2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
58 /* Set discovery state to stopped if we're not doing LE active
61 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
62 hdev->le_scan_type != LE_SCAN_ACTIVE)
63 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
66 hci_conn_check_pending(hdev);
69 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71 __u8 status = *((__u8 *) skb->data);
73 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
81 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
83 __u8 status = *((__u8 *) skb->data);
85 BT_DBG("%s status 0x%2.2x", hdev->name, status);
90 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
92 hci_conn_check_pending(hdev);
95 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
98 BT_DBG("%s", hdev->name);
101 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
103 struct hci_rp_role_discovery *rp = (void *) skb->data;
104 struct hci_conn *conn;
106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
115 conn->role = rp->role;
117 hci_dev_unlock(hdev);
120 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
122 struct hci_rp_read_link_policy *rp = (void *) skb->data;
123 struct hci_conn *conn;
125 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
134 conn->link_policy = __le16_to_cpu(rp->policy);
136 hci_dev_unlock(hdev);
139 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
141 struct hci_rp_write_link_policy *rp = (void *) skb->data;
142 struct hci_conn *conn;
145 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
158 conn->link_policy = get_unaligned_le16(sent + 2);
160 hci_dev_unlock(hdev);
163 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
166 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
173 hdev->link_policy = __le16_to_cpu(rp->policy);
176 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
179 __u8 status = *((__u8 *) skb->data);
182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
191 hdev->link_policy = get_unaligned_le16(sent);
194 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
196 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
200 clear_bit(HCI_RESET, &hdev->flags);
205 /* Reset all non-persistent flags */
206 hci_dev_clear_volatile_flags(hdev);
208 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
210 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
211 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
213 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
214 hdev->adv_data_len = 0;
216 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
217 hdev->scan_rsp_data_len = 0;
219 hdev->le_scan_type = LE_SCAN_PASSIVE;
221 hdev->ssp_debug_mode = 0;
223 hci_bdaddr_list_clear(&hdev->le_white_list);
224 hci_bdaddr_list_clear(&hdev->le_resolv_list);
227 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
230 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
231 struct hci_cp_read_stored_link_key *sent;
233 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
239 if (!rp->status && sent->read_all == 0x01) {
240 hdev->stored_max_keys = rp->max_keys;
241 hdev->stored_num_keys = rp->num_keys;
245 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
248 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
250 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
255 if (rp->num_keys <= hdev->stored_num_keys)
256 hdev->stored_num_keys -= rp->num_keys;
258 hdev->stored_num_keys = 0;
261 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
263 __u8 status = *((__u8 *) skb->data);
266 BT_DBG("%s status 0x%2.2x", hdev->name, status);
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
274 if (hci_dev_test_flag(hdev, HCI_MGMT))
275 mgmt_set_local_name_complete(hdev, sent, status);
277 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
279 hci_dev_unlock(hdev);
282 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
284 struct hci_rp_read_local_name *rp = (void *) skb->data;
286 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
291 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
292 hci_dev_test_flag(hdev, HCI_CONFIG))
293 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
296 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
298 __u8 status = *((__u8 *) skb->data);
301 BT_DBG("%s status 0x%2.2x", hdev->name, status);
303 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
310 __u8 param = *((__u8 *) sent);
312 if (param == AUTH_ENABLED)
313 set_bit(HCI_AUTH, &hdev->flags);
315 clear_bit(HCI_AUTH, &hdev->flags);
318 if (hci_dev_test_flag(hdev, HCI_MGMT))
319 mgmt_auth_enable_complete(hdev, status);
321 hci_dev_unlock(hdev);
324 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
330 BT_DBG("%s status 0x%2.2x", hdev->name, status);
335 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
339 param = *((__u8 *) sent);
342 set_bit(HCI_ENCRYPT, &hdev->flags);
344 clear_bit(HCI_ENCRYPT, &hdev->flags);
347 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
353 BT_DBG("%s status 0x%2.2x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
359 param = *((__u8 *) sent);
364 hdev->discov_timeout = 0;
368 if (param & SCAN_INQUIRY)
369 set_bit(HCI_ISCAN, &hdev->flags);
371 clear_bit(HCI_ISCAN, &hdev->flags);
373 if (param & SCAN_PAGE)
374 set_bit(HCI_PSCAN, &hdev->flags);
376 clear_bit(HCI_PSCAN, &hdev->flags);
379 hci_dev_unlock(hdev);
382 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
384 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
391 memcpy(hdev->dev_class, rp->dev_class, 3);
393 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
394 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
397 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
411 memcpy(hdev->dev_class, sent, 3);
413 if (hci_dev_test_flag(hdev, HCI_MGMT))
414 mgmt_set_class_of_dev_complete(hdev, sent, status);
416 hci_dev_unlock(hdev);
419 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
421 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
424 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429 setting = __le16_to_cpu(rp->voice_setting);
431 if (hdev->voice_setting == setting)
434 hdev->voice_setting = setting;
436 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
439 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
442 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
445 __u8 status = *((__u8 *) skb->data);
449 BT_DBG("%s status 0x%2.2x", hdev->name, status);
454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
458 setting = get_unaligned_le16(sent);
460 if (hdev->voice_setting == setting)
463 hdev->voice_setting = setting;
465 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
468 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
471 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
474 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
476 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
481 hdev->num_iac = rp->num_iac;
483 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
486 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
488 __u8 status = *((__u8 *) skb->data);
489 struct hci_cp_write_ssp_mode *sent;
491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
493 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
501 hdev->features[1][0] |= LMP_HOST_SSP;
503 hdev->features[1][0] &= ~LMP_HOST_SSP;
506 if (hci_dev_test_flag(hdev, HCI_MGMT))
507 mgmt_ssp_enable_complete(hdev, sent->mode, status);
510 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
512 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
515 hci_dev_unlock(hdev);
518 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
520 u8 status = *((u8 *) skb->data);
521 struct hci_cp_write_sc_support *sent;
523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
525 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
533 hdev->features[1][0] |= LMP_HOST_SC;
535 hdev->features[1][0] &= ~LMP_HOST_SC;
538 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
540 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
542 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
545 hci_dev_unlock(hdev);
548 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
550 struct hci_rp_read_local_version *rp = (void *) skb->data;
552 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
557 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
558 hci_dev_test_flag(hdev, HCI_CONFIG)) {
559 hdev->hci_ver = rp->hci_ver;
560 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
561 hdev->lmp_ver = rp->lmp_ver;
562 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
563 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
567 static void hci_cc_read_local_commands(struct hci_dev *hdev,
570 struct hci_rp_read_local_commands *rp = (void *) skb->data;
572 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
577 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
578 hci_dev_test_flag(hdev, HCI_CONFIG))
579 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
582 static void hci_cc_read_local_features(struct hci_dev *hdev,
585 struct hci_rp_read_local_features *rp = (void *) skb->data;
587 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
592 memcpy(hdev->features, rp->features, 8);
594 /* Adjust default settings according to features
595 * supported by device. */
597 if (hdev->features[0][0] & LMP_3SLOT)
598 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
600 if (hdev->features[0][0] & LMP_5SLOT)
601 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
603 if (hdev->features[0][1] & LMP_HV2) {
604 hdev->pkt_type |= (HCI_HV2);
605 hdev->esco_type |= (ESCO_HV2);
608 if (hdev->features[0][1] & LMP_HV3) {
609 hdev->pkt_type |= (HCI_HV3);
610 hdev->esco_type |= (ESCO_HV3);
613 if (lmp_esco_capable(hdev))
614 hdev->esco_type |= (ESCO_EV3);
616 if (hdev->features[0][4] & LMP_EV4)
617 hdev->esco_type |= (ESCO_EV4);
619 if (hdev->features[0][4] & LMP_EV5)
620 hdev->esco_type |= (ESCO_EV5);
622 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
623 hdev->esco_type |= (ESCO_2EV3);
625 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
626 hdev->esco_type |= (ESCO_3EV3);
628 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
629 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
632 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
635 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
637 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 if (hdev->max_page < rp->max_page)
643 hdev->max_page = rp->max_page;
645 if (rp->page < HCI_MAX_PAGES)
646 memcpy(hdev->features[rp->page], rp->features, 8);
649 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
652 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
654 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
659 hdev->flow_ctl_mode = rp->mode;
662 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
664 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
671 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
672 hdev->sco_mtu = rp->sco_mtu;
673 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
674 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
676 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
681 hdev->acl_cnt = hdev->acl_pkts;
682 hdev->sco_cnt = hdev->sco_pkts;
684 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
685 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
692 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
697 if (test_bit(HCI_INIT, &hdev->flags))
698 bacpy(&hdev->bdaddr, &rp->bdaddr);
700 if (hci_dev_test_flag(hdev, HCI_SETUP))
701 bacpy(&hdev->setup_addr, &rp->bdaddr);
704 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
707 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 if (test_bit(HCI_INIT, &hdev->flags)) {
715 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
716 hdev->page_scan_window = __le16_to_cpu(rp->window);
720 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
723 u8 status = *((u8 *) skb->data);
724 struct hci_cp_write_page_scan_activity *sent;
726 BT_DBG("%s status 0x%2.2x", hdev->name, status);
731 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
735 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
736 hdev->page_scan_window = __le16_to_cpu(sent->window);
739 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
742 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
744 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
749 if (test_bit(HCI_INIT, &hdev->flags))
750 hdev->page_scan_type = rp->type;
753 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
756 u8 status = *((u8 *) skb->data);
759 BT_DBG("%s status 0x%2.2x", hdev->name, status);
764 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
766 hdev->page_scan_type = *type;
769 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
772 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
774 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
779 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
780 hdev->block_len = __le16_to_cpu(rp->block_len);
781 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
783 hdev->block_cnt = hdev->num_blocks;
785 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
786 hdev->block_cnt, hdev->block_len);
789 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
791 struct hci_rp_read_clock *rp = (void *) skb->data;
792 struct hci_cp_read_clock *cp;
793 struct hci_conn *conn;
795 BT_DBG("%s", hdev->name);
797 if (skb->len < sizeof(*rp))
805 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
809 if (cp->which == 0x00) {
810 hdev->clock = le32_to_cpu(rp->clock);
814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
816 conn->clock = le32_to_cpu(rp->clock);
817 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
821 hci_dev_unlock(hdev);
824 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
827 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
834 hdev->amp_status = rp->amp_status;
835 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
836 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
837 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
838 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
839 hdev->amp_type = rp->amp_type;
840 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
841 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
842 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
843 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
846 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
849 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
851 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856 hdev->inq_tx_power = rp->tx_power;
859 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
861 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
862 struct hci_cp_pin_code_reply *cp;
863 struct hci_conn *conn;
865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869 if (hci_dev_test_flag(hdev, HCI_MGMT))
870 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
875 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
881 conn->pin_length = cp->pin_len;
884 hci_dev_unlock(hdev);
887 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
889 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
891 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
895 if (hci_dev_test_flag(hdev, HCI_MGMT))
896 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
899 hci_dev_unlock(hdev);
902 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
905 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
907 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
913 hdev->le_pkts = rp->le_max_pkt;
915 hdev->le_cnt = hdev->le_pkts;
917 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
920 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
923 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
925 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 memcpy(hdev->le_features, rp->features, 8);
933 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
936 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
938 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943 hdev->adv_tx_power = rp->tx_power;
946 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954 if (hci_dev_test_flag(hdev, HCI_MGMT))
955 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
958 hci_dev_unlock(hdev);
961 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
970 if (hci_dev_test_flag(hdev, HCI_MGMT))
971 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
972 ACL_LINK, 0, rp->status);
974 hci_dev_unlock(hdev);
977 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 if (hci_dev_test_flag(hdev, HCI_MGMT))
986 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
989 hci_dev_unlock(hdev);
992 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1001 if (hci_dev_test_flag(hdev, HCI_MGMT))
1002 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1003 ACL_LINK, 0, rp->status);
1005 hci_dev_unlock(hdev);
1008 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1011 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1016 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1024 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1026 __u8 status = *((__u8 *) skb->data);
1029 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1034 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1040 bacpy(&hdev->random_addr, sent);
1042 hci_dev_unlock(hdev);
1045 static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1047 __u8 status = *((__u8 *) skb->data);
1048 struct hci_cp_le_set_default_phy *cp;
1050 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1055 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1061 hdev->le_tx_def_phys = cp->tx_phys;
1062 hdev->le_rx_def_phys = cp->rx_phys;
1064 hci_dev_unlock(hdev);
1067 static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1070 __u8 status = *((__u8 *) skb->data);
1071 struct hci_cp_le_set_adv_set_rand_addr *cp;
1072 struct adv_info *adv_instance;
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1083 if (!hdev->cur_adv_instance) {
1084 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1085 bacpy(&hdev->random_addr, &cp->bdaddr);
1087 adv_instance = hci_find_adv_instance(hdev,
1088 hdev->cur_adv_instance);
1090 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1093 hci_dev_unlock(hdev);
1096 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1098 __u8 *sent, status = *((__u8 *) skb->data);
1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1105 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1111 /* If we're doing connection initiation as peripheral. Set a
1112 * timeout in case something goes wrong.
