning and BR/EDR inquiry simultaneously
2361 * and the LE scan already finished, then change the discovery
2362 * state to indicate completion.
2364 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2365 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2366 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2370 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2371 if (e && hci_resolve_name(hdev, e) == 0) {
2372 e->name_state = NAME_PENDING;
2373 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2375 /* When BR/EDR inquiry is active and no LE scanning is in
2376 * progress, then change discovery state to indicate completion.
2378 * When running LE scanning and BR/EDR inquiry simultaneously
2379 * and the LE scan already finished, then change the discovery
2380 * state to indicate completion.
2382 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2383 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2384 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2388 hci_dev_unlock(hdev);
2391 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2393 struct inquiry_data data;
2394 struct inquiry_info *info = (void *) (skb->data + 1);
2395 int num_rsp = *((__u8 *) skb->data);
2397 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2402 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2407 for (; num_rsp; num_rsp--, info++) {
2410 bacpy(&data.bdaddr, &info->bdaddr);
2411 data.pscan_rep_mode = info->pscan_rep_mode;
2412 data.pscan_period_mode = info->pscan_period_mode;
2413 data.pscan_mode = info->pscan_mode;
2414 memcpy(data.dev_class, info->dev_class, 3);
2415 data.clock_offset = info->clock_offset;
2416 data.rssi = HCI_RSSI_INVALID;
2417 data.ssp_mode = 0x00;
2419 flags = hci_inquiry_cache_update(hdev, &data, false);
2421 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2422 info->dev_class, HCI_RSSI_INVALID,
2423 flags, NULL, 0, NULL, 0);
2426 hci_dev_unlock(hdev);
2429 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2431 struct hci_ev_conn_complete *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2434 BT_DBG("%s", hdev->name);
2438 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2440 if (ev->link_type != SCO_LINK)
2443 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2447 conn->type = SCO_LINK;
2451 conn->handle = __le16_to_cpu(ev->handle);
2453 if (conn->type == ACL_LINK) {
2454 conn->state = BT_CONFIG;
2455 hci_conn_hold(conn);
2457 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2458 !hci_find_link_key(hdev, &ev->bdaddr))
2459 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2461 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2463 conn->state = BT_CONNECTED;
2465 hci_debugfs_create_conn(conn);
2466 hci_conn_add_sysfs(conn);
2468 if (test_bit(HCI_AUTH, &hdev->flags))
2469 set_bit(HCI_CONN_AUTH, &conn->flags);
2471 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2472 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2474 /* Get remote features */
2475 if (conn->type == ACL_LINK) {
2476 struct hci_cp_read_remote_features cp;
2477 cp.handle = ev->handle;
2478 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2481 hci_req_update_scan(hdev);
2484 /* Set packet type for incoming connection */
2485 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2486 struct hci_cp_change_conn_ptype cp;
2487 cp.handle = ev->handle;
2488 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2489 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2493 conn->state = BT_CLOSED;
2494 if (conn->type == ACL_LINK)
2495 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2496 conn->dst_type, ev->status);
2499 if (conn->type == ACL_LINK)
2500 hci_sco_setup(conn, ev->status);
2503 hci_connect_cfm(conn, ev->status);
2505 } else if (ev->link_type != ACL_LINK)
2506 hci_connect_cfm(conn, ev->status);
2509 hci_dev_unlock(hdev);
2511 hci_conn_check_pending(hdev);
2514 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2516 struct hci_cp_reject_conn_req cp;
2518 bacpy(&cp.bdaddr, bdaddr);
2519 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2520 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2523 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2525 struct hci_ev_conn_request *ev = (void *) skb->data;
2526 int mask = hdev->link_mode;
2527 struct inquiry_entry *ie;
2528 struct hci_conn *conn;
2531 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2534 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2537 if (!(mask & HCI_LM_ACCEPT)) {
2538 hci_reject_conn(hdev, &ev->bdaddr);
2542 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2544 hci_reject_conn(hdev, &ev->bdaddr);
2548 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2549 * connection. These features are only touched through mgmt so
2550 * only do the checks if HCI_MGMT is set.
2552 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2553 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2554 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2556 hci_reject_conn(hdev, &ev->bdaddr);
2560 /* Connection accepted */
2564 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2566 memcpy(ie->data.dev_class, ev->dev_class, 3);
2568 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2571 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2574 bt_dev_err(hdev, "no memory for new connection");
2575 hci_dev_unlock(hdev);
2580 memcpy(conn->dev_class, ev->dev_class, 3);
2582 hci_dev_unlock(hdev);
2584 if (ev->link_type == ACL_LINK ||
2585 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2586 struct hci_cp_accept_conn_req cp;
2587 conn->state = BT_CONNECT;
2589 bacpy(&cp.bdaddr, &ev->bdaddr);
2591 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2592 cp.role = 0x00; /* Become master */
2594 cp.role = 0x01; /* Remain slave */
2596 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2597 } else if (!(flags & HCI_PROTO_DEFER)) {
2598 struct hci_cp_accept_sync_conn_req cp;
2599 conn->state = BT_CONNECT;
2601 bacpy(&cp.bdaddr, &ev->bdaddr);
2602 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2604 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2605 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2606 cp.max_latency = cpu_to_le16(0xffff);
2607 cp.content_format = cpu_to_le16(hdev->voice_setting);
2608 cp.retrans_effort = 0xff;
2610 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2613 conn->state = BT_CONNECT2;
2614 hci_connect_cfm(conn, 0);
2618 static u8 hci_to_mgmt_reason(u8 err)
2621 case HCI_ERROR_CONNECTION_TIMEOUT:
2622 return MGMT_DEV_DISCONN_TIMEOUT;
2623 case HCI_ERROR_REMOTE_USER_TERM:
2624 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2625 case HCI_ERROR_REMOTE_POWER_OFF:
2626 return MGMT_DEV_DISCONN_REMOTE;
2627 case HCI_ERROR_LOCAL_HOST_TERM:
2628 return MGMT_DEV_DISCONN_LOCAL_HOST;
2630 return MGMT_DEV_DISCONN_UNKNOWN;
2634 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2636 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2638 struct hci_conn_params *params;
2639 struct hci_conn *conn;
2640 bool mgmt_connected;
2643 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2647 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2652 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2653 conn->dst_type, ev->status);
2657 conn->state = BT_CLOSED;
2659 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2661 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2662 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2664 reason = hci_to_mgmt_reason(ev->reason);
2666 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2667 reason, mgmt_connected);
2669 if (conn->type == ACL_LINK) {
2670 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2671 hci_remove_link_key(hdev, &conn->dst);
2673 hci_req_update_scan(hdev);
2676 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2678 switch (params->auto_connect) {
2679 case HCI_AUTO_CONN_LINK_LOSS:
2680 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2684 case HCI_AUTO_CONN_DIRECT:
2685 case HCI_AUTO_CONN_ALWAYS:
2686 list_del_init(¶ms->action);
2687 list_add(¶ms->action, &hdev->pend_le_conns);
2688 hci_update_background_scan(hdev);
2698 hci_disconn_cfm(conn, ev->reason);
2701 /* Re-enable advertising if necessary, since it might
2702 * have been disabled by the connection. From the
2703 * HCI_LE_Set_Advertise_Enable command description in
2704 * the core specification (v4.0):
2705 * "The Controller shall continue advertising until the Host
2706 * issues an LE_Set_Advertise_Enable command with
2707 * Advertising_Enable set to 0x00 (Advertising is disabled)
2708 * or until a connection is created or until the Advertising
2709 * is timed out due to Directed Advertising."
2711 if (type == LE_LINK)
2712 hci_req_reenable_advertising(hdev);
2715 hci_dev_unlock(hdev);
2718 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2720 struct hci_ev_auth_complete *ev = (void *) skb->data;
2721 struct hci_conn *conn;
2723 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2734 if (!hci_conn_ssp_enabled(conn) &&
2735 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2736 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2738 set_bit(HCI_CONN_AUTH, &conn->flags);
2739 conn->sec_level = conn->pending_sec_level;
2742 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2743 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2745 mgmt_auth_failed(conn, ev->status);
2748 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2749 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2751 if (conn->state == BT_CONFIG) {
2752 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2753 struct hci_cp_set_conn_encrypt cp;
2754 cp.handle = ev->handle;
2756 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2759 conn->state = BT_CONNECTED;
2760 hci_connect_cfm(conn, ev->status);
2761 hci_conn_drop(conn);
2764 hci_auth_cfm(conn, ev->status);
2766 hci_conn_hold(conn);
2767 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2768 hci_conn_drop(conn);
2771 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2773 struct hci_cp_set_conn_encrypt cp;
2774 cp.handle = ev->handle;
2776 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2779 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2780 hci_encrypt_cfm(conn, ev->status, 0x00);
2785 hci_dev_unlock(hdev);
2788 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2790 struct hci_ev_remote_name *ev = (void *) skb->data;
2791 struct hci_conn *conn;
2793 BT_DBG("%s", hdev->name);
2795 hci_conn_check_pending(hdev);
2799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2801 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2804 if (ev->status == 0)
2805 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2806 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2808 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2814 if (!hci_outgoing_auth_needed(hdev, conn))
2817 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2818 struct hci_cp_auth_requested cp;
2820 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2822 cp.handle = __cpu_to_le16(conn->handle);
2823 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2827 hci_dev_unlock(hdev);
2830 static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
2831 u16 opcode, struct sk_buff *skb)
2833 const struct hci_rp_read_enc_key_size *rp;
2834 struct hci_conn *conn;
2837 BT_DBG("%s status 0x%02x", hdev->name, status);
2839 if (!skb || skb->len < sizeof(*rp)) {
2840 bt_dev_err(hdev, "invalid read key size response");
2844 rp = (void *)skb->data;
2845 handle = le16_to_cpu(rp->handle);
2849 conn = hci_conn_hash_lookup_handle(hdev, handle);
2853 /* If we fail to read the encryption key size, assume maximum
2854 * (which is the same we do also when this HCI command isn't
2858 bt_dev_err(hdev, "failed to read key size for handle %u",
2860 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2862 conn->enc_key_size = rp->key_size;
2865 if (conn->state == BT_CONFIG) {
2866 conn->state = BT_CONNECTED;
2867 hci_connect_cfm(conn, 0);
2868 hci_conn_drop(conn);
2872 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2874 else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
2879 hci_encrypt_cfm(conn, 0, encrypt);
2883 hci_dev_unlock(hdev);
2886 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2888 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2889 struct hci_conn *conn;
2891 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2895 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2901 /* Encryption implies authentication */
2902 set_bit(HCI_CONN_AUTH, &conn->flags);
2903 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2904 conn->sec_level = conn->pending_sec_level;
2906 /* P-256 authentication key implies FIPS */
2907 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2908 set_bit(HCI_CONN_FIPS, &conn->flags);
2910 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2911 conn->type == LE_LINK)
2912 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2914 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2915 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2919 /* We should disregard the current RPA and generate a new one
2920 * whenever the encryption procedure fails.
