2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
58 /* Set discovery state to stopped if we're not doing LE active
61 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
62 hdev->le_scan_type != LE_SCAN_ACTIVE)
63 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
66 hci_conn_check_pending(hdev);
69 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71 __u8 status = *((__u8 *) skb->data);
73 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
81 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
83 __u8 status = *((__u8 *) skb->data);
85 BT_DBG("%s status 0x%2.2x", hdev->name, status);
90 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
92 hci_conn_check_pending(hdev);
95 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
98 BT_DBG("%s", hdev->name);
101 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
103 struct hci_rp_role_discovery *rp = (void *) skb->data;
104 struct hci_conn *conn;
106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
115 conn->role = rp->role;
117 hci_dev_unlock(hdev);
120 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
122 struct hci_rp_read_link_policy *rp = (void *) skb->data;
123 struct hci_conn *conn;
125 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
134 conn->link_policy = __le16_to_cpu(rp->policy);
136 hci_dev_unlock(hdev);
139 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
141 struct hci_rp_write_link_policy *rp = (void *) skb->data;
142 struct hci_conn *conn;
145 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
158 conn->link_policy = get_unaligned_le16(sent + 2);
160 hci_dev_unlock(hdev);
163 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
166 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
173 hdev->link_policy = __le16_to_cpu(rp->policy);
176 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
179 __u8 status = *((__u8 *) skb->data);
182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
191 hdev->link_policy = get_unaligned_le16(sent);
194 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
196 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
200 clear_bit(HCI_RESET, &hdev->flags);
205 /* Reset all non-persistent flags */
206 hci_dev_clear_volatile_flags(hdev);
208 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
210 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
211 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
213 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
214 hdev->adv_data_len = 0;
216 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
217 hdev->scan_rsp_data_len = 0;
219 hdev->le_scan_type = LE_SCAN_PASSIVE;
221 hdev->ssp_debug_mode = 0;
223 hci_bdaddr_list_clear(&hdev->le_white_list);
224 hci_bdaddr_list_clear(&hdev->le_resolv_list);
227 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
230 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
231 struct hci_cp_read_stored_link_key *sent;
233 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
239 if (!rp->status && sent->read_all == 0x01) {
240 hdev->stored_max_keys = rp->max_keys;
241 hdev->stored_num_keys = rp->num_keys;
245 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
248 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
250 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
255 if (rp->num_keys <= hdev->stored_num_keys)
256 hdev->stored_num_keys -= rp->num_keys;
258 hdev->stored_num_keys = 0;
261 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
263 __u8 status = *((__u8 *) skb->data);
266 BT_DBG("%s status 0x%2.2x", hdev->name, status);
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
274 if (hci_dev_test_flag(hdev, HCI_MGMT))
275 mgmt_set_local_name_complete(hdev, sent, status);
277 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
279 hci_dev_unlock(hdev);
282 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
284 struct hci_rp_read_local_name *rp = (void *) skb->data;
286 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
291 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
292 hci_dev_test_flag(hdev, HCI_CONFIG))
293 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
296 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
298 __u8 status = *((__u8 *) skb->data);
301 BT_DBG("%s status 0x%2.2x", hdev->name, status);
303 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
310 __u8 param = *((__u8 *) sent);
312 if (param == AUTH_ENABLED)
313 set_bit(HCI_AUTH, &hdev->flags);
315 clear_bit(HCI_AUTH, &hdev->flags);
318 if (hci_dev_test_flag(hdev, HCI_MGMT))
319 mgmt_auth_enable_complete(hdev, status);
321 hci_dev_unlock(hdev);
324 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
330 BT_DBG("%s status 0x%2.2x", hdev->name, status);
335 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
339 param = *((__u8 *) sent);
342 set_bit(HCI_ENCRYPT, &hdev->flags);
344 clear_bit(HCI_ENCRYPT, &hdev->flags);
347 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
353 BT_DBG("%s status 0x%2.2x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
359 param = *((__u8 *) sent);
364 hdev->discov_timeout = 0;
368 if (param & SCAN_INQUIRY)
369 set_bit(HCI_ISCAN, &hdev->flags);
371 clear_bit(HCI_ISCAN, &hdev->flags);
373 if (param & SCAN_PAGE)
374 set_bit(HCI_PSCAN, &hdev->flags);
376 clear_bit(HCI_PSCAN, &hdev->flags);
379 hci_dev_unlock(hdev);
382 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
384 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
386 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
391 memcpy(hdev->dev_class, rp->dev_class, 3);
393 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
394 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
397 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
411 memcpy(hdev->dev_class, sent, 3);
413 if (hci_dev_test_flag(hdev, HCI_MGMT))
414 mgmt_set_class_of_dev_complete(hdev, sent, status);
416 hci_dev_unlock(hdev);
419 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
421 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
424 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429 setting = __le16_to_cpu(rp->voice_setting);
431 if (hdev->voice_setting == setting)
434 hdev->voice_setting = setting;
436 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
439 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
442 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
445 __u8 status = *((__u8 *) skb->data);
449 BT_DBG("%s status 0x%2.2x", hdev->name, status);
454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
458 setting = get_unaligned_le16(sent);
460 if (hdev->voice_setting == setting)
463 hdev->voice_setting = setting;
465 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
468 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
471 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
474 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
476 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
481 hdev->num_iac = rp->num_iac;
483 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
486 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
488 __u8 status = *((__u8 *) skb->data);
489 struct hci_cp_write_ssp_mode *sent;
491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
493 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
501 hdev->features[1][0] |= LMP_HOST_SSP;
503 hdev->features[1][0] &= ~LMP_HOST_SSP;
506 if (hci_dev_test_flag(hdev, HCI_MGMT))
507 mgmt_ssp_enable_complete(hdev, sent->mode, status);
510 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
512 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
515 hci_dev_unlock(hdev);
518 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
520 u8 status = *((u8 *) skb->data);
521 struct hci_cp_write_sc_support *sent;
523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
525 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
533 hdev->features[1][0] |= LMP_HOST_SC;
535 hdev->features[1][0] &= ~LMP_HOST_SC;
538 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
540 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
542 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
545 hci_dev_unlock(hdev);
548 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
550 struct hci_rp_read_local_version *rp = (void *) skb->data;
552 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
557 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
558 hci_dev_test_flag(hdev, HCI_CONFIG)) {
559 hdev->hci_ver = rp->hci_ver;
560 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
561 hdev->lmp_ver = rp->lmp_ver;
562 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
563 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
567 static void hci_cc_read_local_commands(struct hci_dev *hdev,
570 struct hci_rp_read_local_commands *rp = (void *) skb->data;
572 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
577 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
578 hci_dev_test_flag(hdev, HCI_CONFIG))
579 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
582 static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
585 struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
586 struct hci_conn *conn;
588 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
597 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
599 hci_dev_unlock(hdev);
602 static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
605 struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
606 struct hci_conn *conn;
609 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
614 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
620 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
622 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
624 hci_dev_unlock(hdev);
627 static void hci_cc_read_local_features(struct hci_dev *hdev,
630 struct hci_rp_read_local_features *rp = (void *) skb->data;
632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637 memcpy(hdev->features, rp->features, 8);
639 /* Adjust default settings according to features
640 * supported by device. */
642 if (hdev->features[0][0] & LMP_3SLOT)
643 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
645 if (hdev->features[0][0] & LMP_5SLOT)