1115 struct hci_conn *conn;
1117 hci_dev_set_flag(hdev, HCI_LE_ADV);
1119 conn = hci_lookup_le_connect(hdev);
1121 queue_delayed_work(hdev->workqueue,
1122 &conn->le_conn_timeout,
1123 conn->conn_timeout);
1125 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1128 hci_dev_unlock(hdev);
1131 static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1132 struct sk_buff *skb)
1134 struct hci_cp_le_set_ext_adv_enable *cp;
1135 __u8 status = *((__u8 *) skb->data);
1137 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1149 struct hci_conn *conn;
1151 hci_dev_set_flag(hdev, HCI_LE_ADV);
1153 conn = hci_lookup_le_connect(hdev);
1155 queue_delayed_work(hdev->workqueue,
1156 &conn->le_conn_timeout,
1157 conn->conn_timeout);
1159 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1162 hci_dev_unlock(hdev);
1165 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1167 struct hci_cp_le_set_scan_param *cp;
1168 __u8 status = *((__u8 *) skb->data);
1170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1181 hdev->le_scan_type = cp->type;
1183 hci_dev_unlock(hdev);
1186 static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1187 struct sk_buff *skb)
1189 struct hci_cp_le_set_ext_scan_params *cp;
1190 __u8 status = *((__u8 *) skb->data);
1191 struct hci_cp_le_scan_phy_params *phy_param;
1193 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1198 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1202 phy_param = (void *)cp->data;
1206 hdev->le_scan_type = phy_param->type;
1208 hci_dev_unlock(hdev);
1211 static bool has_pending_adv_report(struct hci_dev *hdev)
1213 struct discovery_state *d = &hdev->discovery;
1215 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1218 static void clear_pending_adv_report(struct hci_dev *hdev)
1220 struct discovery_state *d = &hdev->discovery;
1222 bacpy(&d->last_adv_addr, BDADDR_ANY);
1223 d->last_adv_data_len = 0;
1226 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1227 u8 bdaddr_type, s8 rssi, u32 flags,
1230 struct discovery_state *d = &hdev->discovery;
1232 bacpy(&d->last_adv_addr, bdaddr);
1233 d->last_adv_addr_type = bdaddr_type;
1234 d->last_adv_rssi = rssi;
1235 d->last_adv_flags = flags;
1236 memcpy(d->last_adv_data, data, len);
1237 d->last_adv_data_len = len;
1240 static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
1245 case LE_SCAN_ENABLE:
1246 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1247 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1248 clear_pending_adv_report(hdev);
1251 case LE_SCAN_DISABLE:
1252 /* We do this here instead of when setting DISCOVERY_STOPPED
1253 * since the latter would potentially require waiting for
1254 * inquiry to stop too.
1256 if (has_pending_adv_report(hdev)) {
1257 struct discovery_state *d = &hdev->discovery;
1259 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1260 d->last_adv_addr_type, NULL,
1261 d->last_adv_rssi, d->last_adv_flags,
1263 d->last_adv_data_len, NULL, 0);
1266 /* Cancel this timer so that we don't try to disable scanning
1267 * when it's already disabled.
1269 cancel_delayed_work(&hdev->le_scan_disable);
1271 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1273 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1274 * interrupted scanning due to a connect request. Mark
1275 * therefore discovery as stopped. If this was not
1276 * because of a connect request advertising might have
1277 * been disabled because of active scanning, so
1278 * re-enable it again if necessary.
1280 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1281 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1282 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1283 hdev->discovery.state == DISCOVERY_FINDING)
1284 hci_req_reenable_advertising(hdev);
1289 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1294 hci_dev_unlock(hdev);
1297 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1298 struct sk_buff *skb)
1300 struct hci_cp_le_set_scan_enable *cp;
1301 __u8 status = *((__u8 *) skb->data);
1303 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1308 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1312 le_set_scan_enable_complete(hdev, cp->enable);
1315 static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1316 struct sk_buff *skb)
1318 struct hci_cp_le_set_ext_scan_enable *cp;
1319 __u8 status = *((__u8 *) skb->data);
1321 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1326 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1330 le_set_scan_enable_complete(hdev, cp->enable);
1333 static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1334 struct sk_buff *skb)
1336 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1338 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1344 hdev->le_num_of_adv_sets = rp->num_of_sets;
1347 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1348 struct sk_buff *skb)
1350 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1352 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1357 hdev->le_white_list_size = rp->size;
1360 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1361 struct sk_buff *skb)
1363 __u8 status = *((__u8 *) skb->data);
1365 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1370 hci_bdaddr_list_clear(&hdev->le_white_list);
1373 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1374 struct sk_buff *skb)
1376 struct hci_cp_le_add_to_white_list *sent;
1377 __u8 status = *((__u8 *) skb->data);
1379 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1384 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1388 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1392 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1393 struct sk_buff *skb)
1395 struct hci_cp_le_del_from_white_list *sent;
1396 __u8 status = *((__u8 *) skb->data);
1398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1403 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1407 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1411 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1412 struct sk_buff *skb)
1414 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1416 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1421 memcpy(hdev->le_states, rp->le_states, 8);
1424 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1425 struct sk_buff *skb)
1427 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1429 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1434 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1435 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1438 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1439 struct sk_buff *skb)
1441 struct hci_cp_le_write_def_data_len *sent;
1442 __u8 status = *((__u8 *) skb->data);
1444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1449 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1453 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1454 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1457 static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1458 struct sk_buff *skb)
1460 struct hci_cp_le_add_to_resolv_list *sent;
1461 __u8 status = *((__u8 *) skb->data);
1463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1468 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1472 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1473 sent->bdaddr_type, sent->peer_irk,
1477 static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1478 struct sk_buff *skb)
1480 struct hci_cp_le_del_from_resolv_list *sent;
1481 __u8 status = *((__u8 *) skb->data);
1483 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1488 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1492 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1496 static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1497 struct sk_buff *skb)
1499 __u8 status = *((__u8 *) skb->data);
1501 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1506 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1509 static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1510 struct sk_buff *skb)
1512 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1514 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1519 hdev->le_resolv_list_size = rp->size;
1522 static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1523 struct sk_buff *skb)
1525 __u8 *sent, status = *((__u8 *) skb->data);
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1532 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1539 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1541 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1543 hci_dev_unlock(hdev);
1546 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1547 struct sk_buff *skb)
1549 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1556 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1557 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1558 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1559 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1562 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1563 struct sk_buff *skb)
1565 struct hci_cp_write_le_host_supported *sent;
1566 __u8 status = *((__u8 *) skb->data);
1568 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1580 hdev->features[1][0] |= LMP_HOST_LE;
1581 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1583 hdev->features[1][0] &= ~LMP_HOST_LE;
1584 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1585 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1589 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1591 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1593 hci_dev_unlock(hdev);
1596 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1598 struct hci_cp_le_set_adv_param *cp;
1599 u8 status = *((u8 *) skb->data);
1601 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1606 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1611 hdev->adv_addr_type = cp->own_address_type;
1612 hci_dev_unlock(hdev);
1615 static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1617 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1618 struct hci_cp_le_set_ext_adv_params *cp;
1619 struct adv_info *adv_instance;
1621 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1626 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1631 hdev->adv_addr_type = cp->own_addr_type;
1632 if (!hdev->cur_adv_instance) {
1633 /* Store in hdev for instance 0 */
1634 hdev->adv_tx_power = rp->tx_power;
1636 adv_instance = hci_find_adv_instance(hdev,
1637 hdev->cur_adv_instance);
1639 adv_instance->tx_power = rp->tx_power;
1641 /* Update adv data as tx power is known now */
1642 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1643 hci_dev_unlock(hdev);
1646 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1648 struct hci_rp_read_rssi *rp = (void *) skb->data;
1649 struct hci_conn *conn;
1651 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1658 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1660 conn->rssi = rp->rssi;
1662 hci_dev_unlock(hdev);
1665 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1667 struct hci_cp_read_tx_power *sent;
1668 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1669 struct hci_conn *conn;
1671 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1676 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1682 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1686 switch (sent->type) {
1688 conn->tx_power = rp->tx_power;
1691 conn->max_tx_power = rp->tx_power;
1696 hci_dev_unlock(hdev);
1699 static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1701 u8 status = *((u8 *) skb->data);
1704 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1709 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1711 hdev->ssp_debug_mode = *mode;
1714 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1716 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1719 hci_conn_check_pending(hdev);
1723 set_bit(HCI_INQUIRY, &hdev->flags);
1726 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1728 struct hci_cp_create_conn *cp;
1729 struct hci_conn *conn;
1731 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1733 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1741 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1744 if (conn && conn->state == BT_CONNECT) {
1745 if (status != 0x0c || conn->attempt > 2) {
1746 conn->state = BT_CLOSED;
1747 hci_connect_cfm(conn, status);
1750 conn->state = BT_CONNECT2;
1754 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1757 bt_dev_err(hdev, "no memory for new connection");
1761 hci_dev_unlock(hdev);
1764 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1766 struct hci_cp_add_sco *cp;
1767 struct hci_conn *acl, *sco;
1770 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1775 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1779 handle = __le16_to_cpu(cp->handle);
1781 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1785 acl = hci_conn_hash_lookup_handle(hdev, handle);
1789 sco->state = BT_CLOSED;
1791 hci_connect_cfm(sco, status);
1796 hci_dev_unlock(hdev);
1799 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1801 struct hci_cp_auth_requested *cp;
1802 struct hci_conn *conn;
1804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1809 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1815 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1817 if (conn->state == BT_CONFIG) {
1818 hci_connect_cfm(conn, status);
1819 hci_conn_drop(conn);
1823 hci_dev_unlock(hdev);
1826 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1828 struct hci_cp_set_conn_encrypt *cp;
1829 struct hci_conn *conn;
1831 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1842 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1844 if (conn->state == BT_CONFIG) {
1845 hci_connect_cfm(conn, status);
1846 hci_conn_drop(conn);
1850 hci_dev_unlock(hdev);
1853 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1854 struct hci_conn *conn)
1856 if (conn->state != BT_CONFIG || !conn->out)
1859 if (conn->pending_sec_level == BT_SECURITY_SDP)
1862 /* Only request authentication for SSP connections or non-SSP
1863 * devices with sec_level MEDIUM or HIGH or if MITM protection
1866 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1867 conn->pending_sec_level != BT_SECURITY_FIPS &&
1868 conn->pending_sec_level != BT_SECURITY_HIGH &&
1869 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1875 static int hci_resolve_name(struct hci_dev *hdev,
1876 struct inquiry_entry *e)
1878 struct hci_cp_remote_name_req cp;
1880 memset(&cp, 0, sizeof(cp));
1882 bacpy(&cp.bdaddr, &e->data.bdaddr);
1883 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1884 cp.pscan_mode = e->data.pscan_mode;
1885 cp.clock_offset = e->data.clock_offset;
1887 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1890 static bool hci_resolve_next_name(struct hci_dev *hdev)
1892 struct discovery_state *discov = &hdev->discovery;
1893 struct inquiry_entry *e;
1895 if (list_empty(&discov->resolve))
1898 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1902 if (hci_resolve_name(hdev, e) == 0) {
1903 e->name_state = NAME_PENDING;
1910 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1911 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1913 struct discovery_state *discov = &hdev->discovery;
1914 struct inquiry_entry *e;
1916 /* Update the mgmt connected state if necessary. Be careful with
1917 * conn objects that exist but are not (yet) connected however.
1918 * Only those in BT_CONFIG or BT_CONNECTED states can be
1919 * considered connected.
1922 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1923 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1924 mgmt_device_connected(hdev, conn, 0, name, name_len);
1926 if (discov->state == DISCOVERY_STOPPED)
1929 if (discov->state == DISCOVERY_STOPPING)
1930 goto discov_complete;
1932 if (discov->state != DISCOVERY_RESOLVING)
1935 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1936 /* If the device was not found in a list of found devices names of which
1937 * are pending. there is no need to continue resolving a next name as it
1938 * will be done upon receiving another Remote Name Request Complete
1945 e->name_state = NAME_KNOWN;
1946 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1947 e->data.rssi, name, name_len);
1949 e->name_state = NAME_NOT_KNOWN;
1952 if (hci_resolve_next_name(hdev))
1956 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1959 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1961 struct hci_cp_remote_name_req *cp;
1962 struct hci_conn *conn;
1964 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1966 /* If successful wait for the name req complete event before
1967 * checking for the need to do authentication */
1971 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1979 if (hci_dev_test_flag(hdev, HCI_MGMT))
1980 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1985 if (!hci_outgoing_auth_needed(hdev, conn))
1988 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1989 struct hci_cp_auth_requested auth_cp;
1991 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1993 auth_cp.handle = __cpu_to_le16(conn->handle);
1994 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1995 sizeof(auth_cp), &auth_cp);
1999 hci_dev_unlock(hdev);
2002 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2004 struct hci_cp_read_remote_features *cp;
2005 struct hci_conn *conn;
2007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2012 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2020 if (conn->state == BT_CONFIG) {
2021 hci_connect_cfm(conn, status);
2022 hci_conn_drop(conn);
2026 hci_dev_unlock(hdev);
2029 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2031 struct hci_cp_read_remote_ext_features *cp;
2032 struct hci_conn *conn;
2034 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2039 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2047 if (conn->state == BT_CONFIG) {
2048 hci_connect_cfm(conn, status);
2049 hci_conn_drop(conn);
2053 hci_dev_unlock(hdev);
2056 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2058 struct hci_cp_setup_sync_conn *cp;
2059 struct hci_conn *acl, *sco;
2062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2067 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2071 handle = __le16_to_cpu(cp->handle);
2073 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
2077 acl = hci_conn_hash_lookup_handle(hdev, handle);
2081 sco->state = BT_CLOSED;
2083 hci_connect_cfm(sco, status);
2088 hci_dev_unlock(hdev);
2091 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
2093 struct hci_cp_sniff_mode *cp;
2094 struct hci_conn *conn;
2096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2101 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2107 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2109 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2111 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2112 hci_sco_setup(conn, status);
2115 hci_dev_unlock(hdev);
2118 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2120 struct hci_cp_exit_sniff_mode *cp;
2121 struct hci_conn *conn;
2123 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2128 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2134 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2136 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2138 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2139 hci_sco_setup(conn, status);
2142 hci_dev_unlock(hdev);
2145 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2147 struct hci_cp_disconnect *cp;
2148 struct hci_conn *conn;
2153 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2159 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2161 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2162 conn->dst_type, status);
2164 hci_dev_unlock(hdev);
2167 static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2168 u8 peer_addr_type, u8 own_address_type,
2171 struct hci_conn *conn;
2173 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2178 /* Store the initiator and responder address information which
2179 * is needed for SMP. These values will not change during the
2180 * lifetime of the connection.