2922 if (ev->status && conn->type == LE_LINK) {
2923 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2924 hci_adv_instances_set_rpa_expired(hdev, true);
2927 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2929 if (ev->status && conn->state == BT_CONNECTED) {
2930 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2931 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2933 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2934 hci_conn_drop(conn);
2938 /* In Secure Connections Only mode, do not allow any connections
2939 * that are not encrypted with AES-CCM using a P-256 authenticated
2942 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
2943 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2944 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2945 hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2946 hci_conn_drop(conn);
2950 /* Try reading the encryption key size for encrypted ACL links */
2951 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
2952 struct hci_cp_read_enc_key_size cp;
2953 struct hci_request req;
2955 /* Only send HCI_Read_Encryption_Key_Size if the
2956 * controller really supports it. If it doesn't, assume
2957 * the default size (16).
2959 if (!(hdev->commands[20] & 0x10)) {
2960 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2964 hci_req_init(&req, hdev);
2966 cp.handle = cpu_to_le16(conn->handle);
2967 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
2969 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2970 bt_dev_err(hdev, "sending read key size failed");
2971 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2979 if (conn->state == BT_CONFIG) {
2981 conn->state = BT_CONNECTED;
2983 hci_connect_cfm(conn, ev->status);
2984 hci_conn_drop(conn);
2986 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2989 hci_dev_unlock(hdev);
2992 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
2995 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2996 struct hci_conn *conn;
2998 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3005 set_bit(HCI_CONN_SECURE, &conn->flags);
3007 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3009 hci_key_change_cfm(conn, ev->status);
3012 hci_dev_unlock(hdev);
3015 static void hci_remote_features_evt(struct hci_dev *hdev,
3016 struct sk_buff *skb)
3018 struct hci_ev_remote_features *ev = (void *) skb->data;
3019 struct hci_conn *conn;
3021 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3025 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3030 memcpy(conn->features[0], ev->features, 8);
3032 if (conn->state != BT_CONFIG)
3035 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3036 lmp_ext_feat_capable(conn)) {
3037 struct hci_cp_read_remote_ext_features cp;
3038 cp.handle = ev->handle;
3040 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
3045 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3046 struct hci_cp_remote_name_req cp;
3047 memset(&cp, 0, sizeof(cp));
3048 bacpy(&cp.bdaddr, &conn->dst);
3049 cp.pscan_rep_mode = 0x02;
3050 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3051 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3052 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3054 if (!hci_outgoing_auth_needed(hdev, conn)) {
3055 conn->state = BT_CONNECTED;
3056 hci_connect_cfm(conn, ev->status);
3057 hci_conn_drop(conn);
3061 hci_dev_unlock(hdev);
3064 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3065 u16 *opcode, u8 *status,
3066 hci_req_complete_t *req_complete,
3067 hci_req_complete_skb_t *req_complete_skb)
3069 struct hci_ev_cmd_complete *ev = (void *) skb->data;
3071 *opcode = __le16_to_cpu(ev->opcode);
3072 *status = skb->data[sizeof(*ev)];
3074 skb_pull(skb, sizeof(*ev));
3077 case HCI_OP_INQUIRY_CANCEL:
3078 hci_cc_inquiry_cancel(hdev, skb);
3081 case HCI_OP_PERIODIC_INQ:
3082 hci_cc_periodic_inq(hdev, skb);
3085 case HCI_OP_EXIT_PERIODIC_INQ:
3086 hci_cc_exit_periodic_inq(hdev, skb);
3089 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3090 hci_cc_remote_name_req_cancel(hdev, skb);
3093 case HCI_OP_ROLE_DISCOVERY:
3094 hci_cc_role_discovery(hdev, skb);
3097 case HCI_OP_READ_LINK_POLICY:
3098 hci_cc_read_link_policy(hdev, skb);
3101 case HCI_OP_WRITE_LINK_POLICY:
3102 hci_cc_write_link_policy(hdev, skb);
3105 case HCI_OP_READ_DEF_LINK_POLICY:
3106 hci_cc_read_def_link_policy(hdev, skb);
3109 case HCI_OP_WRITE_DEF_LINK_POLICY:
3110 hci_cc_write_def_link_policy(hdev, skb);
3114 hci_cc_reset(hdev, skb);
3117 case HCI_OP_READ_STORED_LINK_KEY:
3118 hci_cc_read_stored_link_key(hdev, skb);
3121 case HCI_OP_DELETE_STORED_LINK_KEY:
3122 hci_cc_delete_stored_link_key(hdev, skb);
3125 case HCI_OP_WRITE_LOCAL_NAME:
3126 hci_cc_write_local_name(hdev, skb);
3129 case HCI_OP_READ_LOCAL_NAME:
3130 hci_cc_read_local_name(hdev, skb);
3133 case HCI_OP_WRITE_AUTH_ENABLE:
3134 hci_cc_write_auth_enable(hdev, skb);
3137 case HCI_OP_WRITE_ENCRYPT_MODE:
3138 hci_cc_write_encrypt_mode(hdev, skb);
3141 case HCI_OP_WRITE_SCAN_ENABLE:
3142 hci_cc_write_scan_enable(hdev, skb);
3145 case HCI_OP_READ_CLASS_OF_DEV:
3146 hci_cc_read_class_of_dev(hdev, skb);
3149 case HCI_OP_WRITE_CLASS_OF_DEV:
3150 hci_cc_write_class_of_dev(hdev, skb);
3153 case HCI_OP_READ_VOICE_SETTING:
3154 hci_cc_read_voice_setting(hdev, skb);
3157 case HCI_OP_WRITE_VOICE_SETTING:
3158 hci_cc_write_voice_setting(hdev, skb);
3161 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3162 hci_cc_read_num_supported_iac(hdev, skb);
3165 case HCI_OP_WRITE_SSP_MODE:
3166 hci_cc_write_ssp_mode(hdev, skb);
3169 case HCI_OP_WRITE_SC_SUPPORT:
3170 hci_cc_write_sc_support(hdev, skb);
3173 case HCI_OP_READ_LOCAL_VERSION:
3174 hci_cc_read_local_version(hdev, skb);
3177 case HCI_OP_READ_LOCAL_COMMANDS:
3178 hci_cc_read_local_commands(hdev, skb);
3181 case HCI_OP_READ_LOCAL_FEATURES:
3182 hci_cc_read_local_features(hdev, skb);
3185 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3186 hci_cc_read_local_ext_features(hdev, skb);
3189 case HCI_OP_READ_BUFFER_SIZE:
3190 hci_cc_read_buffer_size(hdev, skb);
3193 case HCI_OP_READ_BD_ADDR:
3194 hci_cc_read_bd_addr(hdev, skb);
3197 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3198 hci_cc_read_page_scan_activity(hdev, skb);
3201 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3202 hci_cc_write_page_scan_activity(hdev, skb);
3205 case HCI_OP_READ_PAGE_SCAN_TYPE:
3206 hci_cc_read_page_scan_type(hdev, skb);
3209 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3210 hci_cc_write_page_scan_type(hdev, skb);
3213 case HCI_OP_READ_DATA_BLOCK_SIZE:
3214 hci_cc_read_data_block_size(hdev, skb);
3217 case HCI_OP_READ_FLOW_CONTROL_MODE:
3218 hci_cc_read_flow_control_mode(hdev, skb);
3221 case HCI_OP_READ_LOCAL_AMP_INFO:
3222 hci_cc_read_local_amp_info(hdev, skb);
3225 case HCI_OP_READ_CLOCK:
3226 hci_cc_read_clock(hdev, skb);
3229 case HCI_OP_READ_INQ_RSP_TX_POWER:
3230 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3233 case HCI_OP_PIN_CODE_REPLY:
3234 hci_cc_pin_code_reply(hdev, skb);
3237 case HCI_OP_PIN_CODE_NEG_REPLY:
3238 hci_cc_pin_code_neg_reply(hdev, skb);
3241 case HCI_OP_READ_LOCAL_OOB_DATA:
3242 hci_cc_read_local_oob_data(hdev, skb);
3245 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3246 hci_cc_read_local_oob_ext_data(hdev, skb);
3249 case HCI_OP_LE_READ_BUFFER_SIZE:
3250 hci_cc_le_read_buffer_size(hdev, skb);
3253 case HCI_OP_LE_READ_LOCAL_FEATURES:
3254 hci_cc_le_read_local_features(hdev, skb);
3257 case HCI_OP_LE_READ_ADV_TX_POWER:
3258 hci_cc_le_read_adv_tx_power(hdev, skb);
3261 case HCI_OP_USER_CONFIRM_REPLY:
3262 hci_cc_user_confirm_reply(hdev, skb);
3265 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3266 hci_cc_user_confirm_neg_reply(hdev, skb);
3269 case HCI_OP_USER_PASSKEY_REPLY:
3270 hci_cc_user_passkey_reply(hdev, skb);
3273 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3274 hci_cc_user_passkey_neg_reply(hdev, skb);
3277 case HCI_OP_LE_SET_RANDOM_ADDR:
3278 hci_cc_le_set_random_addr(hdev, skb);
3281 case HCI_OP_LE_SET_ADV_ENABLE:
3282 hci_cc_le_set_adv_enable(hdev, skb);
3285 case HCI_OP_LE_SET_SCAN_PARAM:
3286 hci_cc_le_set_scan_param(hdev, skb);
3289 case HCI_OP_LE_SET_SCAN_ENABLE:
3290 hci_cc_le_set_scan_enable(hdev, skb);
3293 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3294 hci_cc_le_read_white_list_size(hdev, skb);
3297 case HCI_OP_LE_CLEAR_WHITE_LIST:
3298 hci_cc_le_clear_white_list(hdev, skb);
3301 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3302 hci_cc_le_add_to_white_list(hdev, skb);
3305 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3306 hci_cc_le_del_from_white_list(hdev, skb);
3309 case HCI_OP_LE_READ_SUPPORTED_STATES:
3310 hci_cc_le_read_supported_states(hdev, skb);
3313 case HCI_OP_LE_READ_DEF_DATA_LEN:
3314 hci_cc_le_read_def_data_len(hdev, skb);
3317 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3318 hci_cc_le_write_def_data_len(hdev, skb);
3321 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3322 hci_cc_le_add_to_resolv_list(hdev, skb);
3325 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3326 hci_cc_le_del_from_resolv_list(hdev, skb);