646 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
648 if (hdev->features[0][1] & LMP_HV2) {
649 hdev->pkt_type |= (HCI_HV2);
650 hdev->esco_type |= (ESCO_HV2);
653 if (hdev->features[0][1] & LMP_HV3) {
654 hdev->pkt_type |= (HCI_HV3);
655 hdev->esco_type |= (ESCO_HV3);
658 if (lmp_esco_capable(hdev))
659 hdev->esco_type |= (ESCO_EV3);
661 if (hdev->features[0][4] & LMP_EV4)
662 hdev->esco_type |= (ESCO_EV4);
664 if (hdev->features[0][4] & LMP_EV5)
665 hdev->esco_type |= (ESCO_EV5);
667 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
668 hdev->esco_type |= (ESCO_2EV3);
670 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
671 hdev->esco_type |= (ESCO_3EV3);
673 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
674 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
677 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
680 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
687 if (hdev->max_page < rp->max_page)
688 hdev->max_page = rp->max_page;
690 if (rp->page < HCI_MAX_PAGES)
691 memcpy(hdev->features[rp->page], rp->features, 8);
694 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
697 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
699 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
704 hdev->flow_ctl_mode = rp->mode;
707 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
709 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
716 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
717 hdev->sco_mtu = rp->sco_mtu;
718 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
719 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
721 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
726 hdev->acl_cnt = hdev->acl_pkts;
727 hdev->sco_cnt = hdev->sco_pkts;
729 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
730 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
733 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
735 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
737 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
742 if (test_bit(HCI_INIT, &hdev->flags))
743 bacpy(&hdev->bdaddr, &rp->bdaddr);
745 if (hci_dev_test_flag(hdev, HCI_SETUP))
746 bacpy(&hdev->setup_addr, &rp->bdaddr);
749 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
752 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
754 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759 if (test_bit(HCI_INIT, &hdev->flags)) {
760 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
761 hdev->page_scan_window = __le16_to_cpu(rp->window);
765 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
768 u8 status = *((u8 *) skb->data);
769 struct hci_cp_write_page_scan_activity *sent;
771 BT_DBG("%s status 0x%2.2x", hdev->name, status);
776 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
780 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
781 hdev->page_scan_window = __le16_to_cpu(sent->window);
784 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
787 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
789 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
794 if (test_bit(HCI_INIT, &hdev->flags))
795 hdev->page_scan_type = rp->type;
798 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
801 u8 status = *((u8 *) skb->data);
804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
809 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
811 hdev->page_scan_type = *type;
814 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
817 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
819 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
824 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
825 hdev->block_len = __le16_to_cpu(rp->block_len);
826 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
828 hdev->block_cnt = hdev->num_blocks;
830 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
831 hdev->block_cnt, hdev->block_len);
834 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
836 struct hci_rp_read_clock *rp = (void *) skb->data;
837 struct hci_cp_read_clock *cp;
838 struct hci_conn *conn;
840 BT_DBG("%s", hdev->name);
842 if (skb->len < sizeof(*rp))
850 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
854 if (cp->which == 0x00) {
855 hdev->clock = le32_to_cpu(rp->clock);
859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
861 conn->clock = le32_to_cpu(rp->clock);
862 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
866 hci_dev_unlock(hdev);
869 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
872 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
874 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
879 hdev->amp_status = rp->amp_status;
880 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
881 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
882 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
883 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
884 hdev->amp_type = rp->amp_type;
885 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
886 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
887 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
888 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
891 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
894 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
896 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 hdev->inq_tx_power = rp->tx_power;
904 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
906 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
907 struct hci_cp_pin_code_reply *cp;
908 struct hci_conn *conn;
910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
914 if (hci_dev_test_flag(hdev, HCI_MGMT))
915 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
920 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
924 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
926 conn->pin_length = cp->pin_len;
929 hci_dev_unlock(hdev);
932 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
934 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
936 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
940 if (hci_dev_test_flag(hdev, HCI_MGMT))
941 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
944 hci_dev_unlock(hdev);
947 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
950 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
952 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
957 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
958 hdev->le_pkts = rp->le_max_pkt;
960 hdev->le_cnt = hdev->le_pkts;
962 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
965 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
968 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
970 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
975 memcpy(hdev->le_features, rp->features, 8);
978 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
981 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
983 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
988 hdev->adv_tx_power = rp->tx_power;
991 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
993 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
999 if (hci_dev_test_flag(hdev, HCI_MGMT))
1000 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1003 hci_dev_unlock(hdev);
1006 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1007 struct sk_buff *skb)
1009 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1011 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1015 if (hci_dev_test_flag(hdev, HCI_MGMT))
1016 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1017 ACL_LINK, 0, rp->status);
1019 hci_dev_unlock(hdev);
1022 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1024 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1026 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1030 if (hci_dev_test_flag(hdev, HCI_MGMT))
1031 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1034 hci_dev_unlock(hdev);
1037 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1038 struct sk_buff *skb)
1040 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1042 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046 if (hci_dev_test_flag(hdev, HCI_MGMT))
1047 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1048 ACL_LINK, 0, rp->status);
1050 hci_dev_unlock(hdev);
1053 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1054 struct sk_buff *skb)
1056 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1058 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1061 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1062 struct sk_buff *skb)
1064 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1066 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1069 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1071 __u8 status = *((__u8 *) skb->data);
1074 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1079 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1085 bacpy(&hdev->random_addr, sent);
1087 hci_dev_unlock(hdev);
1090 static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1092 __u8 status = *((__u8 *) skb->data);
1093 struct hci_cp_le_set_default_phy *cp;
1095 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1106 hdev->le_tx_def_phys = cp->tx_phys;
1107 hdev->le_rx_def_phys = cp->rx_phys;
1109 hci_dev_unlock(hdev);
1112 static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1113 struct sk_buff *skb)
1115 __u8 status = *((__u8 *) skb->data);
1116 struct hci_cp_le_set_adv_set_rand_addr *cp;
1117 struct adv_info *adv_instance;
1122 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1128 if (!hdev->cur_adv_instance) {
1129 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1130 bacpy(&hdev->random_addr, &cp->bdaddr);
1132 adv_instance = hci_find_adv_instance(hdev,
1133 hdev->cur_adv_instance);
1135 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1138 hci_dev_unlock(hdev);
1141 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1143 __u8 *sent, status = *((__u8 *) skb->data);
1145 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1150 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1156 /* If we're doing connection initiation as peripheral. Set a
1157 * timeout in case something goes wrong.