2182 conn->init_addr_type = own_address_type;
2183 if (own_address_type == ADDR_LE_DEV_RANDOM)
2184 bacpy(&conn->init_addr, &hdev->random_addr);
2186 bacpy(&conn->init_addr, &hdev->bdaddr);
2188 conn->resp_addr_type = peer_addr_type;
2189 bacpy(&conn->resp_addr, peer_addr);
2191 /* We don't want the connection attempt to stick around
2192 * indefinitely since LE doesn't have a page timeout concept
2193 * like BR/EDR. Set a timer for any connection that doesn't use
2194 * the white list for connecting.
2196 if (filter_policy == HCI_LE_USE_PEER_ADDR)
2197 queue_delayed_work(conn->hdev->workqueue,
2198 &conn->le_conn_timeout,
2199 conn->conn_timeout);
2202 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2204 struct hci_cp_le_create_conn *cp;
2206 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2208 /* All connection failure handling is taken care of by the
2209 * hci_le_conn_failed function which is triggered by the HCI
2210 * request completion callbacks used for connecting.
2215 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2221 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2222 cp->own_address_type, cp->filter_policy);
2224 hci_dev_unlock(hdev);
2227 static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2229 struct hci_cp_le_ext_create_conn *cp;
2231 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2233 /* All connection failure handling is taken care of by the
2234 * hci_le_conn_failed function which is triggered by the HCI
2235 * request completion callbacks used for connecting.
2240 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2246 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2247 cp->own_addr_type, cp->filter_policy);
2249 hci_dev_unlock(hdev);
2252 static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2254 struct hci_cp_le_read_remote_features *cp;
2255 struct hci_conn *conn;
2257 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2262 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2270 if (conn->state == BT_CONFIG) {
2271 hci_connect_cfm(conn, status);
2272 hci_conn_drop(conn);
2276 hci_dev_unlock(hdev);
2279 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2281 struct hci_cp_le_start_enc *cp;
2282 struct hci_conn *conn;
2284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2291 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2299 if (conn->state != BT_CONNECTED)
2302 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2303 hci_conn_drop(conn);
2306 hci_dev_unlock(hdev);
2309 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2311 struct hci_cp_switch_role *cp;
2312 struct hci_conn *conn;
2314 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2319 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2325 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2327 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2329 hci_dev_unlock(hdev);
2332 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2334 __u8 status = *((__u8 *) skb->data);
2335 struct discovery_state *discov = &hdev->discovery;
2336 struct inquiry_entry *e;
2338 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2340 hci_conn_check_pending(hdev);
2342 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2345 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2346 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2348 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2353 if (discov->state != DISCOVERY_FINDING)
2356 if (list_empty(&discov->resolve)) {
2357 /* When BR/EDR inquiry is active and no LE scanning is in
2358 * progress, then change discovery state to indicate completion.
2360 * When running LE scanning and BR/EDR inquiry simultaneously
2361 * and the LE scan already finished, then change the discovery
2362 * state to indicate completion.
2364 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2365 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2366 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2370 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2371 if (e && hci_resolve_name(hdev, e) == 0) {
2372 e->name_state = NAME_PENDING;
2373 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2375 /* When BR/EDR inquiry is active and no LE scanning is in
2376 * progress, then change discovery state to indicate completion.
2378 * When running LE scanning and BR/EDR inquiry simultaneously
2379 * and the LE scan already finished, then change the discovery
2380 * state to indicate completion.
2382 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2383 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2384 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2388 hci_dev_unlock(hdev);
2391 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2393 struct inquiry_data data;
2394 struct inquiry_info *info = (void *) (skb->data + 1);
2395 int num_rsp = *((__u8 *) skb->data);
2397 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2402 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2407 for (; num_rsp; num_rsp--, info++) {
2410 bacpy(&data.bdaddr, &info->bdaddr);
2411 data.pscan_rep_mode = info->pscan_rep_mode;
2412 data.pscan_period_mode = info->pscan_period_mode;
2413 data.pscan_mode = info->pscan_mode;
2414 memcpy(data.dev_class, info->dev_class, 3);
2415 data.clock_offset = info->clock_offset;
2416 data.rssi = HCI_RSSI_INVALID;
2417 data.ssp_mode = 0x00;
2419 flags = hci_inquiry_cache_update(hdev, &data, false);
2421 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2422 info->dev_class, HCI_RSSI_INVALID,
2423 flags, NULL, 0, NULL, 0);
2426 hci_dev_unlock(hdev);
2429 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2431 struct hci_ev_conn_complete *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2434 BT_DBG("%s", hdev->name);
2438 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2440 if (ev->link_type != SCO_LINK)
2443 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2447 conn->type = SCO_LINK;
2451 conn->handle = __le16_to_cpu(ev->handle);
2453 if (conn->type == ACL_LINK) {
2454 conn->state = BT_CONFIG;
2455 hci_conn_hold(conn);
2457 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2458 !hci_find_link_key(hdev, &ev->bdaddr))
2459 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2461 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2463 conn->state = BT_CONNECTED;
2465 hci_debugfs_create_conn(conn);
2466 hci_conn_add_sysfs(conn);
2468 if (test_bit(HCI_AUTH, &hdev->flags))
2469 set_bit(HCI_CONN_AUTH, &conn->flags);
2471 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2472 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2474 /* Get remote features */
2475 if (conn->type == ACL_LINK) {
2476 struct hci_cp_read_remote_features cp;
2477 cp.handle = ev->handle;
2478 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2481 hci_req_update_scan(hdev);
2484 /* Set packet type for incoming connection */
2485 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2486 struct hci_cp_change_conn_ptype cp;
2487 cp.handle = ev->handle;
2488 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2489 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2493 conn->state = BT_CLOSED;
2494 if (conn->type == ACL_LINK)
2495 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2496 conn->dst_type, ev->status);
2499 if (conn->type == ACL_LINK)
2500 hci_sco_setup(conn, ev->status);
2503 hci_connect_cfm(conn, ev->status);
2505 } else if (ev->link_type != ACL_LINK)
2506 hci_connect_cfm(conn, ev->status);
2509 hci_dev_unlock(hdev);
2511 hci_conn_check_pending(hdev);
2514 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2516 struct hci_cp_reject_conn_req cp;
2518 bacpy(&cp.bdaddr, bdaddr);
2519 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2520 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2523 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2525 struct hci_ev_conn_request *ev = (void *) skb->data;
2526 int mask = hdev->link_mode;
2527 struct inquiry_entry *ie;
2528 struct hci_conn *conn;
2531 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2534 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2537 if (!(mask & HCI_LM_ACCEPT)) {
2538 hci_reject_conn(hdev, &ev->bdaddr);
2542 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2544 hci_reject_conn(hdev, &ev->bdaddr);
2548 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2549 * connection. These features are only touched through mgmt so
2550 * only do the checks if HCI_MGMT is set.
2552 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2553 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2554 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2556 hci_reject_conn(hdev, &ev->bdaddr);
2560 /* Connection accepted */
2564 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2566 memcpy(ie->data.dev_class, ev->dev_class, 3);
2568 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2571 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2574 bt_dev_err(hdev, "no memory for new connection");
2575 hci_dev_unlock(hdev);
2580 memcpy(conn->dev_class, ev->dev_class, 3);
2582 hci_dev_unlock(hdev);
2584 if (ev->link_type == ACL_LINK ||
2585 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2586 struct hci_cp_accept_conn_req cp;
2587 conn->state = BT_CONNECT;
2589 bacpy(&cp.bdaddr, &ev->bdaddr);
2591 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2592 cp.role = 0x00; /* Become master */
2594 cp.role = 0x01; /* Remain slave */
2596 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2597 } else if (!(flags & HCI_PROTO_DEFER)) {
2598 struct hci_cp_accept_sync_conn_req cp;
2599 conn->state = BT_CONNECT;
2601 bacpy(&cp.bdaddr, &ev->bdaddr);
2602 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2604 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2605 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2606 cp.max_latency = cpu_to_le16(0xffff);
2607 cp.content_format = cpu_to_le16(hdev->voice_setting);
2608 cp.retrans_effort = 0xff;
2610 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2613 conn->state = BT_CONNECT2;
2614 hci_connect_cfm(conn, 0);
2618 static u8 hci_to_mgmt_reason(u8 err)
2621 case HCI_ERROR_CONNECTION_TIMEOUT:
2622 return MGMT_DEV_DISCONN_TIMEOUT;
2623 case HCI_ERROR_REMOTE_USER_TERM:
2624 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2625 case HCI_ERROR_REMOTE_POWER_OFF:
2626 return MGMT_DEV_DISCONN_REMOTE;
2627 case HCI_ERROR_LOCAL_HOST_TERM:
2628 return MGMT_DEV_DISCONN_LOCAL_HOST;
2630 return MGMT_DEV_DISCONN_UNKNOWN;
2634 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2636 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2638 struct hci_conn_params *params;
2639 struct hci_conn *conn;
2640 bool mgmt_connected;
2643 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2647 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2652 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2653 conn->dst_type, ev->status);
2657 conn->state = BT_CLOSED;
2659 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2661 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2662 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2664 reason = hci_to_mgmt_reason(ev->reason);
2666 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2667 reason, mgmt_connected);
2669 if (conn->type == ACL_LINK) {
2670 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2671 hci_remove_link_key(hdev, &conn->dst);
2673 hci_req_update_scan(hdev);
2676 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2678 switch (params->auto_connect) {
2679 case HCI_AUTO_CONN_LINK_LOSS:
2680 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2684 case HCI_AUTO_CONN_DIRECT:
2685 case HCI_AUTO_CONN_ALWAYS:
2686 list_del_init(¶ms->action);
2687 list_add(¶ms->action, &hdev->pend_le_conns);
2688 hci_update_background_scan(hdev);
2698 hci_disconn_cfm(conn, ev->reason);
2701 /* Re-enable advertising if necessary, since it might
2702 * have been disabled by the connection. From the
2703 * HCI_LE_Set_Advertise_Enable command description in
2704 * the core specification (v4.0):
2705 * "The Controller shall continue advertising until the Host
2706 * issues an LE_Set_Advertise_Enable command with
2707 * Advertising_Enable set to 0x00 (Advertising is disabled)
2708 * or until a connection is created or until the Advertising
2709 * is timed out due to Directed Advertising."
2711 if (type == LE_LINK)
2712 hci_req_reenable_advertising(hdev);
2715 hci_dev_unlock(hdev);
2718 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2720 struct hci_ev_auth_complete *ev = (void *) skb->data;
2721 struct hci_conn *conn;
2723 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2734 if (!hci_conn_ssp_enabled(conn) &&
2735 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2736 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2738 set_bit(HCI_CONN_AUTH, &conn->flags);
2739 conn->sec_level = conn->pending_sec_level;
2742 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2743 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2745 mgmt_auth_failed(conn, ev->status);
2748 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2749 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2751 if (conn->state == BT_CONFIG) {
2752 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2753 struct hci_cp_set_conn_encrypt cp;
2754 cp.handle = ev->handle;
2756 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2759 conn->state = BT_CONNECTED;
2760 hci_connect_cfm(conn, ev->status);
2761 hci_conn_drop(conn);
2764 hci_auth_cfm(conn, ev->status);
2766 hci_conn_hold(conn);
2767 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2768 hci_conn_drop(conn);
2771 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2773 struct hci_cp_set_conn_encrypt cp;
2774 cp.handle = ev->handle;
2776 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2779 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2780 hci_encrypt_cfm(conn, ev->status, 0x00);
2785 hci_dev_unlock(hdev);
2788 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2790 struct hci_ev_remote_name *ev = (void *) skb->data;
2791 struct hci_conn *conn;
2793 BT_DBG("%s", hdev->name);
2795 hci_conn_check_pending(hdev);
2799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2801 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2804 if (ev->status == 0)
2805 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2806 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2808 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2814 if (!hci_outgoing_auth_needed(hdev, conn))
2817 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2818 struct hci_cp_auth_requested cp;
2820 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2822 cp.handle = __cpu_to_le16(conn->handle);
2823 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2827 hci_dev_unlock(hdev);
2830 static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
2831 u16 opcode, struct sk_buff *skb)
2833 const struct hci_rp_read_enc_key_size *rp;
2834 struct hci_conn *conn;
2837 BT_DBG("%s status 0x%02x", hdev->name, status);
2839 if (!skb || skb->len < sizeof(*rp)) {
2840 bt_dev_err(hdev, "invalid read key size response");
2844 rp = (void *)skb->data;
2845 handle = le16_to_cpu(rp->handle);
2849 conn = hci_conn_hash_lookup_handle(hdev, handle);
2853 /* If we fail to read the encryption key size, assume maximum
2854 * (which is the same we do also when this HCI command isn't
2858 bt_dev_err(hdev, "failed to read key size for handle %u",
2860 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2862 conn->enc_key_size = rp->key_size;
2865 if (conn->state == BT_CONFIG) {
2866 conn->state = BT_CONNECTED;
2867 hci_connect_cfm(conn, 0);
2868 hci_conn_drop(conn);
2872 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2874 else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
2879 hci_encrypt_cfm(conn, 0, encrypt);
2883 hci_dev_unlock(hdev);
2886 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2888 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2889 struct hci_conn *conn;
2891 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2895 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2901 /* Encryption implies authentication */
2902 set_bit(HCI_CONN_AUTH, &conn->flags);
2903 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2904 conn->sec_level = conn->pending_sec_level;
2906 /* P-256 authentication key implies FIPS */
2907 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2908 set_bit(HCI_CONN_FIPS, &conn->flags);
2910 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2911 conn->type == LE_LINK)
2912 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2914 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2915 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2919 /* We should disregard the current RPA and generate a new one
2920 * whenever the encryption procedure fails.