3329 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3330 hci_cc_le_clear_resolv_list(hdev, skb);
3333 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3334 hci_cc_le_read_resolv_list_size(hdev, skb);
3337 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3338 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3341 case HCI_OP_LE_READ_MAX_DATA_LEN:
3342 hci_cc_le_read_max_data_len(hdev, skb);
3345 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3346 hci_cc_write_le_host_supported(hdev, skb);
3349 case HCI_OP_LE_SET_ADV_PARAM:
3350 hci_cc_set_adv_param(hdev, skb);
3353 case HCI_OP_READ_RSSI:
3354 hci_cc_read_rssi(hdev, skb);
3357 case HCI_OP_READ_TX_POWER:
3358 hci_cc_read_tx_power(hdev, skb);
3361 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3362 hci_cc_write_ssp_debug_mode(hdev, skb);
3365 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3366 hci_cc_le_set_ext_scan_param(hdev, skb);
3369 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3370 hci_cc_le_set_ext_scan_enable(hdev, skb);
3373 case HCI_OP_LE_SET_DEFAULT_PHY:
3374 hci_cc_le_set_default_phy(hdev, skb);
3377 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3378 hci_cc_le_read_num_adv_sets(hdev, skb);
3381 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3382 hci_cc_set_ext_adv_param(hdev, skb);
3385 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3386 hci_cc_le_set_ext_adv_enable(hdev, skb);
3389 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3390 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3394 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3398 if (*opcode != HCI_OP_NOP)
3399 cancel_delayed_work(&hdev->cmd_timer);
3401 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3402 atomic_set(&hdev->cmd_cnt, 1);
3404 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3407 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3409 "unexpected event for opcode 0x%4.4x", *opcode);
3413 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3414 queue_work(hdev->workqueue, &hdev->cmd_work);
3417 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3418 u16 *opcode, u8 *status,
3419 hci_req_complete_t *req_complete,
3420 hci_req_complete_skb_t *req_complete_skb)
3422 struct hci_ev_cmd_status *ev = (void *) skb->data;
3424 skb_pull(skb, sizeof(*ev));
3426 *opcode = __le16_to_cpu(ev->opcode);
3427 *status = ev->status;
3430 case HCI_OP_INQUIRY:
3431 hci_cs_inquiry(hdev, ev->status);
3434 case HCI_OP_CREATE_CONN:
3435 hci_cs_create_conn(hdev, ev->status);
3438 case HCI_OP_DISCONNECT:
3439 hci_cs_disconnect(hdev, ev->status);
3442 case HCI_OP_ADD_SCO:
3443 hci_cs_add_sco(hdev, ev->status);
3446 case HCI_OP_AUTH_REQUESTED:
3447 hci_cs_auth_requested(hdev, ev->status);
3450 case HCI_OP_SET_CONN_ENCRYPT:
3451 hci_cs_set_conn_encrypt(hdev, ev->status);
3454 case HCI_OP_REMOTE_NAME_REQ:
3455 hci_cs_remote_name_req(hdev, ev->status);
3458 case HCI_OP_READ_REMOTE_FEATURES:
3459 hci_cs_read_remote_features(hdev, ev->status);
3462 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3463 hci_cs_read_remote_ext_features(hdev, ev->status);
3466 case HCI_OP_SETUP_SYNC_CONN:
3467 hci_cs_setup_sync_conn(hdev, ev->status);
3470 case HCI_OP_SNIFF_MODE:
3471 hci_cs_sniff_mode(hdev, ev->status);
3474 case HCI_OP_EXIT_SNIFF_MODE:
3475 hci_cs_exit_sniff_mode(hdev, ev->status);
3478 case HCI_OP_SWITCH_ROLE:
3479 hci_cs_switch_role(hdev, ev->status);
3482 case HCI_OP_LE_CREATE_CONN:
3483 hci_cs_le_create_conn(hdev, ev->status);
3486 case HCI_OP_LE_READ_REMOTE_FEATURES:
3487 hci_cs_le_read_remote_features(hdev, ev->status);
3490 case HCI_OP_LE_START_ENC:
3491 hci_cs_le_start_enc(hdev, ev->status);
3494 case HCI_OP_LE_EXT_CREATE_CONN:
3495 hci_cs_le_ext_create_conn(hdev, ev->status);
3499 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3503 if (*opcode != HCI_OP_NOP)
3504 cancel_delayed_work(&hdev->cmd_timer);
3506 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3507 atomic_set(&hdev->cmd_cnt, 1);
3509 /* Indicate request completion if the command failed. Also, if
3510 * we're not waiting for a special event and we get a success
3511 * command status we should try to flag the request as completed
3512 * (since for this kind of commands there will not be a command
3516 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
3517 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3520 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3522 "unexpected event for opcode 0x%4.4x", *opcode);
3526 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3527 queue_work(hdev->workqueue, &hdev->cmd_work);
3530 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3532 struct hci_ev_hardware_error *ev = (void *) skb->data;
3534 hdev->hw_error_code = ev->code;
3536 queue_work(hdev->req_workqueue, &hdev->error_reset);
3539 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3541 struct hci_ev_role_change *ev = (void *) skb->data;
3542 struct hci_conn *conn;
3544 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3548 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3551 conn->role = ev->role;
3553 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3555 hci_role_switch_cfm(conn, ev->status, ev->role);
3558 hci_dev_unlock(hdev);
3561 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3563 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3566 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3567 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3571 if (skb->len < sizeof(*ev) ||
3572 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3573 BT_DBG("%s bad parameters", hdev->name);
3577 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3579 for (i = 0; i < ev->num_hndl; i++) {
3580 struct hci_comp_pkts_info *info = &ev->handles[i];
3581 struct hci_conn *conn;
3582 __u16 handle, count;
3584 handle = __le16_to_cpu(info->handle);
3585 count = __le16_to_cpu(info->count);
3587 conn = hci_conn_hash_lookup_handle(hdev, handle);
3591 conn->sent -= count;
3593 switch (conn->type) {
3595 hdev->acl_cnt += count;
3596 if (hdev->acl_cnt > hdev->acl_pkts)
3597 hdev->acl_cnt = hdev->acl_pkts;
3601 if (hdev->le_pkts) {
3602 hdev->le_cnt += count;
3603 if (hdev->le_cnt > hdev->le_pkts)
3604 hdev->le_cnt = hdev->le_pkts;
3606 hdev->acl_cnt += count;
3607 if (hdev->acl_cnt > hdev->acl_pkts)
3608 hdev->acl_cnt = hdev->acl_pkts;
3613 hdev->sco_cnt += count;
3614 if (hdev->sco_cnt > hdev->sco_pkts)
3615 hdev->sco_cnt = hdev->sco_pkts;
3619 bt_dev_err(hdev, "unknown type %d conn %p",
3625 queue_work(hdev->workqueue, &hdev->tx_work);
3628 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3631 struct hci_chan *chan;
3633 switch (hdev->dev_type) {
3635 return hci_conn_hash_lookup_handle(hdev, handle);
3637 chan = hci_chan_lookup_handle(hdev, handle);
3642 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3649 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3651 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3654 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3655 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3659 if (skb->len < sizeof(*ev) ||
3660 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3661 BT_DBG("%s bad parameters", hdev->name);
3665 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3668 for (i = 0; i < ev->num_hndl; i++) {
3669 struct hci_comp_blocks_info *info = &ev->handles[i];
3670 struct hci_conn *conn = NULL;
3671 __u16 handle, block_count;
3673 handle = __le16_to_cpu(info->handle);
3674 block_count = __le16_to_cpu(info->blocks);
3676 conn = __hci_conn_lookup_handle(hdev, handle);
3680 conn->sent -= block_count;
3682 switch (conn->type) {
3685 hdev->block_cnt += block_count;
3686 if (hdev->block_cnt > hdev->num_blocks)
3687 hdev->block_cnt = hdev->num_blocks;
3691 bt_dev_err(hdev, "unknown type %d conn %p",
3697 queue_work(hdev->workqueue, &hdev->tx_work);
3700 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3702 struct hci_ev_mode_change *ev = (void *) skb->data;
3703 struct hci_conn *conn;
3705 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3709 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3711 conn->mode = ev->mode;
3713 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3715 if (conn->mode == HCI_CM_ACTIVE)
3716 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3718 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3721 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3722 hci_sco_setup(conn, ev->status);
3725 hci_dev_unlock(hdev);
3728 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3730 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3731 struct hci_conn *conn;
3733 BT_DBG("%s", hdev->name);
3737 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3741 if (conn->state == BT_CONNECTED) {
3742 hci_conn_hold(conn);
3743 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3744 hci_conn_drop(conn);
3747 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3748 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3749 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3750 sizeof(ev->bdaddr), &ev->bdaddr);