1160 struct hci_conn *conn;
1162 hci_dev_set_flag(hdev, HCI_LE_ADV);
1164 conn = hci_lookup_le_connect(hdev);
1166 queue_delayed_work(hdev->workqueue,
1167 &conn->le_conn_timeout,
1168 conn->conn_timeout);
1170 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1173 hci_dev_unlock(hdev);
1176 static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1179 struct hci_cp_le_set_ext_adv_enable *cp;
1180 __u8 status = *((__u8 *) skb->data);
1182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1187 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1194 struct hci_conn *conn;
1196 hci_dev_set_flag(hdev, HCI_LE_ADV);
1198 conn = hci_lookup_le_connect(hdev);
1200 queue_delayed_work(hdev->workqueue,
1201 &conn->le_conn_timeout,
1202 conn->conn_timeout);
1204 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1207 hci_dev_unlock(hdev);
1210 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1212 struct hci_cp_le_set_scan_param *cp;
1213 __u8 status = *((__u8 *) skb->data);
1215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1220 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1226 hdev->le_scan_type = cp->type;
1228 hci_dev_unlock(hdev);
1231 static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1232 struct sk_buff *skb)
1234 struct hci_cp_le_set_ext_scan_params *cp;
1235 __u8 status = *((__u8 *) skb->data);
1236 struct hci_cp_le_scan_phy_params *phy_param;
1238 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1243 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1247 phy_param = (void *)cp->data;
1251 hdev->le_scan_type = phy_param->type;
1253 hci_dev_unlock(hdev);
1256 static bool has_pending_adv_report(struct hci_dev *hdev)
1258 struct discovery_state *d = &hdev->discovery;
1260 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1263 static void clear_pending_adv_report(struct hci_dev *hdev)
1265 struct discovery_state *d = &hdev->discovery;
1267 bacpy(&d->last_adv_addr, BDADDR_ANY);
1268 d->last_adv_data_len = 0;
1271 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1272 u8 bdaddr_type, s8 rssi, u32 flags,
1275 struct discovery_state *d = &hdev->discovery;
1277 bacpy(&d->last_adv_addr, bdaddr);
1278 d->last_adv_addr_type = bdaddr_type;
1279 d->last_adv_rssi = rssi;
1280 d->last_adv_flags = flags;
1281 memcpy(d->last_adv_data, data, len);
1282 d->last_adv_data_len = len;
1285 static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
1290 case LE_SCAN_ENABLE:
1291 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1292 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1293 clear_pending_adv_report(hdev);
1296 case LE_SCAN_DISABLE:
1297 /* We do this here instead of when setting DISCOVERY_STOPPED
1298 * since the latter would potentially require waiting for
1299 * inquiry to stop too.
1301 if (has_pending_adv_report(hdev)) {
1302 struct discovery_state *d = &hdev->discovery;
1304 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1305 d->last_adv_addr_type, NULL,
1306 d->last_adv_rssi, d->last_adv_flags,
1308 d->last_adv_data_len, NULL, 0);
1311 /* Cancel this timer so that we don't try to disable scanning
1312 * when it's already disabled.
1314 cancel_delayed_work(&hdev->le_scan_disable);
1316 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1318 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1319 * interrupted scanning due to a connect request. Mark
1320 * therefore discovery as stopped. If this was not
1321 * because of a connect request advertising might have
1322 * been disabled because of active scanning, so
1323 * re-enable it again if necessary.
1325 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1326 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1327 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1328 hdev->discovery.state == DISCOVERY_FINDING)
1329 hci_req_reenable_advertising(hdev);
1334 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1339 hci_dev_unlock(hdev);
1342 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1343 struct sk_buff *skb)
1345 struct hci_cp_le_set_scan_enable *cp;
1346 __u8 status = *((__u8 *) skb->data);
1348 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1353 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1357 le_set_scan_enable_complete(hdev, cp->enable);
1360 static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1361 struct sk_buff *skb)
1363 struct hci_cp_le_set_ext_scan_enable *cp;
1364 __u8 status = *((__u8 *) skb->data);
1366 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1371 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1375 le_set_scan_enable_complete(hdev, cp->enable);
1378 static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1379 struct sk_buff *skb)
1381 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1383 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1389 hdev->le_num_of_adv_sets = rp->num_of_sets;
1392 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1393 struct sk_buff *skb)
1395 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1397 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1402 hdev->le_white_list_size = rp->size;
1405 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1406 struct sk_buff *skb)
1408 __u8 status = *((__u8 *) skb->data);
1410 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1415 hci_bdaddr_list_clear(&hdev->le_white_list);
1418 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1419 struct sk_buff *skb)
1421 struct hci_cp_le_add_to_white_list *sent;
1422 __u8 status = *((__u8 *) skb->data);
1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1429 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1433 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1437 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1438 struct sk_buff *skb)
1440 struct hci_cp_le_del_from_white_list *sent;
1441 __u8 status = *((__u8 *) skb->data);
1443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1448 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1452 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1456 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1457 struct sk_buff *skb)
1459 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1461 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1466 memcpy(hdev->le_states, rp->le_states, 8);
1469 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1470 struct sk_buff *skb)
1472 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1474 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1479 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1480 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1483 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1484 struct sk_buff *skb)
1486 struct hci_cp_le_write_def_data_len *sent;
1487 __u8 status = *((__u8 *) skb->data);
1489 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1494 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1498 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1499 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1502 static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1503 struct sk_buff *skb)
1505 struct hci_cp_le_add_to_resolv_list *sent;
1506 __u8 status = *((__u8 *) skb->data);
1508 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1513 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1517 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1518 sent->bdaddr_type, sent->peer_irk,
1522 static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1523 struct sk_buff *skb)
1525 struct hci_cp_le_del_from_resolv_list *sent;
1526 __u8 status = *((__u8 *) skb->data);
1528 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1533 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1537 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1541 static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1542 struct sk_buff *skb)
1544 __u8 status = *((__u8 *) skb->data);
1546 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1551 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1554 static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1555 struct sk_buff *skb)
1557 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1559 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1564 hdev->le_resolv_list_size = rp->size;
1567 static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1568 struct sk_buff *skb)
1570 __u8 *sent, status = *((__u8 *) skb->data);
1572 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1577 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1584 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1586 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1588 hci_dev_unlock(hdev);
1591 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1592 struct sk_buff *skb)
1594 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1596 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1601 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1602 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1603 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1604 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1607 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1608 struct sk_buff *skb)
1610 struct hci_cp_write_le_host_supported *sent;
1611 __u8 status = *((__u8 *) skb->data);
1613 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1618 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1625 hdev->features[1][0] |= LMP_HOST_LE;
1626 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1628 hdev->features[1][0] &= ~LMP_HOST_LE;
1629 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1630 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1634 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1636 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1638 hci_dev_unlock(hdev);
1641 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1643 struct hci_cp_le_set_adv_param *cp;
1644 u8 status = *((u8 *) skb->data);
1646 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1651 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1656 hdev->adv_addr_type = cp->own_address_type;
1657 hci_dev_unlock(hdev);
1660 static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1662 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1663 struct hci_cp_le_set_ext_adv_params *cp;