2922 if (ev->status && conn->type == LE_LINK) {
2923 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2924 hci_adv_instances_set_rpa_expired(hdev, true);
2927 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2929 if (ev->status && conn->state == BT_CONNECTED) {
2930 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2931 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2933 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2934 hci_conn_drop(conn);
2938 /* In Secure Connections Only mode, do not allow any connections
2939 * that are not encrypted with AES-CCM using a P-256 authenticated
2942 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
2943 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2944 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2945 hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2946 hci_conn_drop(conn);
2950 /* Try reading the encryption key size for encrypted ACL links */
2951 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
2952 struct hci_cp_read_enc_key_size cp;
2953 struct hci_request req;
2955 /* Only send HCI_Read_Encryption_Key_Size if the
2956 * controller really supports it. If it doesn't, assume
2957 * the default size (16).
2959 if (!(hdev->commands[20] & 0x10)) {
2960 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2964 hci_req_init(&req, hdev);
2966 cp.handle = cpu_to_le16(conn->handle);
2967 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
2969 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2970 bt_dev_err(hdev, "sending read key size failed");
2971 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2979 if (conn->state == BT_CONFIG) {
2981 conn->state = BT_CONNECTED;
2983 hci_connect_cfm(conn, ev->status);
2984 hci_conn_drop(conn);
2986 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2989 hci_dev_unlock(hdev);
2992 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
2995 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2996 struct hci_conn *conn;
2998 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3005 set_bit(HCI_CONN_SECURE, &conn->flags);
3007 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3009 hci_key_change_cfm(conn, ev->status);
3012 hci_dev_unlock(hdev);
3015 static void hci_remote_features_evt(struct hci_dev *hdev,
3016 struct sk_buff *skb)
3018 struct hci_ev_remote_features *ev = (void *) skb->data;
3019 struct hci_conn *conn;
3021 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3025 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3030 memcpy(conn->features[0], ev->features, 8);
3032 if (conn->state != BT_CONFIG)
3035 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3036 lmp_ext_feat_capable(conn)) {
3037 struct hci_cp_read_remote_ext_features cp;
3038 cp.handle = ev->handle;
3040 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
3045 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3046 struct hci_cp_remote_name_req cp;
3047 memset(&cp, 0, sizeof(cp));
3048 bacpy(&cp.bdaddr, &conn->dst);
3049 cp.pscan_rep_mode = 0x02;
3050 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3051 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3052 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3054 if (!hci_outgoing_auth_needed(hdev, conn)) {
3055 conn->state = BT_CONNECTED;
3056 hci_connect_cfm(conn, ev->status);
3057 hci_conn_drop(conn);
3061 hci_dev_unlock(hdev);
3064 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3065 u16 *opcode, u8 *status,
3066 hci_req_complete_t *req_complete,
3067 hci_req_complete_skb_t *req_complete_skb)
3069 struct hci_ev_cmd_complete *ev = (void *) skb->data;
3071 *opcode = __le16_to_cpu(ev->opcode);
3072 *status = skb->data[sizeof(*ev)];
3074 skb_pull(skb, sizeof(*ev));
3077 case HCI_OP_INQUIRY_CANCEL:
3078 hci_cc_inquiry_cancel(hdev, skb);
3081 case HCI_OP_PERIODIC_INQ:
3082 hci_cc_periodic_inq(hdev, skb);
3085 case HCI_OP_EXIT_PERIODIC_INQ:
3086 hci_cc_exit_periodic_inq(hdev, skb);
3089 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3090 hci_cc_remote_name_req_cancel(hdev, skb);
3093 case HCI_OP_ROLE_DISCOVERY:
3094 hci_cc_role_discovery(hdev, skb);
3097 case HCI_OP_READ_LINK_POLICY:
3098 hci_cc_read_link_policy(hdev, skb);
3101 case HCI_OP_WRITE_LINK_POLICY:
3102 hci_cc_write_link_policy(hdev, skb);
3105 case HCI_OP_READ_DEF_LINK_POLICY:
3106 hci_cc_read_def_link_policy(hdev, skb);
3109 case HCI_OP_WRITE_DEF_LINK_POLICY:
3110 hci_cc_write_def_link_policy(hdev, skb);
3114 hci_cc_reset(hdev, skb);
3117 case HCI_OP_READ_STORED_LINK_KEY:
3118 hci_cc_read_stored_link_key(hdev, skb);
3121 case HCI_OP_DELETE_STORED_LINK_KEY:
3122 hci_cc_delete_stored_link_key(hdev, skb);
3125 case HCI_OP_WRITE_LOCAL_NAME:
3126 hci_cc_write_local_name(hdev, skb);
3129 case HCI_OP_READ_LOCAL_NAME:
3130 hci_cc_read_local_name(hdev, skb);
3133 case HCI_OP_WRITE_AUTH_ENABLE:
3134 hci_cc_write_auth_enable(hdev, skb);
3137 case HCI_OP_WRITE_ENCRYPT_MODE:
3138 hci_cc_write_encrypt_mode(hdev, skb);
3141 case HCI_OP_WRITE_SCAN_ENABLE:
3142 hci_cc_write_scan_enable(hdev, skb);
3145 case HCI_OP_READ_CLASS_OF_DEV:
3146 hci_cc_read_class_of_dev(hdev, skb);
3149 case HCI_OP_WRITE_CLASS_OF_DEV:
3150 hci_cc_write_class_of_dev(hdev, skb);
3153 case HCI_OP_READ_VOICE_SETTING:
3154 hci_cc_read_voice_setting(hdev, skb);
3157 case HCI_OP_WRITE_VOICE_SETTING:
3158 hci_cc_write_voice_setting(hdev, skb);
3161 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3162 hci_cc_read_num_supported_iac(hdev, skb);
3165 case HCI_OP_WRITE_SSP_MODE:
3166 hci_cc_write_ssp_mode(hdev, skb);
3169 case HCI_OP_WRITE_SC_SUPPORT:
3170 hci_cc_write_sc_support(hdev, skb);
3173 case HCI_OP_READ_LOCAL_VERSION:
3174 hci_cc_read_local_version(hdev, skb);
3177 case HCI_OP_READ_LOCAL_COMMANDS:
3178 hci_cc_read_local_commands(hdev, skb);
3181 case HCI_OP_READ_LOCAL_FEATURES:
3182 hci_cc_read_local_features(hdev, skb);
3185 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3186 hci_cc_read_local_ext_features(hdev, skb);
3189 case HCI_OP_READ_BUFFER_SIZE:
3190 hci_cc_read_buffer_size(hdev, skb);
3193 case HCI_OP_READ_BD_ADDR:
3194 hci_cc_read_bd_addr(hdev, skb);
3197 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3198 hci_cc_read_page_scan_activity(hdev, skb);
3201 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3202 hci_cc_write_page_scan_activity(hdev, skb);
3205 case HCI_OP_READ_PAGE_SCAN_TYPE:
3206 hci_cc_read_page_scan_type(hdev, skb);
3209 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3210 hci_cc_write_page_scan_type(hdev, skb);
3213 case HCI_OP_READ_DATA_BLOCK_SIZE:
3214 hci_cc_read_data_block_size(hdev, skb);
3217 case HCI_OP_READ_FLOW_CONTROL_MODE:
3218 hci_cc_read_flow_control_mode(hdev, skb);
3221 case HCI_OP_READ_LOCAL_AMP_INFO:
3222 hci_cc_read_local_amp_info(hdev, skb);
3225 case HCI_OP_READ_CLOCK:
3226 hci_cc_read_clock(hdev, skb);
3229 case HCI_OP_READ_INQ_RSP_TX_POWER:
3230 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3233 case HCI_OP_PIN_CODE_REPLY:
3234 hci_cc_pin_code_reply(hdev, skb);
3237 case HCI_OP_PIN_CODE_NEG_REPLY:
3238 hci_cc_pin_code_neg_reply(hdev, skb);
3241 case HCI_OP_READ_LOCAL_OOB_DATA:
3242 hci_cc_read_local_oob_data(hdev, skb);
3245 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3246 hci_cc_read_local_oob_ext_data(hdev, skb);
3249 case HCI_OP_LE_READ_BUFFER_SIZE:
3250 hci_cc_le_read_buffer_size(hdev, skb);
3253 case HCI_OP_LE_READ_LOCAL_FEATURES:
3254 hci_cc_le_read_local_features(hdev, skb);
3257 case HCI_OP_LE_READ_ADV_TX_POWER:
3258 hci_cc_le_read_adv_tx_power(hdev, skb);
3261 case HCI_OP_USER_CONFIRM_REPLY:
3262 hci_cc_user_confirm_reply(hdev, skb);
3265 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3266 hci_cc_user_confirm_neg_reply(hdev, skb);
3269 case HCI_OP_USER_PASSKEY_REPLY:
3270 hci_cc_user_passkey_reply(hdev, skb);
3273 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3274 hci_cc_user_passkey_neg_reply(hdev, skb);
3277 case HCI_OP_LE_SET_RANDOM_ADDR:
3278 hci_cc_le_set_random_addr(hdev, skb);
3281 case HCI_OP_LE_SET_ADV_ENABLE:
3282 hci_cc_le_set_adv_enable(hdev, skb);
3285 case HCI_OP_LE_SET_SCAN_PARAM:
3286 hci_cc_le_set_scan_param(hdev, skb);
3289 case HCI_OP_LE_SET_SCAN_ENABLE:
3290 hci_cc_le_set_scan_enable(hdev, skb);
3293 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3294 hci_cc_le_read_white_list_size(hdev, skb);
3297 case HCI_OP_LE_CLEAR_WHITE_LIST:
3298 hci_cc_le_clear_white_list(hdev, skb);
3301 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3302 hci_cc_le_add_to_white_list(hdev, skb);
3305 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3306 hci_cc_le_del_from_white_list(hdev, skb);
3309 case HCI_OP_LE_READ_SUPPORTED_STATES:
3310 hci_cc_le_read_supported_states(hdev, skb);
3313 case HCI_OP_LE_READ_DEF_DATA_LEN:
3314 hci_cc_le_read_def_data_len(hdev, skb);
3317 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3318 hci_cc_le_write_def_data_len(hdev, skb);
3321 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3322 hci_cc_le_add_to_resolv_list(hdev, skb);
3325 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3326 hci_cc_le_del_from_resolv_list(hdev, skb);
3329 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3330 hci_cc_le_clear_resolv_list(hdev, skb);
3333 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3334 hci_cc_le_read_resolv_list_size(hdev, skb);
3337 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3338 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3341 case HCI_OP_LE_READ_MAX_DATA_LEN:
3342 hci_cc_le_read_max_data_len(hdev, skb);
3345 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3346 hci_cc_write_le_host_supported(hdev, skb);
3349 case HCI_OP_LE_SET_ADV_PARAM:
3350 hci_cc_set_adv_param(hdev, skb);
3353 case HCI_OP_READ_RSSI:
3354 hci_cc_read_rssi(hdev, skb);
3357 case HCI_OP_READ_TX_POWER:
3358 hci_cc_read_tx_power(hdev, skb);
3361 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3362 hci_cc_write_ssp_debug_mode(hdev, skb);
3365 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3366 hci_cc_le_set_ext_scan_param(hdev, skb);
3369 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3370 hci_cc_le_set_ext_scan_enable(hdev, skb);
3373 case HCI_OP_LE_SET_DEFAULT_PHY:
3374 hci_cc_le_set_default_phy(hdev, skb);
3377 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3378 hci_cc_le_read_num_adv_sets(hdev, skb);
3381 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3382 hci_cc_set_ext_adv_param(hdev, skb);
3385 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3386 hci_cc_le_set_ext_adv_enable(hdev, skb);
3389 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3390 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3394 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3398 if (*opcode != HCI_OP_NOP)
3399 cancel_delayed_work(&hdev->cmd_timer);
3401 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3402 atomic_set(&hdev->cmd_cnt, 1);
3404 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3407 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3408 queue_work(hdev->workqueue, &hdev->cmd_work);
3411 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3412 u16 *opcode, u8 *status,
3413 hci_req_complete_t *req_complete,
3414 hci_req_complete_skb_t *req_complete_skb)
3416 struct hci_ev_cmd_status *ev = (void *) skb->data;
3418 skb_pull(skb, sizeof(*ev));
3420 *opcode = __le16_to_cpu(ev->opcode);
3421 *status = ev->status;
3424 case HCI_OP_INQUIRY:
3425 hci_cs_inquiry(hdev, ev->status);
3428 case HCI_OP_CREATE_CONN:
3429 hci_cs_create_conn(hdev, ev->status);
3432 case HCI_OP_DISCONNECT:
3433 hci_cs_disconnect(hdev, ev->status);
3436 case HCI_OP_ADD_SCO:
3437 hci_cs_add_sco(hdev, ev->status);
3440 case HCI_OP_AUTH_REQUESTED:
3441 hci_cs_auth_requested(hdev, ev->status);
3444 case HCI_OP_SET_CONN_ENCRYPT:
3445 hci_cs_set_conn_encrypt(hdev, ev->status);
3448 case HCI_OP_REMOTE_NAME_REQ:
3449 hci_cs_remote_name_req(hdev, ev->status);
3452 case HCI_OP_READ_REMOTE_FEATURES:
3453 hci_cs_read_remote_features(hdev, ev->status);
3456 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3457 hci_cs_read_remote_ext_features(hdev, ev->status);
3460 case HCI_OP_SETUP_SYNC_CONN:
3461 hci_cs_setup_sync_conn(hdev, ev->status);
3464 case HCI_OP_SNIFF_MODE:
3465 hci_cs_sniff_mode(hdev, ev->status);
3468 case HCI_OP_EXIT_SNIFF_MODE:
3469 hci_cs_exit_sniff_mode(hdev, ev->status);
3472 case HCI_OP_SWITCH_ROLE:
3473 hci_cs_switch_role(hdev, ev->status);
3476 case HCI_OP_LE_CREATE_CONN:
3477 hci_cs_le_create_conn(hdev, ev->status);
3480 case HCI_OP_LE_READ_REMOTE_FEATURES:
3481 hci_cs_le_read_remote_features(hdev, ev->status);
3484 case HCI_OP_LE_START_ENC:
3485 hci_cs_le_start_enc(hdev, ev->status);
3488 case HCI_OP_LE_EXT_CREATE_CONN:
3489 hci_cs_le_ext_create_conn(hdev, ev->status);
3493 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3497 if (*opcode != HCI_OP_NOP)
3498 cancel_delayed_work(&hdev->cmd_timer);
3500 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3501 atomic_set(&hdev->cmd_cnt, 1);
3503 /* Indicate request completion if the command failed. Also, if
3504 * we're not waiting for a special event and we get a success
3505 * command status we should try to flag the request as completed
3506 * (since for this kind of commands there will not be a command
3510 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