3751 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3754 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3759 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3763 hci_dev_unlock(hdev);
3766 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3768 if (key_type == HCI_LK_CHANGED_COMBINATION)
3771 conn->pin_length = pin_len;
3772 conn->key_type = key_type;
3775 case HCI_LK_LOCAL_UNIT:
3776 case HCI_LK_REMOTE_UNIT:
3777 case HCI_LK_DEBUG_COMBINATION:
3779 case HCI_LK_COMBINATION:
3781 conn->pending_sec_level = BT_SECURITY_HIGH;
3783 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3785 case HCI_LK_UNAUTH_COMBINATION_P192:
3786 case HCI_LK_UNAUTH_COMBINATION_P256:
3787 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3789 case HCI_LK_AUTH_COMBINATION_P192:
3790 conn->pending_sec_level = BT_SECURITY_HIGH;
3792 case HCI_LK_AUTH_COMBINATION_P256:
3793 conn->pending_sec_level = BT_SECURITY_FIPS;
3798 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3800 struct hci_ev_link_key_req *ev = (void *) skb->data;
3801 struct hci_cp_link_key_reply cp;
3802 struct hci_conn *conn;
3803 struct link_key *key;
3805 BT_DBG("%s", hdev->name);
3807 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3812 key = hci_find_link_key(hdev, &ev->bdaddr);
3814 BT_DBG("%s link key not found for %pMR", hdev->name,
3819 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3822 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3824 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3826 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3827 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3828 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3829 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3833 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3834 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3835 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3836 BT_DBG("%s ignoring key unauthenticated for high security",
3841 conn_set_key(conn, key->type, key->pin_len);
3844 bacpy(&cp.bdaddr, &ev->bdaddr);
3845 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3847 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3849 hci_dev_unlock(hdev);
3854 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3855 hci_dev_unlock(hdev);
3858 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3860 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3861 struct hci_conn *conn;
3862 struct link_key *key;
3866 BT_DBG("%s", hdev->name);
3870 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3874 hci_conn_hold(conn);
3875 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3876 hci_conn_drop(conn);
3878 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3879 conn_set_key(conn, ev->key_type, conn->pin_length);
3881 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3884 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3885 ev->key_type, pin_len, &persistent);
3889 /* Update connection information since adding the key will have
3890 * fixed up the type in the case of changed combination keys.
3892 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3893 conn_set_key(conn, key->type, key->pin_len);
3895 mgmt_new_link_key(hdev, key, persistent);
3897 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3898 * is set. If it's not set simply remove the key from the kernel
3899 * list (we've still notified user space about it but with
3900 * store_hint being 0).
3902 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3903 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
3904 list_del_rcu(&key->list);
3905 kfree_rcu(key, rcu);
3910 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3912 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3915 hci_dev_unlock(hdev);
3918 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3920 struct hci_ev_clock_offset *ev = (void *) skb->data;
3921 struct hci_conn *conn;
3923 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3927 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3928 if (conn && !ev->status) {
3929 struct inquiry_entry *ie;
3931 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3933 ie->data.clock_offset = ev->clock_offset;
3934 ie->timestamp = jiffies;
3938 hci_dev_unlock(hdev);
3941 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3943 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3944 struct hci_conn *conn;
3946 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3951 if (conn && !ev->status)
3952 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3954 hci_dev_unlock(hdev);
3957 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3959 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3960 struct inquiry_entry *ie;
3962 BT_DBG("%s", hdev->name);
3966 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3968 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3969 ie->timestamp = jiffies;
3972 hci_dev_unlock(hdev);
3975 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3976 struct sk_buff *skb)
3978 struct inquiry_data data;
3979 int num_rsp = *((__u8 *) skb->data);
3981 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3986 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3991 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3992 struct inquiry_info_with_rssi_and_pscan_mode *info;
3993 info = (void *) (skb->data + 1);
3995 for (; num_rsp; num_rsp--, info++) {
3998 bacpy(&data.bdaddr, &info->bdaddr);
3999 data.pscan_rep_mode = info->pscan_rep_mode;
4000 data.pscan_period_mode = info->pscan_period_mode;
4001 data.pscan_mode = info->pscan_mode;
4002 memcpy(data.dev_class, info->dev_class, 3);
4003 data.clock_offset = info->clock_offset;
4004 data.rssi = info->rssi;
4005 data.ssp_mode = 0x00;
4007 flags = hci_inquiry_cache_update(hdev, &data, false);
4009 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4010 info->dev_class, info->rssi,
4011 flags, NULL, 0, NULL, 0);
4014 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4016 for (; num_rsp; num_rsp--, info++) {
4019 bacpy(&data.bdaddr, &info->bdaddr);
4020 data.pscan_rep_mode = info->pscan_rep_mode;
4021 data.pscan_period_mode = info->pscan_period_mode;
4022 data.pscan_mode = 0x00;
4023 memcpy(data.dev_class, info->dev_class, 3);
4024 data.clock_offset = info->clock_offset;
4025 data.rssi = info->rssi;
4026 data.ssp_mode = 0x00;
4028 flags = hci_inquiry_cache_update(hdev, &data, false);
4030 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4031 info->dev_class, info->rssi,
4032 flags, NULL, 0, NULL, 0);
4036 hci_dev_unlock(hdev);
4039 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4040 struct sk_buff *skb)
4042 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4043 struct hci_conn *conn;
4045 BT_DBG("%s", hdev->name);
4049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4053 if (ev->page < HCI_MAX_PAGES)
4054 memcpy(conn->features[ev->page], ev->features, 8);
4056 if (!ev->status && ev->page == 0x01) {
4057 struct inquiry_entry *ie;
4059 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4061 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4063 if (ev->features[0] & LMP_HOST_SSP) {
4064 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4066 /* It is mandatory by the Bluetooth specification that
4067 * Extended Inquiry Results are only used when Secure
4068 * Simple Pairing is enabled, but some devices violate
4071 * To make these devices work, the internal SSP
4072 * enabled flag needs to be cleared if the remote host
4073 * features do not indicate SSP support */
4074 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4077 if (ev->features[0] & LMP_HOST_SC)
4078 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
4081 if (conn->state != BT_CONFIG)
4084 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
4085 struct hci_cp_remote_name_req cp;
4086 memset(&cp, 0, sizeof(cp));
4087 bacpy(&cp.bdaddr, &conn->dst);
4088 cp.pscan_rep_mode = 0x02;
4089 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
4090 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4091 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4093 if (!hci_outgoing_auth_needed(hdev, conn)) {
4094 conn->state = BT_CONNECTED;
4095 hci_connect_cfm(conn, ev->status);
4096 hci_conn_drop(conn);
4100 hci_dev_unlock(hdev);
4103 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4104 struct sk_buff *skb)
4106 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4107 struct hci_conn *conn;
4109 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4113 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4115 if (ev->link_type == ESCO_LINK)
4118 /* When the link type in the event indicates SCO connection
4119 * and lookup of the connection object fails, then check
4120 * if an eSCO connection object exists.
4122 * The core limits the synchronous connections to either
4123 * SCO or eSCO. The eSCO connection is preferred and tried
4124 * to be setup first and until successfully established,
4125 * the link type will be hinted as eSCO.