1664 struct adv_info *adv_instance;
1666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1671 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1676 hdev->adv_addr_type = cp->own_addr_type;
1677 if (!hdev->cur_adv_instance) {
1678 /* Store in hdev for instance 0 */
1679 hdev->adv_tx_power = rp->tx_power;
1681 adv_instance = hci_find_adv_instance(hdev,
1682 hdev->cur_adv_instance);
1684 adv_instance->tx_power = rp->tx_power;
1686 /* Update adv data as tx power is known now */
1687 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1688 hci_dev_unlock(hdev);
1691 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1693 struct hci_rp_read_rssi *rp = (void *) skb->data;
1694 struct hci_conn *conn;
1696 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1703 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1705 conn->rssi = rp->rssi;
1707 hci_dev_unlock(hdev);
1710 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1712 struct hci_cp_read_tx_power *sent;
1713 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1714 struct hci_conn *conn;
1716 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1721 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1731 switch (sent->type) {
1733 conn->tx_power = rp->tx_power;
1736 conn->max_tx_power = rp->tx_power;
1741 hci_dev_unlock(hdev);
1744 static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1746 u8 status = *((u8 *) skb->data);
1749 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1754 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1756 hdev->ssp_debug_mode = *mode;
1759 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1761 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1764 hci_conn_check_pending(hdev);
1768 set_bit(HCI_INQUIRY, &hdev->flags);
1771 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1773 struct hci_cp_create_conn *cp;
1774 struct hci_conn *conn;
1776 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1778 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1784 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1786 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1789 if (conn && conn->state == BT_CONNECT) {
1790 if (status != 0x0c || conn->attempt > 2) {
1791 conn->state = BT_CLOSED;
1792 hci_connect_cfm(conn, status);
1795 conn->state = BT_CONNECT2;
1799 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1802 bt_dev_err(hdev, "no memory for new connection");
1806 hci_dev_unlock(hdev);
1809 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1811 struct hci_cp_add_sco *cp;
1812 struct hci_conn *acl, *sco;
1815 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1820 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1824 handle = __le16_to_cpu(cp->handle);
1826 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1830 acl = hci_conn_hash_lookup_handle(hdev, handle);
1834 sco->state = BT_CLOSED;
1836 hci_connect_cfm(sco, status);
1841 hci_dev_unlock(hdev);
1844 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1846 struct hci_cp_auth_requested *cp;
1847 struct hci_conn *conn;
1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1854 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1860 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1862 if (conn->state == BT_CONFIG) {
1863 hci_connect_cfm(conn, status);
1864 hci_conn_drop(conn);
1868 hci_dev_unlock(hdev);
1871 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1873 struct hci_cp_set_conn_encrypt *cp;
1874 struct hci_conn *conn;
1876 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1881 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1887 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1889 if (conn->state == BT_CONFIG) {
1890 hci_connect_cfm(conn, status);
1891 hci_conn_drop(conn);
1895 hci_dev_unlock(hdev);
1898 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1899 struct hci_conn *conn)
1901 if (conn->state != BT_CONFIG || !conn->out)
1904 if (conn->pending_sec_level == BT_SECURITY_SDP)
1907 /* Only request authentication for SSP connections or non-SSP
1908 * devices with sec_level MEDIUM or HIGH or if MITM protection
1911 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1912 conn->pending_sec_level != BT_SECURITY_FIPS &&
1913 conn->pending_sec_level != BT_SECURITY_HIGH &&
1914 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1920 static int hci_resolve_name(struct hci_dev *hdev,
1921 struct inquiry_entry *e)
1923 struct hci_cp_remote_name_req cp;
1925 memset(&cp, 0, sizeof(cp));
1927 bacpy(&cp.bdaddr, &e->data.bdaddr);
1928 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1929 cp.pscan_mode = e->data.pscan_mode;
1930 cp.clock_offset = e->data.clock_offset;
1932 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1935 static bool hci_resolve_next_name(struct hci_dev *hdev)
1937 struct discovery_state *discov = &hdev->discovery;
1938 struct inquiry_entry *e;
1940 if (list_empty(&discov->resolve))
1943 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1947 if (hci_resolve_name(hdev, e) == 0) {
1948 e->name_state = NAME_PENDING;
1955 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1956 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1958 struct discovery_state *discov = &hdev->discovery;
1959 struct inquiry_entry *e;
1961 /* Update the mgmt connected state if necessary. Be careful with
1962 * conn objects that exist but are not (yet) connected however.
1963 * Only those in BT_CONFIG or BT_CONNECTED states can be
1964 * considered connected.
1967 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1968 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1969 mgmt_device_connected(hdev, conn, 0, name, name_len);
1971 if (discov->state == DISCOVERY_STOPPED)
1974 if (discov->state == DISCOVERY_STOPPING)
1975 goto discov_complete;
1977 if (discov->state != DISCOVERY_RESOLVING)
1980 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1981 /* If the device was not found in a list of found devices names of which
1982 * are pending. there is no need to continue resolving a next name as it
1983 * will be done upon receiving another Remote Name Request Complete
1990 e->name_state = NAME_KNOWN;
1991 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1992 e->data.rssi, name, name_len);
1994 e->name_state = NAME_NOT_KNOWN;
1997 if (hci_resolve_next_name(hdev))
2001 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2004 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
2006 struct hci_cp_remote_name_req *cp;
2007 struct hci_conn *conn;
2009 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2011 /* If successful wait for the name req complete event before
2012 * checking for the need to do authentication */
2016 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
2022 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2024 if (hci_dev_test_flag(hdev, HCI_MGMT))
2025 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
2030 if (!hci_outgoing_auth_needed(hdev, conn))
2033 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2034 struct hci_cp_auth_requested auth_cp;
2036 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2038 auth_cp.handle = __cpu_to_le16(conn->handle);
2039 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
2040 sizeof(auth_cp), &auth_cp);
2044 hci_dev_unlock(hdev);
2047 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2049 struct hci_cp_read_remote_features *cp;
2050 struct hci_conn *conn;
2052 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2057 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2063 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2065 if (conn->state == BT_CONFIG) {
2066 hci_connect_cfm(conn, status);
2067 hci_conn_drop(conn);
2071 hci_dev_unlock(hdev);
2074 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2076 struct hci_cp_read_remote_ext_features *cp;
2077 struct hci_conn *conn;
2079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2084 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2090 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2092 if (conn->state == BT_CONFIG) {
2093 hci_connect_cfm(conn, status);
2094 hci_conn_drop(conn);
2098 hci_dev_unlock(hdev);
2101 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2103 struct hci_cp_setup_sync_conn *cp;
2104 struct hci_conn *acl, *sco;
2107 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2112 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2116 handle = __le16_to_cpu(cp->handle);
2118 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
2122 acl = hci_conn_hash_lookup_handle(hdev, handle);
2126 sco->state = BT_CLOSED;
2128 hci_connect_cfm(sco, status);
2133 hci_dev_unlock(hdev);
2136 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
2138 struct hci_cp_sniff_mode *cp;
2139 struct hci_conn *conn;
2141 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2146 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2154 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2156 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2157 hci_sco_setup(conn, status);
2160 hci_dev_unlock(hdev);
2163 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2165 struct hci_cp_exit_sniff_mode *cp;
2166 struct hci_conn *conn;
2168 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2173 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2181 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2183 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2184 hci_sco_setup(conn, status);
2187 hci_dev_unlock(hdev);
2190 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2192 struct hci_cp_disconnect *cp;
2193 struct hci_conn *conn;
2198 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2204 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2206 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2207 conn->dst_type, status);
2209 hci_dev_unlock(hdev);
2212 static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2213 u8 peer_addr_type, u8 own_address_type,
2216 struct hci_conn *conn;
2218 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2223 /* Store the initiator and responder address information which
2224 * is needed for SMP. These values will not change during the
2225 * lifetime of the connection.