3511 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3514 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3515 queue_work(hdev->workqueue, &hdev->cmd_work);
3518 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3520 struct hci_ev_hardware_error *ev = (void *) skb->data;
3522 hdev->hw_error_code = ev->code;
3524 queue_work(hdev->req_workqueue, &hdev->error_reset);
3527 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3529 struct hci_ev_role_change *ev = (void *) skb->data;
3530 struct hci_conn *conn;
3532 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3539 conn->role = ev->role;
3541 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3543 hci_role_switch_cfm(conn, ev->status, ev->role);
3546 hci_dev_unlock(hdev);
3549 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3551 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3554 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3555 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3559 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3560 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3561 BT_DBG("%s bad parameters", hdev->name);
3565 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3567 for (i = 0; i < ev->num_hndl; i++) {
3568 struct hci_comp_pkts_info *info = &ev->handles[i];
3569 struct hci_conn *conn;
3570 __u16 handle, count;
3572 handle = __le16_to_cpu(info->handle);
3573 count = __le16_to_cpu(info->count);
3575 conn = hci_conn_hash_lookup_handle(hdev, handle);
3579 conn->sent -= count;
3581 switch (conn->type) {
3583 hdev->acl_cnt += count;
3584 if (hdev->acl_cnt > hdev->acl_pkts)
3585 hdev->acl_cnt = hdev->acl_pkts;
3589 if (hdev->le_pkts) {
3590 hdev->le_cnt += count;
3591 if (hdev->le_cnt > hdev->le_pkts)
3592 hdev->le_cnt = hdev->le_pkts;
3594 hdev->acl_cnt += count;
3595 if (hdev->acl_cnt > hdev->acl_pkts)
3596 hdev->acl_cnt = hdev->acl_pkts;
3601 hdev->sco_cnt += count;
3602 if (hdev->sco_cnt > hdev->sco_pkts)
3603 hdev->sco_cnt = hdev->sco_pkts;
3607 bt_dev_err(hdev, "unknown type %d conn %p",
3613 queue_work(hdev->workqueue, &hdev->tx_work);
3616 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3619 struct hci_chan *chan;
3621 switch (hdev->dev_type) {
3623 return hci_conn_hash_lookup_handle(hdev, handle);
3625 chan = hci_chan_lookup_handle(hdev, handle);
3630 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3637 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3639 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3642 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3643 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3647 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3648 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3649 BT_DBG("%s bad parameters", hdev->name);
3653 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3656 for (i = 0; i < ev->num_hndl; i++) {
3657 struct hci_comp_blocks_info *info = &ev->handles[i];
3658 struct hci_conn *conn = NULL;
3659 __u16 handle, block_count;
3661 handle = __le16_to_cpu(info->handle);
3662 block_count = __le16_to_cpu(info->blocks);
3664 conn = __hci_conn_lookup_handle(hdev, handle);
3668 conn->sent -= block_count;
3670 switch (conn->type) {
3673 hdev->block_cnt += block_count;
3674 if (hdev->block_cnt > hdev->num_blocks)
3675 hdev->block_cnt = hdev->num_blocks;
3679 bt_dev_err(hdev, "unknown type %d conn %p",
3685 queue_work(hdev->workqueue, &hdev->tx_work);
3688 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3690 struct hci_ev_mode_change *ev = (void *) skb->data;
3691 struct hci_conn *conn;
3693 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3697 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3699 conn->mode = ev->mode;
3701 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3703 if (conn->mode == HCI_CM_ACTIVE)
3704 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3706 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3709 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3710 hci_sco_setup(conn, ev->status);
3713 hci_dev_unlock(hdev);
3716 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3718 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3719 struct hci_conn *conn;
3721 BT_DBG("%s", hdev->name);
3725 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3729 if (conn->state == BT_CONNECTED) {
3730 hci_conn_hold(conn);
3731 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3732 hci_conn_drop(conn);
3735 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3736 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3737 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3738 sizeof(ev->bdaddr), &ev->bdaddr);
3739 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3742 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3747 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3751 hci_dev_unlock(hdev);
3754 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3756 if (key_type == HCI_LK_CHANGED_COMBINATION)
3759 conn->pin_length = pin_len;
3760 conn->key_type = key_type;
3763 case HCI_LK_LOCAL_UNIT:
3764 case HCI_LK_REMOTE_UNIT:
3765 case HCI_LK_DEBUG_COMBINATION:
3767 case HCI_LK_COMBINATION:
3769 conn->pending_sec_level = BT_SECURITY_HIGH;
3771 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3773 case HCI_LK_UNAUTH_COMBINATION_P192:
3774 case HCI_LK_UNAUTH_COMBINATION_P256:
3775 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3777 case HCI_LK_AUTH_COMBINATION_P192:
3778 conn->pending_sec_level = BT_SECURITY_HIGH;
3780 case HCI_LK_AUTH_COMBINATION_P256:
3781 conn->pending_sec_level = BT_SECURITY_FIPS;
3786 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3788 struct hci_ev_link_key_req *ev = (void *) skb->data;
3789 struct hci_cp_link_key_reply cp;
3790 struct hci_conn *conn;
3791 struct link_key *key;
3793 BT_DBG("%s", hdev->name);
3795 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3800 key = hci_find_link_key(hdev, &ev->bdaddr);
3802 BT_DBG("%s link key not found for %pMR", hdev->name,
3807 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3812 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3814 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3815 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3816 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3817 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3821 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3822 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3823 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3824 BT_DBG("%s ignoring key unauthenticated for high security",
3829 conn_set_key(conn, key->type, key->pin_len);
3832 bacpy(&cp.bdaddr, &ev->bdaddr);
3833 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3835 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3837 hci_dev_unlock(hdev);
3842 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3843 hci_dev_unlock(hdev);
3846 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3848 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3849 struct hci_conn *conn;
3850 struct link_key *key;
3854 BT_DBG("%s", hdev->name);
3858 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3862 hci_conn_hold(conn);
3863 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3864 hci_conn_drop(conn);
3866 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3867 conn_set_key(conn, ev->key_type, conn->pin_length);
3869 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3872 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3873 ev->key_type, pin_len, &persistent);
3877 /* Update connection information since adding the key will have
3878 * fixed up the type in the case of changed combination keys.
3880 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3881 conn_set_key(conn, key->type, key->pin_len);
3883 mgmt_new_link_key(hdev, key, persistent);
3885 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3886 * is set. If it's not set simply remove the key from the kernel
3887 * list (we've still notified user space about it but with
3888 * store_hint being 0).
3890 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3891 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
3892 list_del_rcu(&key->list);
3893 kfree_rcu(key, rcu);
3898 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3900 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3903 hci_dev_unlock(hdev);
3906 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3908 struct hci_ev_clock_offset *ev = (void *) skb->data;
3909 struct hci_conn *conn;
3911 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3916 if (conn && !ev->status) {
3917 struct inquiry_entry *ie;
3919 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3921 ie->data.clock_offset = ev->clock_offset;
3922 ie->timestamp = jiffies;
3926 hci_dev_unlock(hdev);
3929 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3931 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3932 struct hci_conn *conn;
3934 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3938 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3939 if (conn && !ev->status)
3940 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3942 hci_dev_unlock(hdev);
3945 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3947 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3948 struct inquiry_entry *ie;
3950 BT_DBG("%s", hdev->name);
3954 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3956 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3957 ie->timestamp = jiffies;
3960 hci_dev_unlock(hdev);
3963 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3964 struct sk_buff *skb)
3966 struct inquiry_data data;
3967 int num_rsp = *((__u8 *) skb->data);
3969 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3974 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3979 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3980 struct inquiry_info_with_rssi_and_pscan_mode *info;
3981 info = (void *) (skb->data + 1);
3983 for (; num_rsp; num_rsp--, info++) {
3986 bacpy(&data.bdaddr, &info->bdaddr);
3987 data.pscan_rep_mode = info->pscan_rep_mode;
3988 data.pscan_period_mode = info->pscan_period_mode;
3989 data.pscan_mode = info->pscan_mode;
3990 memcpy(data.dev_class, info->dev_class, 3);
3991 data.clock_offset = info->clock_offset;
3992 data.rssi = info->rssi;
3993 data.ssp_mode = 0x00;
3995 flags = hci_inquiry_cache_update(hdev, &data, false);
3997 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3998 info->dev_class, info->rssi,
3999 flags, NULL, 0, NULL, 0);
4002 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4004 for (; num_rsp; num_rsp--, info++) {
4007 bacpy(&data.bdaddr, &info->bdaddr);
4008 data.pscan_rep_mode = info->pscan_rep_mode;
4009 data.pscan_period_mode = info->pscan_period_mode;
4010 data.pscan_mode = 0x00;
4011 memcpy(data.dev_class, info->dev_class, 3);
4012 data.clock_offset = info->clock_offset;
4013 data.rssi = info->rssi;
4014 data.ssp_mode = 0x00;
4016 flags = hci_inquiry_cache_update(hdev, &data, false);
4018 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4019 info->dev_class, info->rssi,
4020 flags, NULL, 0, NULL, 0);
4024 hci_dev_unlock(hdev);
4027 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4028 struct sk_buff *skb)
4030 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4031 struct hci_conn *conn;
4033 BT_DBG("%s", hdev->name);
4037 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4041 if (ev->page < HCI_MAX_PAGES)
4042 memcpy(conn->features[ev->page], ev->features, 8);
4044 if (!ev->status && ev->page == 0x01) {
4045 struct inquiry_entry *ie;
4047 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4049 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4051 if (ev->features[0] & LMP_HOST_SSP) {
4052 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4054 /* It is mandatory by the Bluetooth specification that
4055 * Extended Inquiry Results are only used when Secure
4056 * Simple Pairing is enabled, but some devices violate
4059 * To make these devices work, the internal SSP
4060 * enabled flag needs to be cleared if the remote host
4061 * features do not indicate SSP support */
4062 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4065 if (ev->features[0] & LMP_HOST_SC)
4066 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
4069 if (conn->state != BT_CONFIG)
4072 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
4073 struct hci_cp_remote_name_req cp;
4074 memset(&cp, 0, sizeof(cp));
4075 bacpy(&cp.bdaddr, &conn->dst);
4076 cp.pscan_rep_mode = 0x02;
4077 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
4078 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4079 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4081 if (!hci_outgoing_auth_needed(hdev, conn)) {
4082 conn->state = BT_CONNECTED;
4083 hci_connect_cfm(conn, ev->status);
4084 hci_conn_drop(conn);
4088 hci_dev_unlock(hdev);
4091 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4092 struct sk_buff *skb)
4094 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4095 struct hci_conn *conn;
4097 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4101 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4103 if (ev->link_type == ESCO_LINK)
4106 /* When the link type in the event indicates SCO connection
4107 * and lookup of the connection object fails, then check
4108 * if an eSCO connection object exists.