4127 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4132 switch (ev->status) {
4134 conn->handle = __le16_to_cpu(ev->handle);
4135 conn->state = BT_CONNECTED;
4136 conn->type = ev->link_type;
4138 hci_debugfs_create_conn(conn);
4139 hci_conn_add_sysfs(conn);
4142 case 0x10: /* Connection Accept Timeout */
4143 case 0x0d: /* Connection Rejected due to Limited Resources */
4144 case 0x11: /* Unsupported Feature or Parameter Value */
4145 case 0x1c: /* SCO interval rejected */
4146 case 0x1a: /* Unsupported Remote Feature */
4147 case 0x1f: /* Unspecified error */
4148 case 0x20: /* Unsupported LMP Parameter value */
4150 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4151 (hdev->esco_type & EDR_ESCO_MASK);
4152 if (hci_setup_sync(conn, conn->link->handle))
4158 conn->state = BT_CLOSED;
4162 hci_connect_cfm(conn, ev->status);
4167 hci_dev_unlock(hdev);
4170 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4174 while (parsed < eir_len) {
4175 u8 field_len = eir[0];
4180 parsed += field_len + 1;
4181 eir += field_len + 1;
4187 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4188 struct sk_buff *skb)
4190 struct inquiry_data data;
4191 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4192 int num_rsp = *((__u8 *) skb->data);
4195 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4200 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4205 for (; num_rsp; num_rsp--, info++) {
4209 bacpy(&data.bdaddr, &info->bdaddr);
4210 data.pscan_rep_mode = info->pscan_rep_mode;
4211 data.pscan_period_mode = info->pscan_period_mode;
4212 data.pscan_mode = 0x00;
4213 memcpy(data.dev_class, info->dev_class, 3);
4214 data.clock_offset = info->clock_offset;
4215 data.rssi = info->rssi;
4216 data.ssp_mode = 0x01;
4218 if (hci_dev_test_flag(hdev, HCI_MGMT))
4219 name_known = eir_get_data(info->data,
4221 EIR_NAME_COMPLETE, NULL);
4225 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4227 eir_len = eir_get_length(info->data, sizeof(info->data));
4229 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4230 info->dev_class, info->rssi,
4231 flags, info->data, eir_len, NULL, 0);
4234 hci_dev_unlock(hdev);
4237 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4238 struct sk_buff *skb)
4240 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4241 struct hci_conn *conn;
4243 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4244 __le16_to_cpu(ev->handle));
4248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4252 /* For BR/EDR the necessary steps are taken through the
4253 * auth_complete event.
4255 if (conn->type != LE_LINK)
4259 conn->sec_level = conn->pending_sec_level;
4261 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4263 if (ev->status && conn->state == BT_CONNECTED) {
4264 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4265 hci_conn_drop(conn);
4269 if (conn->state == BT_CONFIG) {
4271 conn->state = BT_CONNECTED;
4273 hci_connect_cfm(conn, ev->status);
4274 hci_conn_drop(conn);
4276 hci_auth_cfm(conn, ev->status);
4278 hci_conn_hold(conn);
4279 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4280 hci_conn_drop(conn);
4284 hci_dev_unlock(hdev);
4287 static u8 hci_get_auth_req(struct hci_conn *conn)
4289 /* If remote requests no-bonding follow that lead */
4290 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4291 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4292 return conn->remote_auth | (conn->auth_type & 0x01);
4294 /* If both remote and local have enough IO capabilities, require
4297 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4298 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4299 return conn->remote_auth | 0x01;
4301 /* No MITM protection possible so ignore remote requirement */
4302 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4305 static u8 bredr_oob_data_present(struct hci_conn *conn)
4307 struct hci_dev *hdev = conn->hdev;
4308 struct oob_data *data;
4310 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4314 if (bredr_sc_enabled(hdev)) {
4315 /* When Secure Connections is enabled, then just
4316 * return the present value stored with the OOB
4317 * data. The stored value contains the right present
4318 * information. However it can only be trusted when
4319 * not in Secure Connection Only mode.
4321 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4322 return data->present;
4324 /* When Secure Connections Only mode is enabled, then
4325 * the P-256 values are required. If they are not
4326 * available, then do not declare that OOB data is
4329 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4330 !memcmp(data->hash256, ZERO_KEY, 16))
4336 /* When Secure Connections is not enabled or actually
4337 * not supported by the hardware, then check that if
4338 * P-192 data values are present.
4340 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4341 !memcmp(data->hash192, ZERO_KEY, 16))
4347 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4349 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4350 struct hci_conn *conn;
4352 BT_DBG("%s", hdev->name);
4356 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4360 hci_conn_hold(conn);
4362 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4365 /* Allow pairing if we're pairable, the initiators of the
4366 * pairing or if the remote is not requesting bonding.
4368 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
4369 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4370 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4371 struct hci_cp_io_capability_reply cp;
4373 bacpy(&cp.bdaddr, &ev->bdaddr);
4374 /* Change the IO capability from KeyboardDisplay
4375 * to DisplayYesNo as it is not supported by BT spec. */
4376 cp.capability = (conn->io_capability == 0x04) ?
4377 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4379 /* If we are initiators, there is no remote information yet */
4380 if (conn->remote_auth == 0xff) {
4381 /* Request MITM protection if our IO caps allow it
4382 * except for the no-bonding case.
4384 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4385 conn->auth_type != HCI_AT_NO_BONDING)
4386 conn->auth_type |= 0x01;
4388 conn->auth_type = hci_get_auth_req(conn);
4391 /* If we're not bondable, force one of the non-bondable
4392 * authentication requirement values.
4394 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
4395 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4397 cp.authentication = conn->auth_type;
4398 cp.oob_data = bredr_oob_data_present(conn);
4400 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4403 struct hci_cp_io_capability_neg_reply cp;
4405 bacpy(&cp.bdaddr, &ev->bdaddr);
4406 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4408 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4413 hci_dev_unlock(hdev);
4416 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4418 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4419 struct hci_conn *conn;
4421 BT_DBG("%s", hdev->name);
4425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4429 conn->remote_cap = ev->capability;
4430 conn->remote_auth = ev->authentication;
4433 hci_dev_unlock(hdev);
4436 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4437 struct sk_buff *skb)
4439 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4440 int loc_mitm, rem_mitm, confirm_hint = 0;
4441 struct hci_conn *conn;
4443 BT_DBG("%s", hdev->name);
4447 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4454 loc_mitm = (conn->auth_type & 0x01);
4455 rem_mitm = (conn->remote_auth & 0x01);
4457 /* If we require MITM but the remote device can't provide that
4458 * (it has NoInputNoOutput) then reject the confirmation
4459 * request. We check the security level here since it doesn't
4460 * necessarily match conn->auth_type.
4462 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4463 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4464 BT_DBG("Rejecting request: remote device can't provide MITM");
4465 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4466 sizeof(ev->bdaddr), &ev->bdaddr);
4470 /* If no side requires MITM protection; auto-accept */
4471 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4472 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4474 /* If we're not the initiators request authorization to
4475 * proceed from user space (mgmt_user_confirm with
4476 * confirm_hint set to 1). The exception is if neither
4477 * side had MITM or if the local IO capability is
4478 * NoInputNoOutput, in which case we do auto-accept
4480 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4481 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4482 (loc_mitm || rem_mitm)) {
4483 BT_DBG("Confirming auto-accept as acceptor");
4488 BT_DBG("Auto-accept of user confirmation with %ums delay",
4489 hdev->auto_accept_delay);
4491 if (hdev->auto_accept_delay > 0) {
4492 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4493 queue_delayed_work(conn->hdev->workqueue,
4494 &conn->auto_accept_work, delay);
4498 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4499 sizeof(ev->bdaddr), &ev->bdaddr);
4504 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4505 le32_to_cpu(ev->passkey), confirm_hint);
4508 hci_dev_unlock(hdev);
4511 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4512 struct sk_buff *skb)
4514 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4516 BT_DBG("%s", hdev->name);
4518 if (hci_dev_test_flag(hdev, HCI_MGMT))
4519 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4522 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4523 struct sk_buff *skb)
4525 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4526 struct hci_conn *conn;
4528 BT_DBG("%s", hdev->name);
4530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4534 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4535 conn->passkey_entered = 0;
4537 if (hci_dev_test_flag(hdev, HCI_MGMT))
4538 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4539 conn->dst_type, conn->passkey_notify,
4540 conn->passkey_entered);
4543 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4545 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4546 struct hci_conn *conn;
4548 BT_DBG("%s", hdev->name);
4550 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4555 case HCI_KEYPRESS_STARTED:
4556 conn->passkey_entered = 0;
4559 case HCI_KEYPRESS_ENTERED:
4560 conn->passkey_entered++;
4563 case HCI_KEYPRESS_ERASED:
4564 conn->passkey_entered--;
4567 case HCI_KEYPRESS_CLEARED:
4568 conn->passkey_entered = 0;
4571 case HCI_KEYPRESS_COMPLETED:
4575 if (hci_dev_test_flag(hdev, HCI_MGMT))
4576 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4577 conn->dst_type, conn->passkey_notify,
4578 conn->passkey_entered);
4581 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4582 struct sk_buff *skb)
4584 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4585 struct hci_conn *conn;
4587 BT_DBG("%s", hdev->name);
4591 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4595 /* Reset the authentication requirement to unknown */
4596 conn->remote_auth = 0xff;
4598 /* To avoid duplicate auth_failed events to user space we check
4599 * the HCI_CONN_AUTH_PEND flag which will be set if we
4600 * initiated the authentication. A traditional auth_complete
4601 * event gets always produced as initiator and is also mapped to
4602 * the mgmt_auth_failed event */
4603 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4604 mgmt_auth_failed(conn, ev->status);
4606 hci_conn_drop(conn);
4609 hci_dev_unlock(hdev);
4612 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4613 struct sk_buff *skb)
4615 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4616 struct inquiry_entry *ie;
4617 struct hci_conn *conn;
4619 BT_DBG("%s", hdev->name);
4623 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4625 memcpy(conn->features[1], ev->features, 8);
4627 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4629 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4631 hci_dev_unlock(hdev);
4634 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4635 struct sk_buff *skb)
4637 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4638 struct oob_data *data;
4640 BT_DBG("%s", hdev->name);