2227 conn->init_addr_type = own_address_type;
2228 if (own_address_type == ADDR_LE_DEV_RANDOM)
2229 bacpy(&conn->init_addr, &hdev->random_addr);
2231 bacpy(&conn->init_addr, &hdev->bdaddr);
2233 conn->resp_addr_type = peer_addr_type;
2234 bacpy(&conn->resp_addr, peer_addr);
2236 /* We don't want the connection attempt to stick around
2237 * indefinitely since LE doesn't have a page timeout concept
2238 * like BR/EDR. Set a timer for any connection that doesn't use
2239 * the white list for connecting.
2241 if (filter_policy == HCI_LE_USE_PEER_ADDR)
2242 queue_delayed_work(conn->hdev->workqueue,
2243 &conn->le_conn_timeout,
2244 conn->conn_timeout);
2247 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2249 struct hci_cp_le_create_conn *cp;
2251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2253 /* All connection failure handling is taken care of by the
2254 * hci_le_conn_failed function which is triggered by the HCI
2255 * request completion callbacks used for connecting.
2260 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2266 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2267 cp->own_address_type, cp->filter_policy);
2269 hci_dev_unlock(hdev);
2272 static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2274 struct hci_cp_le_ext_create_conn *cp;
2276 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2278 /* All connection failure handling is taken care of by the
2279 * hci_le_conn_failed function which is triggered by the HCI
2280 * request completion callbacks used for connecting.
2285 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2291 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2292 cp->own_addr_type, cp->filter_policy);
2294 hci_dev_unlock(hdev);
2297 static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2299 struct hci_cp_le_read_remote_features *cp;
2300 struct hci_conn *conn;
2302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2307 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2313 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2315 if (conn->state == BT_CONFIG) {
2316 hci_connect_cfm(conn, status);
2317 hci_conn_drop(conn);
2321 hci_dev_unlock(hdev);
2324 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2326 struct hci_cp_le_start_enc *cp;
2327 struct hci_conn *conn;
2329 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2336 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2340 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2344 if (conn->state != BT_CONNECTED)
2347 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2348 hci_conn_drop(conn);
2351 hci_dev_unlock(hdev);
2354 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2356 struct hci_cp_switch_role *cp;
2357 struct hci_conn *conn;
2359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2364 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2370 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2372 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2374 hci_dev_unlock(hdev);
2377 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2379 __u8 status = *((__u8 *) skb->data);
2380 struct discovery_state *discov = &hdev->discovery;
2381 struct inquiry_entry *e;
2383 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2385 hci_conn_check_pending(hdev);
2387 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2390 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2391 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2393 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2398 if (discov->state != DISCOVERY_FINDING)
2401 if (list_empty(&discov->resolve)) {
2402 /* When BR/EDR inquiry is active and no LE scanning is in
2403 * progress, then change discovery state to indicate completion.
2405 * When running LE scanning and BR/EDR inquiry simultaneously
2406 * and the LE scan already finished, then change the discovery
2407 * state to indicate completion.
2409 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2410 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2411 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2415 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2416 if (e && hci_resolve_name(hdev, e) == 0) {
2417 e->name_state = NAME_PENDING;
2418 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2420 /* When BR/EDR inquiry is active and no LE scanning is in
2421 * progress, then change discovery state to indicate completion.
2423 * When running LE scanning and BR/EDR inquiry simultaneously
2424 * and the LE scan already finished, then change the discovery
2425 * state to indicate completion.