4110 * The core limits the synchronous connections to either
4111 * SCO or eSCO. The eSCO connection is preferred and tried
4112 * to be setup first and until successfully established,
4113 * the link type will be hinted as eSCO.
4115 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4120 switch (ev->status) {
4122 conn->handle = __le16_to_cpu(ev->handle);
4123 conn->state = BT_CONNECTED;
4124 conn->type = ev->link_type;
4126 hci_debugfs_create_conn(conn);
4127 hci_conn_add_sysfs(conn);
4130 case 0x10: /* Connection Accept Timeout */
4131 case 0x0d: /* Connection Rejected due to Limited Resources */
4132 case 0x11: /* Unsupported Feature or Parameter Value */
4133 case 0x1c: /* SCO interval rejected */
4134 case 0x1a: /* Unsupported Remote Feature */
4135 case 0x1f: /* Unspecified error */
4136 case 0x20: /* Unsupported LMP Parameter value */
4138 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4139 (hdev->esco_type & EDR_ESCO_MASK);
4140 if (hci_setup_sync(conn, conn->link->handle))
4146 conn->state = BT_CLOSED;
4150 hci_connect_cfm(conn, ev->status);
4155 hci_dev_unlock(hdev);
4158 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4162 while (parsed < eir_len) {
4163 u8 field_len = eir[0];
4168 parsed += field_len + 1;
4169 eir += field_len + 1;
4175 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4176 struct sk_buff *skb)
4178 struct inquiry_data data;
4179 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4180 int num_rsp = *((__u8 *) skb->data);
4183 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4188 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4193 for (; num_rsp; num_rsp--, info++) {
4197 bacpy(&data.bdaddr, &info->bdaddr);
4198 data.pscan_rep_mode = info->pscan_rep_mode;
4199 data.pscan_period_mode = info->pscan_period_mode;
4200 data.pscan_mode = 0x00;
4201 memcpy(data.dev_class, info->dev_class, 3);
4202 data.clock_offset = info->clock_offset;
4203 data.rssi = info->rssi;
4204 data.ssp_mode = 0x01;
4206 if (hci_dev_test_flag(hdev, HCI_MGMT))
4207 name_known = eir_get_data(info->data,
4209 EIR_NAME_COMPLETE, NULL);
4213 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4215 eir_len = eir_get_length(info->data, sizeof(info->data));
4217 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4218 info->dev_class, info->rssi,
4219 flags, info->data, eir_len, NULL, 0);
4222 hci_dev_unlock(hdev);
4225 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4226 struct sk_buff *skb)
4228 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4229 struct hci_conn *conn;
4231 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4232 __le16_to_cpu(ev->handle));
4236 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4240 /* For BR/EDR the necessary steps are taken through the
4241 * auth_complete event.
4243 if (conn->type != LE_LINK)
4247 conn->sec_level = conn->pending_sec_level;
4249 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4251 if (ev->status && conn->state == BT_CONNECTED) {
4252 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4253 hci_conn_drop(conn);
4257 if (conn->state == BT_CONFIG) {
4259 conn->state = BT_CONNECTED;
4261 hci_connect_cfm(conn, ev->status);
4262 hci_conn_drop(conn);
4264 hci_auth_cfm(conn, ev->status);
4266 hci_conn_hold(conn);
4267 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4268 hci_conn_drop(conn);
4272 hci_dev_unlock(hdev);
4275 static u8 hci_get_auth_req(struct hci_conn *conn)
4277 /* If remote requests no-bonding follow that lead */
4278 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4279 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4280 return conn->remote_auth | (conn->auth_type & 0x01);
4282 /* If both remote and local have enough IO capabilities, require
4285 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4286 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4287 return conn->remote_auth | 0x01;
4289 /* No MITM protection possible so ignore remote requirement */
4290 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4293 static u8 bredr_oob_data_present(struct hci_conn *conn)
4295 struct hci_dev *hdev = conn->hdev;
4296 struct oob_data *data;
4298 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4302 if (bredr_sc_enabled(hdev)) {
4303 /* When Secure Connections is enabled, then just
4304 * return the present value stored with the OOB
4305 * data. The stored value contains the right present
4306 * information. However it can only be trusted when
4307 * not in Secure Connection Only mode.
4309 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4310 return data->present;
4312 /* When Secure Connections Only mode is enabled, then
4313 * the P-256 values are required. If they are not
4314 * available, then do not declare that OOB data is
4317 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4318 !memcmp(data->hash256, ZERO_KEY, 16))
4324 /* When Secure Connections is not enabled or actually
4325 * not supported by the hardware, then check that if
4326 * P-192 data values are present.
4328 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4329 !memcmp(data->hash192, ZERO_KEY, 16))
4335 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4337 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4338 struct hci_conn *conn;
4340 BT_DBG("%s", hdev->name);
4344 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4348 hci_conn_hold(conn);
4350 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4353 /* Allow pairing if we're pairable, the initiators of the
4354 * pairing or if the remote is not requesting bonding.
4356 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
4357 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4358 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4359 struct hci_cp_io_capability_reply cp;
4361 bacpy(&cp.bdaddr, &ev->bdaddr);
4362 /* Change the IO capability from KeyboardDisplay
4363 * to DisplayYesNo as it is not supported by BT spec. */
4364 cp.capability = (conn->io_capability == 0x04) ?
4365 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4367 /* If we are initiators, there is no remote information yet */
4368 if (conn->remote_auth == 0xff) {
4369 /* Request MITM protection if our IO caps allow it
4370 * except for the no-bonding case.
4372 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4373 conn->auth_type != HCI_AT_NO_BONDING)
4374 conn->auth_type |= 0x01;
4376 conn->auth_type = hci_get_auth_req(conn);
4379 /* If we're not bondable, force one of the non-bondable
4380 * authentication requirement values.
4382 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
4383 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4385 cp.authentication = conn->auth_type;
4386 cp.oob_data = bredr_oob_data_present(conn);
4388 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4391 struct hci_cp_io_capability_neg_reply cp;
4393 bacpy(&cp.bdaddr, &ev->bdaddr);
4394 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4396 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4401 hci_dev_unlock(hdev);
4404 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4406 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4407 struct hci_conn *conn;
4409 BT_DBG("%s", hdev->name);
4413 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4417 conn->remote_cap = ev->capability;
4418 conn->remote_auth = ev->authentication;
4421 hci_dev_unlock(hdev);
4424 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4425 struct sk_buff *skb)
4427 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4428 int loc_mitm, rem_mitm, confirm_hint = 0;
4429 struct hci_conn *conn;
4431 BT_DBG("%s", hdev->name);
4435 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4438 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4442 loc_mitm = (conn->auth_type & 0x01);
4443 rem_mitm = (conn->remote_auth & 0x01);
4445 /* If we require MITM but the remote device can't provide that
4446 * (it has NoInputNoOutput) then reject the confirmation
4447 * request. We check the security level here since it doesn't
4448 * necessarily match conn->auth_type.
4450 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4451 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4452 BT_DBG("Rejecting request: remote device can't provide MITM");
4453 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4454 sizeof(ev->bdaddr), &ev->bdaddr);
4458 /* If no side requires MITM protection; auto-accept */
4459 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4460 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4462 /* If we're not the initiators request authorization to
4463 * proceed from user space (mgmt_user_confirm with
4464 * confirm_hint set to 1). The exception is if neither
4465 * side had MITM or if the local IO capability is
4466 * NoInputNoOutput, in which case we do auto-accept
4468 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4469 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4470 (loc_mitm || rem_mitm)) {
4471 BT_DBG("Confirming auto-accept as acceptor");
4476 BT_DBG("Auto-accept of user confirmation with %ums delay",
4477 hdev->auto_accept_delay);
4479 if (hdev->auto_accept_delay > 0) {
4480 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4481 queue_delayed_work(conn->hdev->workqueue,
4482 &conn->auto_accept_work, delay);
4486 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4487 sizeof(ev->bdaddr), &ev->bdaddr);
4492 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4493 le32_to_cpu(ev->passkey), confirm_hint);
4496 hci_dev_unlock(hdev);
4499 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4500 struct sk_buff *skb)
4502 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4504 BT_DBG("%s", hdev->name);
4506 if (hci_dev_test_flag(hdev, HCI_MGMT))
4507 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4510 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4511 struct sk_buff *skb)
4513 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4514 struct hci_conn *conn;
4516 BT_DBG("%s", hdev->name);
4518 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4522 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4523 conn->passkey_entered = 0;
4525 if (hci_dev_test_flag(hdev, HCI_MGMT))
4526 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4527 conn->dst_type, conn->passkey_notify,
4528 conn->passkey_entered);
4531 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4533 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4534 struct hci_conn *conn;
4536 BT_DBG("%s", hdev->name);
4538 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4543 case HCI_KEYPRESS_STARTED:
4544 conn->passkey_entered = 0;
4547 case HCI_KEYPRESS_ENTERED:
4548 conn->passkey_entered++;
4551 case HCI_KEYPRESS_ERASED:
4552 conn->passkey_entered--;
4555 case HCI_KEYPRESS_CLEARED:
4556 conn->passkey_entered = 0;
4559 case HCI_KEYPRESS_COMPLETED:
4563 if (hci_dev_test_flag(hdev, HCI_MGMT))
4564 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4565 conn->dst_type, conn->passkey_notify,
4566 conn->passkey_entered);
4569 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4570 struct sk_buff *skb)
4572 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4573 struct hci_conn *conn;
4575 BT_DBG("%s", hdev->name);
4579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4583 /* Reset the authentication requirement to unknown */
4584 conn->remote_auth = 0xff;
4586 /* To avoid duplicate auth_failed events to user space we check
4587 * the HCI_CONN_AUTH_PEND flag which will be set if we
4588 * initiated the authentication. A traditional auth_complete
4589 * event gets always produced as initiator and is also mapped to
4590 * the mgmt_auth_failed event */
4591 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4592 mgmt_auth_failed(conn, ev->status);
4594 hci_conn_drop(conn);
4597 hci_dev_unlock(hdev);
4600 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4601 struct sk_buff *skb)
4603 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4604 struct inquiry_entry *ie;
4605 struct hci_conn *conn;
4607 BT_DBG("%s", hdev->name);
4611 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4613 memcpy(conn->features[1], ev->features, 8);
4615 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4617 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4619 hci_dev_unlock(hdev);
4622 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4623 struct sk_buff *skb)
4625 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4626 struct oob_data *data;
4628 BT_DBG("%s", hdev->name);
4632 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4635 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4637 struct hci_cp_remote_oob_data_neg_reply cp;
4639 bacpy(&cp.bdaddr, &ev->bdaddr);
4640 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4645 if (bredr_sc_enabled(hdev)) {
4646 struct hci_cp_remote_oob_ext_data_reply cp;
4648 bacpy(&cp.bdaddr, &ev->bdaddr);
4649 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4650 memset(cp.hash192, 0, sizeof(cp.hash192));
4651 memset(cp.rand192, 0, sizeof(cp.rand192));
4653 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4654 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4656 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4657 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4659 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4662 struct hci_cp_remote_oob_data_reply cp;
4664 bacpy(&cp.bdaddr, &ev->bdaddr);
4665 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4666 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4668 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4673 hci_dev_unlock(hdev);
4676 #if IS_ENABLED(CONFIG_BT_HS)
4677 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4679 struct hci_ev_channel_selected *ev = (void *)skb->data;
4680 struct hci_conn *hcon;
4682 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4684 skb_pull(skb, sizeof(*ev));
4686 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4690 amp_read_loc_assoc_final_data(hdev, hcon);
4693 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4694 struct sk_buff *skb)
4696 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4697 struct hci_conn *hcon, *bredr_hcon;
4699 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4704 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4706 hci_dev_unlock(hdev);
4712 hci_dev_unlock(hdev);
4716 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4718 hcon->state = BT_CONNECTED;
4719 bacpy(&hcon->dst, &bredr_hcon->dst);
4721 hci_conn_hold(hcon);
4722 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4723 hci_conn_drop(hcon);
4725 hci_debugfs_create_conn(hcon);
4726 hci_conn_add_sysfs(hcon);
4728 amp_physical_cfm(bredr_hcon, hcon);
4730 hci_dev_unlock(hdev);
4733 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4735 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4736 struct hci_conn *hcon;
4737 struct hci_chan *hchan;
4738 struct amp_mgr *mgr;
4740 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4741 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4744 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4748 /* Create AMP hchan */
4749 hchan = hci_chan_create(hcon);
4753 hchan->handle = le16_to_cpu(ev->handle);
4755 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4757 mgr = hcon->amp_mgr;
4758 if (mgr && mgr->bredr_chan) {
4759 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4761 l2cap_chan_lock(bredr_chan);
4763 bredr_chan->conn->mtu = hdev->block_mtu;
4764 l2cap_logical_cfm(bredr_chan, hchan, 0);
4765 hci_conn_hold(hcon);
4767 l2cap_chan_unlock(bredr_chan);
4771 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4772 struct sk_buff *skb)
4774 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4775 struct hci_chan *hchan;
4777 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4778 le16_to_cpu(ev->handle), ev->status);
4785 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4789 amp_destroy_logical_link(hchan, ev->reason);
4792 hci_dev_unlock(hdev);
4795 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4796 struct sk_buff *skb)
4798 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4799 struct hci_conn *hcon;
4801 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4808 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4810 hcon->state = BT_CLOSED;
4814 hci_dev_unlock(hdev);
4818 static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
4819 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
4820 u16 interval, u16 latency, u16 supervision_timeout)
4822 struct hci_conn_params *params;
4823 struct hci_conn *conn;
4824 struct smp_irk *irk;
4829 /* All controllers implicitly stop advertising in the event of a
4830 * connection, so ensure that the state bit is cleared.