4644 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4647 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4649 struct hci_cp_remote_oob_data_neg_reply cp;
4651 bacpy(&cp.bdaddr, &ev->bdaddr);
4652 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4657 if (bredr_sc_enabled(hdev)) {
4658 struct hci_cp_remote_oob_ext_data_reply cp;
4660 bacpy(&cp.bdaddr, &ev->bdaddr);
4661 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4662 memset(cp.hash192, 0, sizeof(cp.hash192));
4663 memset(cp.rand192, 0, sizeof(cp.rand192));
4665 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4666 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4668 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4669 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4671 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4674 struct hci_cp_remote_oob_data_reply cp;
4676 bacpy(&cp.bdaddr, &ev->bdaddr);
4677 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4678 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4680 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4685 hci_dev_unlock(hdev);
4688 #if IS_ENABLED(CONFIG_BT_HS)
4689 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4691 struct hci_ev_channel_selected *ev = (void *)skb->data;
4692 struct hci_conn *hcon;
4694 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4696 skb_pull(skb, sizeof(*ev));
4698 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4702 amp_read_loc_assoc_final_data(hdev, hcon);
4705 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4706 struct sk_buff *skb)
4708 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4709 struct hci_conn *hcon, *bredr_hcon;
4711 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4716 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4718 hci_dev_unlock(hdev);
4724 hci_dev_unlock(hdev);
4728 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4730 hcon->state = BT_CONNECTED;
4731 bacpy(&hcon->dst, &bredr_hcon->dst);
4733 hci_conn_hold(hcon);
4734 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4735 hci_conn_drop(hcon);
4737 hci_debugfs_create_conn(hcon);
4738 hci_conn_add_sysfs(hcon);
4740 amp_physical_cfm(bredr_hcon, hcon);
4742 hci_dev_unlock(hdev);
4745 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4747 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4748 struct hci_conn *hcon;
4749 struct hci_chan *hchan;
4750 struct amp_mgr *mgr;
4752 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4753 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4756 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4760 /* Create AMP hchan */
4761 hchan = hci_chan_create(hcon);
4765 hchan->handle = le16_to_cpu(ev->handle);
4767 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4769 mgr = hcon->amp_mgr;
4770 if (mgr && mgr->bredr_chan) {
4771 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4773 l2cap_chan_lock(bredr_chan);
4775 bredr_chan->conn->mtu = hdev->block_mtu;
4776 l2cap_logical_cfm(bredr_chan, hchan, 0);
4777 hci_conn_hold(hcon);
4779 l2cap_chan_unlock(bredr_chan);
4783 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4784 struct sk_buff *skb)
4786 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4787 struct hci_chan *hchan;
4789 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4790 le16_to_cpu(ev->handle), ev->status);
4797 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4801 amp_destroy_logical_link(hchan, ev->reason);
4804 hci_dev_unlock(hdev);
4807 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4808 struct sk_buff *skb)
4810 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4811 struct hci_conn *hcon;
4813 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4820 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4822 hcon->state = BT_CLOSED;
4826 hci_dev_unlock(hdev);
4830 static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
4831 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
4832 u16 interval, u16 latency, u16 supervision_timeout)
4834 struct hci_conn_params *params;
4835 struct hci_conn *conn;
4836 struct smp_irk *irk;
4841 /* All controllers implicitly stop advertising in the event of a
4842 * connection, so ensure that the state bit is cleared.
4844 hci_dev_clear_flag(hdev, HCI_LE_ADV);
4846 conn = hci_lookup_le_connect(hdev);
4848 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
4850 bt_dev_err(hdev, "no memory for new connection");
4854 conn->dst_type = bdaddr_type;
4856 /* If we didn't have a hci_conn object previously
4857 * but we're in master role this must be something
4858 * initiated using a white list. Since white list based
4859 * connections are not "first class citizens" we don't
4860 * have full tracking of them. Therefore, we go ahead
4861 * with a "best effort" approach of determining the
4862 * initiator address based on the HCI_PRIVACY flag.
4865 conn->resp_addr_type = bdaddr_type;
4866 bacpy(&conn->resp_addr, bdaddr);
4867 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4868 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4869 bacpy(&conn->init_addr, &hdev->rpa);
4871 hci_copy_identity_address(hdev,
4873 &conn->init_addr_type);
4877 cancel_delayed_work(&conn->le_conn_timeout);
4881 /* Set the responder (our side) address type based on
4882 * the advertising address type.
4884 conn->resp_addr_type = hdev->adv_addr_type;
4885 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
4886 /* In case of ext adv, resp_addr will be updated in
4887 * Adv Terminated event.
4889 if (!ext_adv_capable(hdev))
4890 bacpy(&conn->resp_addr, &hdev->random_addr);
4892 bacpy(&conn->resp_addr, &hdev->bdaddr);
4895 conn->init_addr_type = bdaddr_type;
4896 bacpy(&conn->init_addr, bdaddr);
4898 /* For incoming connections, set the default minimum
4899 * and maximum connection interval. They will be used
4900 * to check if the parameters are in range and if not
4901 * trigger the connection update procedure.
4903 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4904 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4907 /* Lookup the identity address from the stored connection
4908 * address and address type.
4910 * When establishing connections to an identity address, the
4911 * connection procedure will store the resolvable random
4912 * address first. Now if it can be converted back into the
4913 * identity address, start using the identity address from
4916 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4918 bacpy(&conn->dst, &irk->bdaddr);
4919 conn->dst_type = irk->addr_type;
4923 hci_le_conn_failed(conn, status);
4927 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4928 addr_type = BDADDR_LE_PUBLIC;
4930 addr_type = BDADDR_LE_RANDOM;
4932 /* Drop the connection if the device is blocked */
4933 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4934 hci_conn_drop(conn);
4938 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4939 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4941 conn->sec_level = BT_SECURITY_LOW;
4942 conn->handle = handle;
4943 conn->state = BT_CONFIG;
4945 conn->le_conn_interval = interval;
4946 conn->le_conn_latency = latency;
4947 conn->le_supv_timeout = supervision_timeout;
4949 hci_debugfs_create_conn(conn);
4950 hci_conn_add_sysfs(conn);
4952 /* The remote features procedure is defined for master
4953 * role only. So only in case of an initiated connection
4954 * request the remote features.
4956 * If the local controller supports slave-initiated features
4957 * exchange, then requesting the remote features in slave
4958 * role is possible. Otherwise just transition into the
4959 * connected state without requesting the remote features.
4962 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
4963 struct hci_cp_le_read_remote_features cp;
4965 cp.handle = __cpu_to_le16(conn->handle);
4967 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
4970 hci_conn_hold(conn);
4972 conn->state = BT_CONNECTED;
4973 hci_connect_cfm(conn, status);
4976 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4979 list_del_init(¶ms->action);
4981 hci_conn_drop(params->conn);
4982 hci_conn_put(params->conn);
4983 params->conn = NULL;
4988 hci_update_background_scan(hdev);
4989 hci_dev_unlock(hdev);
4992 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4994 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4996 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4998 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
4999 ev->role, le16_to_cpu(ev->handle),
5000 le16_to_cpu(ev->interval),
5001 le16_to_cpu(ev->latency),
5002 le16_to_cpu(ev->supervision_timeout));
5005 static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5006 struct sk_buff *skb)
5008 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5010 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5012 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5013 ev->role, le16_to_cpu(ev->handle),
5014 le16_to_cpu(ev->interval),
5015 le16_to_cpu(ev->latency),
5016 le16_to_cpu(ev->supervision_timeout));
5019 static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5021 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5022 struct hci_conn *conn;
5024 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5031 struct adv_info *adv_instance;
5033 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5036 if (!hdev->cur_adv_instance) {
5037 bacpy(&conn->resp_addr, &hdev->random_addr);
5041 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5043 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5047 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5048 struct sk_buff *skb)
5050 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5051 struct hci_conn *conn;
5053 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5062 conn->le_conn_interval = le16_to_cpu(ev->interval);
5063 conn->le_conn_latency = le16_to_cpu(ev->latency);
5064 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5067 hci_dev_unlock(hdev);
5070 /* This function requires the caller holds hdev->lock */
5071 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5073 u8 addr_type, u8 adv_type,
5074 bdaddr_t *direct_rpa)
5076 struct hci_conn *conn;
5077 struct hci_conn_params *params;
5079 /* If the event is not connectable don't proceed further */
5080 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
5083 /* Ignore if the device is blocked */
5084 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
5087 /* Most controller will fail if we try to create new connections
5088 * while we have an existing one in slave role.
5090 if (hdev->conn_hash.le_num_slave > 0)
5093 /* If we're not connectable only connect devices that we have in
5094 * our pend_le_conns list.
5096 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5101 if (!params->explicit_connect) {
5102 switch (params->auto_connect) {
5103 case HCI_AUTO_CONN_DIRECT:
5104 /* Only devices advertising with ADV_DIRECT_IND are
5105 * triggering a connection attempt. This is allowing
5106 * incoming connections from slave devices.
5108 if (adv_type != LE_ADV_DIRECT_IND)
5111 case HCI_AUTO_CONN_ALWAYS:
5112 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5113 * are triggering a connection attempt. This means
5114 * that incoming connectioms from slave device are
5115 * accepted and also outgoing connections to slave
5116 * devices are established when found.
5124 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
5125 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER,
5127 if (!IS_ERR(conn)) {
5128 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5129 * by higher layer that tried to connect, if no then
5130 * store the pointer since we don't really have any
5131 * other owner of the object besides the params that
5132 * triggered it. This way we can abort the connection if
5133 * the parameters get removed and keep the reference
5134 * count consistent once the connection is established.
5137 if (!params->explicit_connect)
5138 params->conn = hci_conn_get(conn);
5143 switch (PTR_ERR(conn)) {
5145 /* If hci_connect() returns -EBUSY it means there is already
5146 * an LE connection attempt going on. Since controllers don't
5147 * support more than one connection attempt at the time, we
5148 * don't consider this an error case.