2427 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2428 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2429 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2433 hci_dev_unlock(hdev);
2436 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2438 struct inquiry_data data;
2439 struct inquiry_info *info = (void *) (skb->data + 1);
2440 int num_rsp = *((__u8 *) skb->data);
2442 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2447 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2452 for (; num_rsp; num_rsp--, info++) {
2455 bacpy(&data.bdaddr, &info->bdaddr);
2456 data.pscan_rep_mode = info->pscan_rep_mode;
2457 data.pscan_period_mode = info->pscan_period_mode;
2458 data.pscan_mode = info->pscan_mode;
2459 memcpy(data.dev_class, info->dev_class, 3);
2460 data.clock_offset = info->clock_offset;
2461 data.rssi = HCI_RSSI_INVALID;
2462 data.ssp_mode = 0x00;
2464 flags = hci_inquiry_cache_update(hdev, &data, false);
2466 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2467 info->dev_class, HCI_RSSI_INVALID,
2468 flags, NULL, 0, NULL, 0);
2471 hci_dev_unlock(hdev);
2474 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2476 struct hci_ev_conn_complete *ev = (void *) skb->data;
2477 struct hci_conn *conn;
2479 BT_DBG("%s", hdev->name);
2483 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2485 if (ev->link_type != SCO_LINK)
2488 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2492 conn->type = SCO_LINK;
2496 conn->handle = __le16_to_cpu(ev->handle);
2498 if (conn->type == ACL_LINK) {
2499 conn->state = BT_CONFIG;
2500 hci_conn_hold(conn);
2502 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2503 !hci_find_link_key(hdev, &ev->bdaddr))
2504 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2506 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2508 conn->state = BT_CONNECTED;
2510 hci_debugfs_create_conn(conn);
2511 hci_conn_add_sysfs(conn);
2513 if (test_bit(HCI_AUTH, &hdev->flags))
2514 set_bit(HCI_CONN_AUTH, &conn->flags);
2516 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2517 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2519 /* Get remote features */
2520 if (conn->type == ACL_LINK) {
2521 struct hci_cp_read_remote_features cp;
2522 cp.handle = ev->handle;
2523 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2526 hci_req_update_scan(hdev);
2529 /* Set packet type for incoming connection */
2530 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2531 struct hci_cp_change_conn_ptype cp;
2532 cp.handle = ev->handle;
2533 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2534 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2538 conn->state = BT_CLOSED;
2539 if (conn->type == ACL_LINK)
2540 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2541 conn->dst_type, ev->status);
2544 if (conn->type == ACL_LINK)
2545 hci_sco_setup(conn, ev->status);
2548 hci_connect_cfm(conn, ev->status);
2550 } else if (ev->link_type != ACL_LINK)
2551 hci_connect_cfm(conn, ev->status);
2554 hci_dev_unlock(hdev);
2556 hci_conn_check_pending(hdev);
2559 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2561 struct hci_cp_reject_conn_req cp;
2563 bacpy(&cp.bdaddr, bdaddr);
2564 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2565 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2568 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570 struct hci_ev_conn_request *ev = (void *) skb->data;
2571 int mask = hdev->link_mode;
2572 struct inquiry_entry *ie;
2573 struct hci_conn *conn;
2576 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2579 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2582 if (!(mask & HCI_LM_ACCEPT)) {
2583 hci_reject_conn(hdev, &ev->bdaddr);
2587 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2589 hci_reject_conn(hdev, &ev->bdaddr);
2593 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2594 * connection. These features are only touched through mgmt so
2595 * only do the checks if HCI_MGMT is set.
2597 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2598 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2599 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2601 hci_reject_conn(hdev, &ev->bdaddr);
2605 /* Connection accepted */
2609 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2611 memcpy(ie->data.dev_class, ev->dev_class, 3);
2613 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2616 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2619 bt_dev_err(hdev, "no memory for new connection");
2620 hci_dev_unlock(hdev);
2625 memcpy(conn->dev_class, ev->dev_class, 3);
2627 hci_dev_unlock(hdev);
2629 if (ev->link_type == ACL_LINK ||
2630 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2631 struct hci_cp_accept_conn_req cp;
2632 conn->state = BT_CONNECT;
2634 bacpy(&cp.bdaddr, &ev->bdaddr);
2636 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2637 cp.role = 0x00; /* Become master */
2639 cp.role = 0x01; /* Remain slave */
2641 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2642 } else if (!(flags & HCI_PROTO_DEFER)) {
2643 struct hci_cp_accept_sync_conn_req cp;
2644 conn->state = BT_CONNECT;
2646 bacpy(&cp.bdaddr, &ev->bdaddr);
2647 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2649 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2650 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2651 cp.max_latency = cpu_to_le16(0xffff);
2652 cp.content_format = cpu_to_le16(hdev->voice_setting);
2653 cp.retrans_effort = 0xff;
2655 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2658 conn->state = BT_CONNECT2;
2659 hci_connect_cfm(conn, 0);
2663 static u8 hci_to_mgmt_reason(u8 err)
2666 case HCI_ERROR_CONNECTION_TIMEOUT:
2667 return MGMT_DEV_DISCONN_TIMEOUT;
2668 case HCI_ERROR_REMOTE_USER_TERM:
2669 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2670 case HCI_ERROR_REMOTE_POWER_OFF:
2671 return MGMT_DEV_DISCONN_REMOTE;
2672 case HCI_ERROR_LOCAL_HOST_TERM:
2673 return MGMT_DEV_DISCONN_LOCAL_HOST;
2675 return MGMT_DEV_DISCONN_UNKNOWN;
2679 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2681 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2683 struct hci_conn_params *params;
2684 struct hci_conn *conn;
2685 bool mgmt_connected;
2688 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2692 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2697 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2698 conn->dst_type, ev->status);
2702 conn->state = BT_CLOSED;
2704 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2706 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2707 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2709 reason = hci_to_mgmt_reason(ev->reason);
2711 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2712 reason, mgmt_connected);
2714 if (conn->type == ACL_LINK) {
2715 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2716 hci_remove_link_key(hdev, &conn->dst);
2718 hci_req_update_scan(hdev);
2721 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2723 switch (params->auto_connect) {
2724 case HCI_AUTO_CONN_LINK_LOSS:
2725 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2729 case HCI_AUTO_CONN_DIRECT:
2730 case HCI_AUTO_CONN_ALWAYS:
2731 list_del_init(¶ms->action);
2732 list_add(¶ms->action, &hdev->pend_le_conns);
2733 hci_update_background_scan(hdev);
2743 hci_disconn_cfm(conn, ev->reason);
2746 /* Re-enable advertising if necessary, since it might
2747 * have been disabled by the connection. From the
2748 * HCI_LE_Set_Advertise_Enable command description in
2749 * the core specification (v4.0):
2750 * "The Controller shall continue advertising until the Host
2751 * issues an LE_Set_Advertise_Enable command with
2752 * Advertising_Enable set to 0x00 (Advertising is disabled)
2753 * or until a connection is created or until the Advertising
2754 * is timed out due to Directed Advertising."