4832 hci_dev_clear_flag(hdev, HCI_LE_ADV);
4834 conn = hci_lookup_le_connect(hdev);
4836 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
4838 bt_dev_err(hdev, "no memory for new connection");
4842 conn->dst_type = bdaddr_type;
4844 /* If we didn't have a hci_conn object previously
4845 * but we're in master role this must be something
4846 * initiated using a white list. Since white list based
4847 * connections are not "first class citizens" we don't
4848 * have full tracking of them. Therefore, we go ahead
4849 * with a "best effort" approach of determining the
4850 * initiator address based on the HCI_PRIVACY flag.
4853 conn->resp_addr_type = bdaddr_type;
4854 bacpy(&conn->resp_addr, bdaddr);
4855 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4856 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4857 bacpy(&conn->init_addr, &hdev->rpa);
4859 hci_copy_identity_address(hdev,
4861 &conn->init_addr_type);
4865 cancel_delayed_work(&conn->le_conn_timeout);
4869 /* Set the responder (our side) address type based on
4870 * the advertising address type.
4872 conn->resp_addr_type = hdev->adv_addr_type;
4873 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
4874 /* In case of ext adv, resp_addr will be updated in
4875 * Adv Terminated event.
4877 if (!ext_adv_capable(hdev))
4878 bacpy(&conn->resp_addr, &hdev->random_addr);
4880 bacpy(&conn->resp_addr, &hdev->bdaddr);
4883 conn->init_addr_type = bdaddr_type;
4884 bacpy(&conn->init_addr, bdaddr);
4886 /* For incoming connections, set the default minimum
4887 * and maximum connection interval. They will be used
4888 * to check if the parameters are in range and if not
4889 * trigger the connection update procedure.
4891 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4892 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4895 /* Lookup the identity address from the stored connection
4896 * address and address type.
4898 * When establishing connections to an identity address, the
4899 * connection procedure will store the resolvable random
4900 * address first. Now if it can be converted back into the
4901 * identity address, start using the identity address from
4904 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4906 bacpy(&conn->dst, &irk->bdaddr);
4907 conn->dst_type = irk->addr_type;
4911 hci_le_conn_failed(conn, status);
4915 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4916 addr_type = BDADDR_LE_PUBLIC;
4918 addr_type = BDADDR_LE_RANDOM;
4920 /* Drop the connection if the device is blocked */
4921 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4922 hci_conn_drop(conn);
4926 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4927 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4929 conn->sec_level = BT_SECURITY_LOW;
4930 conn->handle = handle;
4931 conn->state = BT_CONFIG;
4933 conn->le_conn_interval = interval;
4934 conn->le_conn_latency = latency;
4935 conn->le_supv_timeout = supervision_timeout;
4937 hci_debugfs_create_conn(conn);
4938 hci_conn_add_sysfs(conn);
4940 /* The remote features procedure is defined for master
4941 * role only. So only in case of an initiated connection
4942 * request the remote features.
4944 * If the local controller supports slave-initiated features
4945 * exchange, then requesting the remote features in slave
4946 * role is possible. Otherwise just transition into the
4947 * connected state without requesting the remote features.
4950 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
4951 struct hci_cp_le_read_remote_features cp;
4953 cp.handle = __cpu_to_le16(conn->handle);
4955 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
4958 hci_conn_hold(conn);
4960 conn->state = BT_CONNECTED;
4961 hci_connect_cfm(conn, status);
4964 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4967 list_del_init(¶ms->action);
4969 hci_conn_drop(params->conn);
4970 hci_conn_put(params->conn);
4971 params->conn = NULL;
4976 hci_update_background_scan(hdev);
4977 hci_dev_unlock(hdev);
4980 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4982 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4986 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
4987 ev->role, le16_to_cpu(ev->handle),
4988 le16_to_cpu(ev->interval),
4989 le16_to_cpu(ev->latency),
4990 le16_to_cpu(ev->supervision_timeout));
4993 static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
4994 struct sk_buff *skb)
4996 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
4998 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5000 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5001 ev->role, le16_to_cpu(ev->handle),
5002 le16_to_cpu(ev->interval),
5003 le16_to_cpu(ev->latency),
5004 le16_to_cpu(ev->supervision_timeout));
5007 static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5009 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5010 struct hci_conn *conn;
5012 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5017 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5019 struct adv_info *adv_instance;
5021 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5024 if (!hdev->cur_adv_instance) {
5025 bacpy(&conn->resp_addr, &hdev->random_addr);
5029 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5031 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5035 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5036 struct sk_buff *skb)
5038 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5039 struct hci_conn *conn;
5041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5048 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5050 conn->le_conn_interval = le16_to_cpu(ev->interval);
5051 conn->le_conn_latency = le16_to_cpu(ev->latency);
5052 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5055 hci_dev_unlock(hdev);
5058 /* This function requires the caller holds hdev->lock */
5059 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5061 u8 addr_type, u8 adv_type,
5062 bdaddr_t *direct_rpa)
5064 struct hci_conn *conn;
5065 struct hci_conn_params *params;
5067 /* If the event is not connectable don't proceed further */
5068 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
5071 /* Ignore if the device is blocked */
5072 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
5075 /* Most controller will fail if we try to create new connections
5076 * while we have an existing one in slave role.
5078 if (hdev->conn_hash.le_num_slave > 0)
5081 /* If we're not connectable only connect devices that we have in
5082 * our pend_le_conns list.
5084 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5089 if (!params->explicit_connect) {
5090 switch (params->auto_connect) {
5091 case HCI_AUTO_CONN_DIRECT:
5092 /* Only devices advertising with ADV_DIRECT_IND are
5093 * triggering a connection attempt. This is allowing
5094 * incoming connections from slave devices.
5096 if (adv_type != LE_ADV_DIRECT_IND)
5099 case HCI_AUTO_CONN_ALWAYS:
5100 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5101 * are triggering a connection attempt. This means
5102 * that incoming connectioms from slave device are
5103 * accepted and also outgoing connections to slave
5104 * devices are established when found.
5112 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
5113 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER,
5115 if (!IS_ERR(conn)) {
5116 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5117 * by higher layer that tried to connect, if no then
5118 * store the pointer since we don't really have any
5119 * other owner of the object besides the params that
5120 * triggered it. This way we can abort the connection if
5121 * the parameters get removed and keep the reference
5122 * count consistent once the connection is established.
5125 if (!params->explicit_connect)
5126 params->conn = hci_conn_get(conn);
5131 switch (PTR_ERR(conn)) {
5133 /* If hci_connect() returns -EBUSY it means there is already
5134 * an LE connection attempt going on. Since controllers don't
5135 * support more than one connection attempt at the time, we
5136 * don't consider this an error case.
5140 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
5147 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
5148 u8 bdaddr_type, bdaddr_t *direct_addr,
5149 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
5151 struct discovery_state *d = &hdev->discovery;
5152 struct smp_irk *irk;
5153 struct hci_conn *conn;
5160 case LE_ADV_DIRECT_IND:
5161 case LE_ADV_SCAN_IND:
5162 case LE_ADV_NONCONN_IND:
5163 case LE_ADV_SCAN_RSP:
5166 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5167 "type: 0x%02x", type);
5171 /* Find the end of the data in case the report contains padded zero
5172 * bytes at the end causing an invalid length value.
5174 * When data is NULL, len is 0 so there is no need for extra ptr
5175 * check as 'ptr < data + 0' is already false in such case.
5177 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5178 if (ptr + 1 + *ptr > data + len)
5182 real_len = ptr - data;
5184 /* Adjust for actual length */
5185 if (len != real_len) {
5186 bt_dev_err_ratelimited(hdev, "advertising data len corrected");
5190 /* If the direct address is present, then this report is from
5191 * a LE Direct Advertising Report event. In that case it is
5192 * important to see if the address is matching the local
5193 * controller address.
5196 /* Only resolvable random addresses are valid for these
5197 * kind of reports and others can be ignored.
5199 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5202 /* If the controller is not using resolvable random
5203 * addresses, then this report can be ignored.
5205 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
5208 /* If the local IRK of the controller does not match
5209 * with the resolvable random address provided, then
5210 * this report can be ignored.
5212 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5216 /* Check if we need to convert to identity address */
5217 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5219 bdaddr = &irk->bdaddr;
5220 bdaddr_type = irk->addr_type;
5223 /* Check if we have been requested to connect to this device.
5225 * direct_addr is set only for directed advertising reports (it is NULL
5226 * for advertising reports) and is already verified to be RPA above.
5228 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5230 if (conn && type == LE_ADV_IND) {
5231 /* Store report for later inclusion by
5232 * mgmt_device_connected
5234 memcpy(conn->le_adv_data, data, len);
5235 conn->le_adv_data_len = len;
5238 /* Passive scanning shouldn't trigger any device found events,
5239 * except for devices marked as CONN_REPORT for which we do send
5240 * device found events.
5242 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
5243 if (type == LE_ADV_DIRECT_IND)
5246 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
5247 bdaddr, bdaddr_type))
5250 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5251 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5254 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5255 rssi, flags, data, len, NULL, 0);
5259 /* When receiving non-connectable or scannable undirected
5260 * advertising reports, this means that the remote device is
5261 * not connectable and then clearly indicate this in the
5262 * device found event.
5264 * When receiving a scan response, then there is no way to
5265 * know if the remote device is connectable or not. However
5266 * since scan responses are merged with a previously seen
5267 * advertising report, the flags field from that report
5270 * In the really unlikely case that a controller get confused
5271 * and just sends a scan response event, then it is marked as
5272 * not connectable as well.
5274 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5275 type == LE_ADV_SCAN_RSP)
5276 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5280 /* If there's nothing pending either store the data from this
5281 * event or send an immediate device found event if the data
5282 * should not be stored for later.
5284 if (!has_pending_adv_report(hdev)) {
5285 /* If the report will trigger a SCAN_REQ store it for
5288 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5289 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5290 rssi, flags, data, len);
5294 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5295 rssi, flags, data, len, NULL, 0);
5299 /* Check if the pending report is for the same device as the new one */
5300 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5301 bdaddr_type == d->last_adv_addr_type);
5303 /* If the pending data doesn't match this report or this isn't a
5304 * scan response (e.g. we got a duplicate ADV_IND) then force
5305 * sending of the pending data.
5307 if (type != LE_ADV_SCAN_RSP || !match) {
5308 /* Send out whatever is in the cache, but skip duplicates */
5310 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5311 d->last_adv_addr_type, NULL,
5312 d->last_adv_rssi, d->last_adv_flags,
5314 d->last_adv_data_len, NULL, 0);
5316 /* If the new report will trigger a SCAN_REQ store it for
5319 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5320 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5321 rssi, flags, data, len);
5325 /* The advertising reports cannot be merged, so clear
5326 * the pending report and send out a device found event.
5328 clear_pending_adv_report(hdev);
5329 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5330 rssi, flags, data, len, NULL, 0);
5334 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5335 * the new event is a SCAN_RSP. We can therefore proceed with
5336 * sending a merged device found event.