5152 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
5159 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
5160 u8 bdaddr_type, bdaddr_t *direct_addr,
5161 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
5163 struct discovery_state *d = &hdev->discovery;
5164 struct smp_irk *irk;
5165 struct hci_conn *conn;
5172 case LE_ADV_DIRECT_IND:
5173 case LE_ADV_SCAN_IND:
5174 case LE_ADV_NONCONN_IND:
5175 case LE_ADV_SCAN_RSP:
5178 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5179 "type: 0x%02x", type);
5183 /* Find the end of the data in case the report contains padded zero
5184 * bytes at the end causing an invalid length value.
5186 * When data is NULL, len is 0 so there is no need for extra ptr
5187 * check as 'ptr < data + 0' is already false in such case.
5189 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5190 if (ptr + 1 + *ptr > data + len)
5194 real_len = ptr - data;
5196 /* Adjust for actual length */
5197 if (len != real_len) {
5198 bt_dev_err_ratelimited(hdev, "advertising data len corrected");
5202 /* If the direct address is present, then this report is from
5203 * a LE Direct Advertising Report event. In that case it is
5204 * important to see if the address is matching the local
5205 * controller address.
5208 /* Only resolvable random addresses are valid for these
5209 * kind of reports and others can be ignored.
5211 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5214 /* If the controller is not using resolvable random
5215 * addresses, then this report can be ignored.
5217 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
5220 /* If the local IRK of the controller does not match
5221 * with the resolvable random address provided, then
5222 * this report can be ignored.
5224 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5228 /* Check if we need to convert to identity address */
5229 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5231 bdaddr = &irk->bdaddr;
5232 bdaddr_type = irk->addr_type;
5235 /* Check if we have been requested to connect to this device.
5237 * direct_addr is set only for directed advertising reports (it is NULL
5238 * for advertising reports) and is already verified to be RPA above.
5240 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5242 if (conn && type == LE_ADV_IND) {
5243 /* Store report for later inclusion by
5244 * mgmt_device_connected
5246 memcpy(conn->le_adv_data, data, len);
5247 conn->le_adv_data_len = len;
5250 /* Passive scanning shouldn't trigger any device found events,
5251 * except for devices marked as CONN_REPORT for which we do send
5252 * device found events.
5254 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
5255 if (type == LE_ADV_DIRECT_IND)
5258 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
5259 bdaddr, bdaddr_type))
5262 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5263 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5266 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5267 rssi, flags, data, len, NULL, 0);
5271 /* When receiving non-connectable or scannable undirected
5272 * advertising reports, this means that the remote device is
5273 * not connectable and then clearly indicate this in the
5274 * device found event.
5276 * When receiving a scan response, then there is no way to
5277 * know if the remote device is connectable or not. However
5278 * since scan responses are merged with a previously seen
5279 * advertising report, the flags field from that report
5282 * In the really unlikely case that a controller get confused
5283 * and just sends a scan response event, then it is marked as
5284 * not connectable as well.
5286 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5287 type == LE_ADV_SCAN_RSP)
5288 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5292 /* If there's nothing pending either store the data from this
5293 * event or send an immediate device found event if the data
5294 * should not be stored for later.
5296 if (!has_pending_adv_report(hdev)) {
5297 /* If the report will trigger a SCAN_REQ store it for
5300 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5301 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5302 rssi, flags, data, len);
5306 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5307 rssi, flags, data, len, NULL, 0);
5311 /* Check if the pending report is for the same device as the new one */
5312 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5313 bdaddr_type == d->last_adv_addr_type);
5315 /* If the pending data doesn't match this report or this isn't a
5316 * scan response (e.g. we got a duplicate ADV_IND) then force
5317 * sending of the pending data.
5319 if (type != LE_ADV_SCAN_RSP || !match) {
5320 /* Send out whatever is in the cache, but skip duplicates */
5322 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5323 d->last_adv_addr_type, NULL,
5324 d->last_adv_rssi, d->last_adv_flags,
5326 d->last_adv_data_len, NULL, 0);
5328 /* If the new report will trigger a SCAN_REQ store it for
5331 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5332 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5333 rssi, flags, data, len);
5337 /* The advertising reports cannot be merged, so clear
5338 * the pending report and send out a device found event.
5340 clear_pending_adv_report(hdev);
5341 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5342 rssi, flags, data, len, NULL, 0);
5346 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5347 * the new event is a SCAN_RSP. We can therefore proceed with
5348 * sending a merged device found event.
5350 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5351 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5352 d->last_adv_data, d->last_adv_data_len, data, len);
5353 clear_pending_adv_report(hdev);
5356 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5358 u8 num_reports = skb->data[0];
5359 void *ptr = &skb->data[1];
5363 while (num_reports--) {
5364 struct hci_ev_le_advertising_info *ev = ptr;
5367 if (ev->length <= HCI_MAX_AD_LENGTH) {
5368 rssi = ev->data[ev->length];
5369 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5370 ev->bdaddr_type, NULL, 0, rssi,
5371 ev->data, ev->length);
5373 bt_dev_err(hdev, "Dropping invalid advertising data");
5376 ptr += sizeof(*ev) + ev->length + 1;
5379 hci_dev_unlock(hdev);
5382 static u8 ext_evt_type_to_legacy(u16 evt_type)
5384 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5386 case LE_LEGACY_ADV_IND:
5388 case LE_LEGACY_ADV_DIRECT_IND:
5389 return LE_ADV_DIRECT_IND;
5390 case LE_LEGACY_ADV_SCAN_IND:
5391 return LE_ADV_SCAN_IND;
5392 case LE_LEGACY_NONCONN_IND:
5393 return LE_ADV_NONCONN_IND;
5394 case LE_LEGACY_SCAN_RSP_ADV:
5395 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5396 return LE_ADV_SCAN_RSP;
5399 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5402 return LE_ADV_INVALID;
5405 if (evt_type & LE_EXT_ADV_CONN_IND) {
5406 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5407 return LE_ADV_DIRECT_IND;
5412 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5413 return LE_ADV_SCAN_RSP;
5415 if (evt_type & LE_EXT_ADV_SCAN_IND)
5416 return LE_ADV_SCAN_IND;
5418 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5419 evt_type & LE_EXT_ADV_DIRECT_IND)
5420 return LE_ADV_NONCONN_IND;
5422 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5425 return LE_ADV_INVALID;
5428 static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5430 u8 num_reports = skb->data[0];
5431 void *ptr = &skb->data[1];
5435 while (num_reports--) {
5436 struct hci_ev_le_ext_adv_report *ev = ptr;
5440 evt_type = __le16_to_cpu(ev->evt_type);
5441 legacy_evt_type = ext_evt_type_to_legacy(evt_type);
5442 if (legacy_evt_type != LE_ADV_INVALID) {
5443 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5444 ev->bdaddr_type, NULL, 0, ev->rssi,
5445 ev->data, ev->length);
5448 ptr += sizeof(*ev) + ev->length;
5451 hci_dev_unlock(hdev);
5454 static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5455 struct sk_buff *skb)
5457 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5458 struct hci_conn *conn;
5460 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5467 memcpy(conn->features[0], ev->features, 8);
5469 if (conn->state == BT_CONFIG) {
5472 /* If the local controller supports slave-initiated
5473 * features exchange, but the remote controller does
5474 * not, then it is possible that the error code 0x1a
5475 * for unsupported remote feature gets returned.
5477 * In this specific case, allow the connection to
5478 * transition into connected state and mark it as
5481 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5482 !conn->out && ev->status == 0x1a)
5485 status = ev->status;
5487 conn->state = BT_CONNECTED;
5488 hci_connect_cfm(conn, status);
5489 hci_conn_drop(conn);
5493 hci_dev_unlock(hdev);
5496 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5498 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5499 struct hci_cp_le_ltk_reply cp;
5500 struct hci_cp_le_ltk_neg_reply neg;
5501 struct hci_conn *conn;
5502 struct smp_ltk *ltk;
5504 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5512 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5516 if (smp_ltk_is_sc(ltk)) {
5517 /* With SC both EDiv and Rand are set to zero */
5518 if (ev->ediv || ev->rand)
5521 /* For non-SC keys check that EDiv and Rand match */
5522 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5526 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5527 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
5528 cp.handle = cpu_to_le16(conn->handle);
5530 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5532 conn->enc_key_size = ltk->enc_size;
5534 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5536 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5537 * temporary key used to encrypt a connection following
5538 * pairing. It is used during the Encrypted Session Setup to
5539 * distribute the keys. Later, security can be re-established
5540 * using a distributed LTK.