2756 if (type == LE_LINK)
2757 hci_req_reenable_advertising(hdev);
2760 hci_dev_unlock(hdev);
2763 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765 struct hci_ev_auth_complete *ev = (void *) skb->data;
2766 struct hci_conn *conn;
2768 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2772 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2777 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2779 if (!hci_conn_ssp_enabled(conn) &&
2780 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2781 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2783 set_bit(HCI_CONN_AUTH, &conn->flags);
2784 conn->sec_level = conn->pending_sec_level;
2787 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2788 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2790 mgmt_auth_failed(conn, ev->status);
2793 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2794 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2796 if (conn->state == BT_CONFIG) {
2797 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2798 struct hci_cp_set_conn_encrypt cp;
2799 cp.handle = ev->handle;
2801 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2804 conn->state = BT_CONNECTED;
2805 hci_connect_cfm(conn, ev->status);
2806 hci_conn_drop(conn);
2809 hci_auth_cfm(conn, ev->status);
2811 hci_conn_hold(conn);
2812 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2813 hci_conn_drop(conn);
2816 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2818 struct hci_cp_set_conn_encrypt cp;
2819 cp.handle = ev->handle;
2821 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2824 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2825 hci_encrypt_cfm(conn, ev->status, 0x00);
2830 hci_dev_unlock(hdev);
2833 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2835 struct hci_ev_remote_name *ev = (void *) skb->data;
2836 struct hci_conn *conn;
2838 BT_DBG("%s", hdev->name);
2840 hci_conn_check_pending(hdev);
2844 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2846 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2849 if (ev->status == 0)
2850 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2851 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2853 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2859 if (!hci_outgoing_auth_needed(hdev, conn))
2862 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2863 struct hci_cp_auth_requested cp;
2865 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2867 cp.handle = __cpu_to_le16(conn->handle);
2868 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2872 hci_dev_unlock(hdev);
2875 static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
2876 u16 opcode, struct sk_buff *skb)
2878 const struct hci_rp_read_enc_key_size *rp;
2879 struct hci_conn *conn;
2882 BT_DBG("%s status 0x%02x", hdev->name, status);
2884 if (!skb || skb->len < sizeof(*rp)) {
2885 bt_dev_err(hdev, "invalid read key size response");
2889 rp = (void *)skb->data;
2890 handle = le16_to_cpu(rp->handle);
2894 conn = hci_conn_hash_lookup_handle(hdev, handle);
2898 /* If we fail to read the encryption key size, assume maximum
2899 * (which is the same we do also when this HCI command isn't
2903 bt_dev_err(hdev, "failed to read key size for handle %u",
2905 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2907 conn->enc_key_size = rp->key_size;
2910 if (conn->state == BT_CONFIG) {
2911 conn->state = BT_CONNECTED;
2912 hci_connect_cfm(conn, 0);
2913 hci_conn_drop(conn);
2917 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2919 else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
2924 hci_encrypt_cfm(conn, 0, encrypt);
2928 hci_dev_unlock(hdev);
2931 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2933 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2934 struct hci_conn *conn;
2936 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2940 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2946 /* Encryption implies authentication */
2947 set_bit(HCI_CONN_AUTH, &conn->flags);
2948 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2949 conn->sec_level = conn->pending_sec_level;
2951 /* P-256 authentication key implies FIPS */
2952 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2953 set_bit(HCI_CONN_FIPS, &conn->flags);
2955 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2956 conn->type == LE_LINK)
2957 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2959 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2960 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2964 /* We should disregard the current RPA and generate a new one
2965 * whenever the encryption procedure fails.
2967 if (ev->status && conn->type == LE_LINK) {
2968 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2969 hci_adv_instances_set_rpa_expired(hdev, true);
2972 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2974 if (ev->status && conn->state == BT_CONNECTED) {
2975 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2976 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2978 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2979 hci_conn_drop(conn);
2983 /* In Secure Connections Only mode, do not allow any connections
2984 * that are not encrypted with AES-CCM using a P-256 authenticated
2987 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
2988 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2989 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2990 hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2991 hci_conn_drop(conn);
2995 /* Try reading the encryption key size for encrypted ACL links */
2996 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
2997 struct hci_cp_read_enc_key_size cp;
2998 struct hci_request req;
3000 /* Only send HCI_Read_Encryption_Key_Size if the
3001 * controller really supports it. If it doesn't, assume
3002 * the default size (16).
3004 if (!(hdev->commands[20] & 0x10)) {
3005 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3009 hci_req_init(&req, hdev);
3011 cp.handle = cpu_to_le16(conn->handle);
3012 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
3014 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
3015 bt_dev_err(hdev, "sending read key size failed");
3016 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3023 /* Set the default Authenticated Payload Timeout after
3024 * an LE Link is established. As per Core Spec v5.0, Vol 2, Part B
3025 * Section 3.3, the HCI command WRITE_AUTH_PAYLOAD_TIMEOUT should be
3026 * sent when the link is active and Encryption is enabled, the conn
3027 * type can be either LE or ACL and controller must support LMP Ping.
3028 * Ensure for AES-CCM encryption as well.
3030 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3031 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3032 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3033 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3034 struct hci_cp_write_auth_payload_to cp;
3036 cp.handle = cpu_to_le16(conn->handle);
3037 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3038 hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3043 if (conn->state == BT_CONFIG) {
3045 conn->state = BT_CONNECTED;
3047 hci_connect_cfm(conn, ev->status);
3048 hci_conn_drop(conn);
3050 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
3053 hci_dev_unlock(hdev);
3056 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
3057 struct sk_buff *skb)
3059 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
3060 struct hci_conn *conn;
3062 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3066 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3069 set_bit(HCI_CONN_SECURE, &conn->flags);