5338 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5339 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5340 d->last_adv_data, d->last_adv_data_len, data, len);
5341 clear_pending_adv_report(hdev);
5344 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5346 u8 num_reports = skb->data[0];
5347 void *ptr = &skb->data[1];
5351 while (num_reports--) {
5352 struct hci_ev_le_advertising_info *ev = ptr;
5355 if (ev->length <= HCI_MAX_AD_LENGTH) {
5356 rssi = ev->data[ev->length];
5357 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5358 ev->bdaddr_type, NULL, 0, rssi,
5359 ev->data, ev->length);
5361 bt_dev_err(hdev, "Dropping invalid advertising data");
5364 ptr += sizeof(*ev) + ev->length + 1;
5367 hci_dev_unlock(hdev);
5370 static u8 ext_evt_type_to_legacy(u16 evt_type)
5372 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5374 case LE_LEGACY_ADV_IND:
5376 case LE_LEGACY_ADV_DIRECT_IND:
5377 return LE_ADV_DIRECT_IND;
5378 case LE_LEGACY_ADV_SCAN_IND:
5379 return LE_ADV_SCAN_IND;
5380 case LE_LEGACY_NONCONN_IND:
5381 return LE_ADV_NONCONN_IND;
5382 case LE_LEGACY_SCAN_RSP_ADV:
5383 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5384 return LE_ADV_SCAN_RSP;
5387 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5390 return LE_ADV_INVALID;
5393 if (evt_type & LE_EXT_ADV_CONN_IND) {
5394 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5395 return LE_ADV_DIRECT_IND;
5400 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5401 return LE_ADV_SCAN_RSP;
5403 if (evt_type & LE_EXT_ADV_SCAN_IND)
5404 return LE_ADV_SCAN_IND;
5406 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5407 evt_type & LE_EXT_ADV_DIRECT_IND)
5408 return LE_ADV_NONCONN_IND;
5410 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5413 return LE_ADV_INVALID;
5416 static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5418 u8 num_reports = skb->data[0];
5419 void *ptr = &skb->data[1];
5423 while (num_reports--) {
5424 struct hci_ev_le_ext_adv_report *ev = ptr;
5428 evt_type = __le16_to_cpu(ev->evt_type);
5429 legacy_evt_type = ext_evt_type_to_legacy(evt_type);
5430 if (legacy_evt_type != LE_ADV_INVALID) {
5431 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5432 ev->bdaddr_type, NULL, 0, ev->rssi,
5433 ev->data, ev->length);
5436 ptr += sizeof(*ev) + ev->length + 1;
5439 hci_dev_unlock(hdev);
5442 static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5443 struct sk_buff *skb)
5445 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5446 struct hci_conn *conn;
5448 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5452 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5455 memcpy(conn->features[0], ev->features, 8);
5457 if (conn->state == BT_CONFIG) {
5460 /* If the local controller supports slave-initiated
5461 * features exchange, but the remote controller does
5462 * not, then it is possible that the error code 0x1a
5463 * for unsupported remote feature gets returned.
5465 * In this specific case, allow the connection to
5466 * transition into connected state and mark it as
5469 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5470 !conn->out && ev->status == 0x1a)
5473 status = ev->status;
5475 conn->state = BT_CONNECTED;
5476 hci_connect_cfm(conn, status);
5477 hci_conn_drop(conn);
5481 hci_dev_unlock(hdev);
5484 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5486 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5487 struct hci_cp_le_ltk_reply cp;
5488 struct hci_cp_le_ltk_neg_reply neg;
5489 struct hci_conn *conn;
5490 struct smp_ltk *ltk;
5492 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5496 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5500 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5504 if (smp_ltk_is_sc(ltk)) {
5505 /* With SC both EDiv and Rand are set to zero */
5506 if (ev->ediv || ev->rand)
5509 /* For non-SC keys check that EDiv and Rand match */
5510 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5514 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5515 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
5516 cp.handle = cpu_to_le16(conn->handle);
5518 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5520 conn->enc_key_size = ltk->enc_size;
5522 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5524 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5525 * temporary key used to encrypt a connection following
5526 * pairing. It is used during the Encrypted Session Setup to
5527 * distribute the keys. Later, security can be re-established
5528 * using a distributed LTK.
5530 if (ltk->type == SMP_STK) {
5531 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5532 list_del_rcu(<k->list);
5533 kfree_rcu(ltk, rcu);
5535 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5538 hci_dev_unlock(hdev);
5543 neg.handle = ev->handle;
5544 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5545 hci_dev_unlock(hdev);
5548 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5551 struct hci_cp_le_conn_param_req_neg_reply cp;
5553 cp.handle = cpu_to_le16(handle);
5556 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5560 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5561 struct sk_buff *skb)
5563 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5564 struct hci_cp_le_conn_param_req_reply cp;
5565 struct hci_conn *hcon;
5566 u16 handle, min, max, latency, timeout;
5568 handle = le16_to_cpu(ev->handle);
5569 min = le16_to_cpu(ev->interval_min);
5570 max = le16_to_cpu(ev->interval_max);
5571 latency = le16_to_cpu(ev->latency);
5572 timeout = le16_to_cpu(ev->timeout);
5574 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5575 if (!hcon || hcon->state != BT_CONNECTED)
5576 return send_conn_param_neg_reply(hdev, handle,
5577 HCI_ERROR_UNKNOWN_CONN_ID);
5579 if (hci_check_conn_params(min, max, latency, timeout))
5580 return send_conn_param_neg_reply(hdev, handle,
5581 HCI_ERROR_INVALID_LL_PARAMS);
5583 if (hcon->role == HCI_ROLE_MASTER) {
5584 struct hci_conn_params *params;
5589 params = hci_conn_params_lookup(hdev, &hcon->dst,
5592 params->conn_min_interval = min;
5593 params->conn_max_interval = max;
5594 params->conn_latency = latency;
5595 params->supervision_timeout = timeout;
5601 hci_dev_unlock(hdev);
5603 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5604 store_hint, min, max, latency, timeout);
5607 cp.handle = ev->handle;
5608 cp.interval_min = ev->interval_min;
5609 cp.interval_max = ev->interval_max;
5610 cp.latency = ev->latency;
5611 cp.timeout = ev->timeout;
5615 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5618 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5619 struct sk_buff *skb)
5621 u8 num_reports = skb->data[0];
5622 void *ptr = &skb->data[1];
5626 while (num_reports--) {
5627 struct hci_ev_le_direct_adv_info *ev = ptr;
5629 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5630 ev->bdaddr_type, &ev->direct_addr,
5631 ev->direct_addr_type, ev->rssi, NULL, 0);
5636 hci_dev_unlock(hdev);
5639 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5641 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5643 skb_pull(skb, sizeof(*le_ev));
5645 switch (le_ev->subevent) {
5646 case HCI_EV_LE_CONN_COMPLETE:
5647 hci_le_conn_complete_evt(hdev, skb);
5650 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5651 hci_le_conn_update_complete_evt(hdev, skb);
5654 case HCI_EV_LE_ADVERTISING_REPORT:
5655 hci_le_adv_report_evt(hdev, skb);
5658 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5659 hci_le_remote_feat_complete_evt(hdev, skb);
5662 case HCI_EV_LE_LTK_REQ:
5663 hci_le_ltk_request_evt(hdev, skb);
5666 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5667 hci_le_remote_conn_param_req_evt(hdev, skb);
5670 case HCI_EV_LE_DIRECT_ADV_REPORT:
5671 hci_le_direct_adv_report_evt(hdev, skb);
5674 case HCI_EV_LE_EXT_ADV_REPORT:
5675 hci_le_ext_adv_report_evt(hdev, skb);
5678 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5679 hci_le_enh_conn_complete_evt(hdev, skb);
5682 case HCI_EV_LE_EXT_ADV_SET_TERM:
5683 hci_le_ext_adv_term_evt(hdev, skb);
5691 static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5692 u8 event, struct sk_buff *skb)
5694 struct hci_ev_cmd_complete *ev;
5695 struct hci_event_hdr *hdr;
5700 if (skb->len < sizeof(*hdr)) {
5701 bt_dev_err(hdev, "too short HCI event");
5705 hdr = (void *) skb->data;
5706 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5709 if (hdr->evt != event)
5714 /* Check if request ended in Command Status - no way to retreive
5715 * any extra parameters in this case.
5717 if (hdr->evt == HCI_EV_CMD_STATUS)
5720 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5721 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5726 if (skb->len < sizeof(*ev)) {
5727 bt_dev_err(hdev, "too short cmd_complete event");
5731 ev = (void *) skb->data;
5732 skb_pull(skb, sizeof(*ev));
5734 if (opcode != __le16_to_cpu(ev->opcode)) {
5735 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5736 __le16_to_cpu(ev->opcode));
5743 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5745 struct hci_event_hdr *hdr = (void *) skb->data;
5746 hci_req_complete_t req_complete = NULL;
5747 hci_req_complete_skb_t req_complete_skb = NULL;
5748 struct sk_buff *orig_skb = NULL;
5749 u8 status = 0, event = hdr->evt, req_evt = 0;
5750 u16 opcode = HCI_OP_NOP;
5752 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
5753 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5754 opcode = __le16_to_cpu(cmd_hdr->opcode);
5755 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5760 /* If it looks like we might end up having to call
5761 * req_complete_skb, store a pristine copy of the skb since the
5762 * various handlers may modify the original one through
5763 * skb_pull() calls, etc.
5765 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5766 event == HCI_EV_CMD_COMPLETE)
5767 orig_skb = skb_clone(skb, GFP_KERNEL);
5769 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5772 case HCI_EV_INQUIRY_COMPLETE:
5773 hci_inquiry_complete_evt(hdev, skb);
5776 case HCI_EV_INQUIRY_RESULT:
5777 hci_inquiry_result_evt(hdev, skb);
5780 case HCI_EV_CONN_COMPLETE:
5781 hci_conn_complete_evt(hdev, skb);
5784 case HCI_EV_CONN_REQUEST:
5785 hci_conn_request_evt(hdev, skb);
5788 case HCI_EV_DISCONN_COMPLETE:
5789 hci_disconn_complete_evt(hdev, skb);
5792 case HCI_EV_AUTH_COMPLETE:
5793 hci_auth_complete_evt(hdev, skb);
5796 case HCI_EV_REMOTE_NAME:
5797 hci_remote_name_evt(hdev, skb);
5800 case HCI_EV_ENCRYPT_CHANGE:
5801 hci_encrypt_change_evt(hdev, skb);
5804 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5805 hci_change_link_key_complete_evt(hdev, skb);
5808 case HCI_EV_REMOTE_FEATURES:
5809 hci_remote_features_evt(hdev, skb);
5812 case HCI_EV_CMD_COMPLETE:
5813 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
5814 &req_complete, &req_complete_skb);
5817 case HCI_EV_CMD_STATUS:
5818 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
5822 case HCI_EV_HARDWARE_ERROR:
5823 hci_hardware_error_evt(hdev, skb);
5826 case HCI_EV_ROLE_CHANGE:
5827 hci_role_change_evt(hdev, skb);
5830 case HCI_EV_NUM_COMP_PKTS:
5831 hci_num_comp_pkts_evt(hdev, skb);
5834 case HCI_EV_MODE_CHANGE:
5835 hci_mode_change_evt(hdev, skb);
5838 case HCI_EV_PIN_CODE_REQ:
5839 hci_pin_code_request_evt(hdev, skb);
5842 case HCI_EV_LINK_KEY_REQ:
5843 hci_link_key_request_evt(hdev, skb);
5846 case HCI_EV_LINK_KEY_NOTIFY:
5847 hci_link_key_notify_evt(hdev, skb);
5850 case HCI_EV_CLOCK_OFFSET:
5851 hci_clock_offset_evt(hdev, skb);
5854 case HCI_EV_PKT_TYPE_CHANGE:
5855 hci_pkt_type_change_evt(hdev, skb);
5858 case HCI_EV_PSCAN_REP_MODE:
5859 hci_pscan_rep_mode_evt(hdev, skb);
5862 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5863 hci_inquiry_result_with_rssi_evt(hdev, skb);
5866 case HCI_EV_REMOTE_EXT_FEATURES:
5867 hci_remote_ext_features_evt(hdev, skb);
5870 case HCI_EV_SYNC_CONN_COMPLETE:
5871 hci_sync_conn_complete_evt(hdev, skb);
5874 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5875 hci_extended_inquiry_result_evt(hdev, skb);
5878 case HCI_EV_KEY_REFRESH_COMPLETE:
5879 hci_key_refresh_complete_evt(hdev, skb);
5882 case HCI_EV_IO_CAPA_REQUEST:
5883 hci_io_capa_request_evt(hdev, skb);
5886 case HCI_EV_IO_CAPA_REPLY:
5887 hci_io_capa_reply_evt(hdev, skb);
5890 case HCI_EV_USER_CONFIRM_REQUEST:
5891 hci_user_confirm_request_evt(hdev, skb);
5894 case HCI_EV_USER_PASSKEY_REQUEST:
5895 hci_user_passkey_request_evt(hdev, skb);
5898 case HCI_EV_USER_PASSKEY_NOTIFY:
5899 hci_user_passkey_notify_evt(hdev, skb);
5902 case HCI_EV_KEYPRESS_NOTIFY:
5903 hci_keypress_notify_evt(hdev, skb);
5906 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5907 hci_simple_pair_complete_evt(hdev, skb);
5910 case HCI_EV_REMOTE_HOST_FEATURES:
5911 hci_remote_host_features_evt(hdev, skb);
5914 case HCI_EV_LE_META:
5915 hci_le_meta_evt(hdev, skb);
5918 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5919 hci_remote_oob_data_request_evt(hdev, skb);
5922 #if IS_ENABLED(CONFIG_BT_HS)
5923 case HCI_EV_CHANNEL_SELECTED:
5924 hci_chan_selected_evt(hdev, skb);
5927 case HCI_EV_PHY_LINK_COMPLETE:
5928 hci_phy_link_complete_evt(hdev, skb);
5931 case HCI_EV_LOGICAL_LINK_COMPLETE:
5932 hci_loglink_complete_evt(hdev, skb);
5935 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5936 hci_disconn_loglink_complete_evt(hdev, skb);
5939 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5940 hci_disconn_phylink_complete_evt(hdev, skb);
5944 case HCI_EV_NUM_COMP_BLOCKS:
5945 hci_num_comp_blocks_evt(hdev, skb);
5949 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5954 req_complete(hdev, status, opcode);
5955 } else if (req_complete_skb) {
5956 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
5957 kfree_skb(orig_skb);
5960 req_complete_skb(hdev, status, opcode, orig_skb);
5963 kfree_skb(orig_skb);
5965 hdev->stat.evt_rx++;
projects / linux-2.6-microblaze.git / blob