5542 if (ltk->type == SMP_STK) {
5543 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5544 list_del_rcu(<k->list);
5545 kfree_rcu(ltk, rcu);
5547 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5550 hci_dev_unlock(hdev);
5555 neg.handle = ev->handle;
5556 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5557 hci_dev_unlock(hdev);
5560 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5563 struct hci_cp_le_conn_param_req_neg_reply cp;
5565 cp.handle = cpu_to_le16(handle);
5568 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5572 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5573 struct sk_buff *skb)
5575 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5576 struct hci_cp_le_conn_param_req_reply cp;
5577 struct hci_conn *hcon;
5578 u16 handle, min, max, latency, timeout;
5580 handle = le16_to_cpu(ev->handle);
5581 min = le16_to_cpu(ev->interval_min);
5582 max = le16_to_cpu(ev->interval_max);
5583 latency = le16_to_cpu(ev->latency);
5584 timeout = le16_to_cpu(ev->timeout);
5586 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5587 if (!hcon || hcon->state != BT_CONNECTED)
5588 return send_conn_param_neg_reply(hdev, handle,
5589 HCI_ERROR_UNKNOWN_CONN_ID);
5591 if (hci_check_conn_params(min, max, latency, timeout))
5592 return send_conn_param_neg_reply(hdev, handle,
5593 HCI_ERROR_INVALID_LL_PARAMS);
5595 if (hcon->role == HCI_ROLE_MASTER) {
5596 struct hci_conn_params *params;
5601 params = hci_conn_params_lookup(hdev, &hcon->dst,
5604 params->conn_min_interval = min;
5605 params->conn_max_interval = max;
5606 params->conn_latency = latency;
5607 params->supervision_timeout = timeout;
5613 hci_dev_unlock(hdev);
5615 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5616 store_hint, min, max, latency, timeout);
5619 cp.handle = ev->handle;
5620 cp.interval_min = ev->interval_min;
5621 cp.interval_max = ev->interval_max;
5622 cp.latency = ev->latency;
5623 cp.timeout = ev->timeout;
5627 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5630 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5631 struct sk_buff *skb)
5633 u8 num_reports = skb->data[0];
5634 void *ptr = &skb->data[1];
5638 while (num_reports--) {
5639 struct hci_ev_le_direct_adv_info *ev = ptr;
5641 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5642 ev->bdaddr_type, &ev->direct_addr,
5643 ev->direct_addr_type, ev->rssi, NULL, 0);
5648 hci_dev_unlock(hdev);
5651 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5653 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5655 skb_pull(skb, sizeof(*le_ev));
5657 switch (le_ev->subevent) {
5658 case HCI_EV_LE_CONN_COMPLETE:
5659 hci_le_conn_complete_evt(hdev, skb);
5662 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5663 hci_le_conn_update_complete_evt(hdev, skb);
5666 case HCI_EV_LE_ADVERTISING_REPORT:
5667 hci_le_adv_report_evt(hdev, skb);
5670 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5671 hci_le_remote_feat_complete_evt(hdev, skb);
5674 case HCI_EV_LE_LTK_REQ:
5675 hci_le_ltk_request_evt(hdev, skb);
5678 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5679 hci_le_remote_conn_param_req_evt(hdev, skb);
5682 case HCI_EV_LE_DIRECT_ADV_REPORT:
5683 hci_le_direct_adv_report_evt(hdev, skb);
5686 case HCI_EV_LE_EXT_ADV_REPORT:
5687 hci_le_ext_adv_report_evt(hdev, skb);
5690 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5691 hci_le_enh_conn_complete_evt(hdev, skb);
5694 case HCI_EV_LE_EXT_ADV_SET_TERM:
5695 hci_le_ext_adv_term_evt(hdev, skb);
5703 static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5704 u8 event, struct sk_buff *skb)
5706 struct hci_ev_cmd_complete *ev;
5707 struct hci_event_hdr *hdr;
5712 if (skb->len < sizeof(*hdr)) {
5713 bt_dev_err(hdev, "too short HCI event");
5717 hdr = (void *) skb->data;
5718 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5721 if (hdr->evt != event)
5726 /* Check if request ended in Command Status - no way to retreive
5727 * any extra parameters in this case.
5729 if (hdr->evt == HCI_EV_CMD_STATUS)
5732 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5733 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5738 if (skb->len < sizeof(*ev)) {
5739 bt_dev_err(hdev, "too short cmd_complete event");
5743 ev = (void *) skb->data;
5744 skb_pull(skb, sizeof(*ev));
5746 if (opcode != __le16_to_cpu(ev->opcode)) {
5747 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5748 __le16_to_cpu(ev->opcode));
5755 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5757 struct hci_event_hdr *hdr = (void *) skb->data;
5758 hci_req_complete_t req_complete = NULL;
5759 hci_req_complete_skb_t req_complete_skb = NULL;
5760 struct sk_buff *orig_skb = NULL;
5761 u8 status = 0, event = hdr->evt, req_evt = 0;
5762 u16 opcode = HCI_OP_NOP;
5764 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
5765 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5766 opcode = __le16_to_cpu(cmd_hdr->opcode);
5767 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5772 /* If it looks like we might end up having to call
5773 * req_complete_skb, store a pristine copy of the skb since the
5774 * various handlers may modify the original one through
5775 * skb_pull() calls, etc.
5777 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5778 event == HCI_EV_CMD_COMPLETE)
5779 orig_skb = skb_clone(skb, GFP_KERNEL);
5781 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5784 case HCI_EV_INQUIRY_COMPLETE:
5785 hci_inquiry_complete_evt(hdev, skb);
5788 case HCI_EV_INQUIRY_RESULT:
5789 hci_inquiry_result_evt(hdev, skb);
5792 case HCI_EV_CONN_COMPLETE:
5793 hci_conn_complete_evt(hdev, skb);
5796 case HCI_EV_CONN_REQUEST:
5797 hci_conn_request_evt(hdev, skb);
5800 case HCI_EV_DISCONN_COMPLETE:
5801 hci_disconn_complete_evt(hdev, skb);
5804 case HCI_EV_AUTH_COMPLETE:
5805 hci_auth_complete_evt(hdev, skb);
5808 case HCI_EV_REMOTE_NAME:
5809 hci_remote_name_evt(hdev, skb);
5812 case HCI_EV_ENCRYPT_CHANGE:
5813 hci_encrypt_change_evt(hdev, skb);
5816 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5817 hci_change_link_key_complete_evt(hdev, skb);
5820 case HCI_EV_REMOTE_FEATURES:
5821 hci_remote_features_evt(hdev, skb);
5824 case HCI_EV_CMD_COMPLETE:
5825 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
5826 &req_complete, &req_complete_skb);
5829 case HCI_EV_CMD_STATUS:
5830 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
5834 case HCI_EV_HARDWARE_ERROR:
5835 hci_hardware_error_evt(hdev, skb);
5838 case HCI_EV_ROLE_CHANGE:
5839 hci_role_change_evt(hdev, skb);
5842 case HCI_EV_NUM_COMP_PKTS:
5843 hci_num_comp_pkts_evt(hdev, skb);
5846 case HCI_EV_MODE_CHANGE:
5847 hci_mode_change_evt(hdev, skb);
5850 case HCI_EV_PIN_CODE_REQ:
5851 hci_pin_code_request_evt(hdev, skb);
5854 case HCI_EV_LINK_KEY_REQ:
5855 hci_link_key_request_evt(hdev, skb);
5858 case HCI_EV_LINK_KEY_NOTIFY:
5859 hci_link_key_notify_evt(hdev, skb);
5862 case HCI_EV_CLOCK_OFFSET:
5863 hci_clock_offset_evt(hdev, skb);
5866 case HCI_EV_PKT_TYPE_CHANGE:
5867 hci_pkt_type_change_evt(hdev, skb);
5870 case HCI_EV_PSCAN_REP_MODE:
5871 hci_pscan_rep_mode_evt(hdev, skb);
5874 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5875 hci_inquiry_result_with_rssi_evt(hdev, skb);
5878 case HCI_EV_REMOTE_EXT_FEATURES:
5879 hci_remote_ext_features_evt(hdev, skb);
5882 case HCI_EV_SYNC_CONN_COMPLETE:
5883 hci_sync_conn_complete_evt(hdev, skb);
5886 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5887 hci_extended_inquiry_result_evt(hdev, skb);
5890 case HCI_EV_KEY_REFRESH_COMPLETE:
5891 hci_key_refresh_complete_evt(hdev, skb);
5894 case HCI_EV_IO_CAPA_REQUEST:
5895 hci_io_capa_request_evt(hdev, skb);
5898 case HCI_EV_IO_CAPA_REPLY:
5899 hci_io_capa_reply_evt(hdev, skb);
5902 case HCI_EV_USER_CONFIRM_REQUEST:
5903 hci_user_confirm_request_evt(hdev, skb);
5906 case HCI_EV_USER_PASSKEY_REQUEST:
5907 hci_user_passkey_request_evt(hdev, skb);
5910 case HCI_EV_USER_PASSKEY_NOTIFY:
5911 hci_user_passkey_notify_evt(hdev, skb);
5914 case HCI_EV_KEYPRESS_NOTIFY:
5915 hci_keypress_notify_evt(hdev, skb);
5918 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5919 hci_simple_pair_complete_evt(hdev, skb);
5922 case HCI_EV_REMOTE_HOST_FEATURES:
5923 hci_remote_host_features_evt(hdev, skb);
5926 case HCI_EV_LE_META:
5927 hci_le_meta_evt(hdev, skb);
5930 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5931 hci_remote_oob_data_request_evt(hdev, skb);
5934 #if IS_ENABLED(CONFIG_BT_HS)
5935 case HCI_EV_CHANNEL_SELECTED:
5936 hci_chan_selected_evt(hdev, skb);
5939 case HCI_EV_PHY_LINK_COMPLETE:
5940 hci_phy_link_complete_evt(hdev, skb);
5943 case HCI_EV_LOGICAL_LINK_COMPLETE:
5944 hci_loglink_complete_evt(hdev, skb);
5947 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5948 hci_disconn_loglink_complete_evt(hdev, skb);
5951 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5952 hci_disconn_phylink_complete_evt(hdev, skb);
5956 case HCI_EV_NUM_COMP_BLOCKS:
5957 hci_num_comp_blocks_evt(hdev, skb);
5961 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5966 req_complete(hdev, status, opcode);
5967 } else if (req_complete_skb) {
5968 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
5969 kfree_skb(orig_skb);
5972 req_complete_skb(hdev, status, opcode, orig_skb);
5975 kfree_skb(orig_skb);
5977 hdev->stat.evt_rx++;
projects / linux-2.6-microblaze.git / blob