3071 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3073 hci_key_change_cfm(conn, ev->status);
3076 hci_dev_unlock(hdev);
3079 static void hci_remote_features_evt(struct hci_dev *hdev,
3080 struct sk_buff *skb)
3082 struct hci_ev_remote_features *ev = (void *) skb->data;
3083 struct hci_conn *conn;
3085 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3089 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3094 memcpy(conn->features[0], ev->features, 8);
3096 if (conn->state != BT_CONFIG)
3099 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3100 lmp_ext_feat_capable(conn)) {
3101 struct hci_cp_read_remote_ext_features cp;
3102 cp.handle = ev->handle;
3104 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
3109 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3110 struct hci_cp_remote_name_req cp;
3111 memset(&cp, 0, sizeof(cp));
3112 bacpy(&cp.bdaddr, &conn->dst);
3113 cp.pscan_rep_mode = 0x02;
3114 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3115 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3116 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3118 if (!hci_outgoing_auth_needed(hdev, conn)) {
3119 conn->state = BT_CONNECTED;
3120 hci_connect_cfm(conn, ev->status);
3121 hci_conn_drop(conn);
3125 hci_dev_unlock(hdev);
3128 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3129 u16 *opcode, u8 *status,
3130 hci_req_complete_t *req_complete,
3131 hci_req_complete_skb_t *req_complete_skb)
3133 struct hci_ev_cmd_complete *ev = (void *) skb->data;
3135 *opcode = __le16_to_cpu(ev->opcode);
3136 *status = skb->data[sizeof(*ev)];
3138 skb_pull(skb, sizeof(*ev));
3141 case HCI_OP_INQUIRY_CANCEL:
3142 hci_cc_inquiry_cancel(hdev, skb);
3145 case HCI_OP_PERIODIC_INQ:
3146 hci_cc_periodic_inq(hdev, skb);
3149 case HCI_OP_EXIT_PERIODIC_INQ:
3150 hci_cc_exit_periodic_inq(hdev, skb);
3153 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3154 hci_cc_remote_name_req_cancel(hdev, skb);
3157 case HCI_OP_ROLE_DISCOVERY:
3158 hci_cc_role_discovery(hdev, skb);
3161 case HCI_OP_READ_LINK_POLICY:
3162 hci_cc_read_link_policy(hdev, skb);
3165 case HCI_OP_WRITE_LINK_POLICY:
3166 hci_cc_write_link_policy(hdev, skb);
3169 case HCI_OP_READ_DEF_LINK_POLICY:
3170 hci_cc_read_def_link_policy(hdev, skb);
3173 case HCI_OP_WRITE_DEF_LINK_POLICY:
3174 hci_cc_write_def_link_policy(hdev, skb);
3178 hci_cc_reset(hdev, skb);
3181 case HCI_OP_READ_STORED_LINK_KEY:
3182 hci_cc_read_stored_link_key(hdev, skb);
3185 case HCI_OP_DELETE_STORED_LINK_KEY:
3186 hci_cc_delete_stored_link_key(hdev, skb);
3189 case HCI_OP_WRITE_LOCAL_NAME:
3190 hci_cc_write_local_name(hdev, skb);
3193 case HCI_OP_READ_LOCAL_NAME:
3194 hci_cc_read_local_name(hdev, skb);
3197 case HCI_OP_WRITE_AUTH_ENABLE:
3198 hci_cc_write_auth_enable(hdev, skb);
3201 case HCI_OP_WRITE_ENCRYPT_MODE:
3202 hci_cc_write_encrypt_mode(hdev, skb);
3205 case HCI_OP_WRITE_SCAN_ENABLE:
3206 hci_cc_write_scan_enable(hdev, skb);
3209 case HCI_OP_READ_CLASS_OF_DEV:
3210 hci_cc_read_class_of_dev(hdev, skb);
3213 case HCI_OP_WRITE_CLASS_OF_DEV:
3214 hci_cc_write_class_of_dev(hdev, skb);
3217 case HCI_OP_READ_VOICE_SETTING:
3218 hci_cc_read_voice_setting(hdev, skb);
3221 case HCI_OP_WRITE_VOICE_SETTING:
3222 hci_cc_write_voice_setting(hdev, skb);
3225 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3226 hci_cc_read_num_supported_iac(hdev, skb);
3229 case HCI_OP_WRITE_SSP_MODE:
3230 hci_cc_write_ssp_mode(hdev, skb);
3233 case HCI_OP_WRITE_SC_SUPPORT:
3234 hci_cc_write_sc_support(hdev, skb);
3237 case HCI_OP_READ_AUTH_PAYLOAD_TO:
3238 hci_cc_read_auth_payload_timeout(hdev, skb);
3241 case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3242 hci_cc_write_auth_payload_timeout(hdev, skb);
3245 case HCI_OP_READ_LOCAL_VERSION:
3246 hci_cc_read_local_version(hdev, skb);
3249 case HCI_OP_READ_LOCAL_COMMANDS:
3250 hci_cc_read_local_commands(hdev, skb);
3253 case HCI_OP_READ_LOCAL_FEATURES:
3254 hci_cc_read_local_features(hdev, skb);
3257 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3258 hci_cc_read_local_ext_features(hdev, skb);
3261 case HCI_OP_READ_BUFFER_SIZE:
3262 hci_cc_read_buffer_size(hdev, skb);
3265 case HCI_OP_READ_BD_ADDR:
3266 hci_cc_read_bd_addr(hdev, skb);
3269 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3270 hci_cc_read_page_scan_activity(hdev, skb);
3273 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3274 hci_cc_write_page_scan_activity(hdev, skb);
3277 case HCI_OP_READ_PAGE_SCAN_TYPE:
3278 hci_cc_read_page_scan_type(hdev, skb);
3281 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3282 hci_cc_write_page_scan_type(hdev, skb);
3285 case HCI_OP_READ_DATA_BLOCK_SIZE:
3286 hci_cc_read_data_block_size(hdev, skb);
3289 case HCI_OP_READ_FLOW_CONTROL_MODE:
3290 hci_cc_read_flow_control_mode(hdev, skb);
3293 case HCI_OP_READ_LOCAL_AMP_INFO:
3294 hci_cc_read_local_amp_info(hdev, skb);
3297 case HCI_OP_READ_CLOCK:
3298 hci_cc_read_clock(hdev, skb);
3301 case HCI_OP_READ_INQ_RSP_TX_POWER:
3302 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3305 case HCI_OP_PIN_CODE_REPLY:
3306 hci_cc_pin_code_reply(hdev, skb);
3309 case HCI_OP_PIN_CODE_NEG_REPLY:
3310 hci_cc_pin_code_neg_reply(hdev, skb);
3313 case HCI_OP_READ_LOCAL_OOB_DATA:
3314 hci_cc_read_local_oob_data(hdev, skb);
3317 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3318 hci_cc_read_local_oob_ext_data(hdev, skb);
3321 case HCI_OP_LE_READ_BUFFER_SIZE:
3322 hci_cc_le_read_buffer_size(hdev, skb);
3325 case HCI_OP_LE_READ_LOCAL_FEATURES:
3326 hci_cc_le_read_local_features(hdev, skb);
3329 case HCI_OP_LE_READ_ADV_TX_POWER:
3330 hci_cc_le_read_adv_tx_power(hdev, skb);
3333 case HCI_OP_USER_CONFIRM_REPLY:
3334 hci_cc_user_confirm_reply(hdev, skb);
3337 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3338 hci_cc_user_confirm_neg_reply(hdev, skb);
3341 case HCI_OP_USER_PASSKEY_REPLY:
3342 hci_cc_user_passkey_reply(hdev, skb);
3345 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3346 hci_cc_user_passkey_neg_reply(hdev, skb);
3349 case HCI_OP_LE_SET_RANDOM_ADDR:
3350 hci_cc_le_set_random_addr(hdev, skb);
3353 case HCI_OP_LE_SET_ADV_ENABLE:
3354 hci_cc_le_set_adv_enable(hdev, skb);
3357 case HCI_OP_LE_SET_SCAN_PARAM:
3358 hci_cc_le_set_scan_param(hdev, skb);
3361 case HCI_OP_LE_SET_SCAN_ENABLE:
3362 hci_cc_le_set_scan_enable(hdev, skb);
3365 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3366 hci_cc_le_read_white_list_size(hdev, skb);
3369 case HCI_OP_LE_CLEAR_WHITE_LIST:
3370 hci_cc_le_clear_white_list(hdev, skb);
3373 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3374 hci_cc_le_add_to_white_list(hdev, skb);
3377 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3378 hci_cc_le_del_from_white_list(hdev, skb);
3381 case HCI_OP_LE_READ_SUPPORTED_STATES:
3382 hci_cc_le_read_supported_states(hdev, skb);
3385 case HCI_OP_LE_READ_DEF_DATA_LEN:
3386 hci_cc_le_read_def_data_len(hdev, skb);
3389 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3390 hci_cc_le_write_def_data_len(hdev, skb);
3393 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3394 hci_cc_le_add_to_resolv_list(hdev, skb);
3397 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3398 hci_cc_le_del_from_resolv_list(hdev, skb);
3401 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3402 hci_cc_le_clear_resolv_list(hdev, skb);
3405 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3406 hci_cc_le_read_resolv_list_size(hdev, skb);
3409 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3410 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3413 case HCI_OP_LE_READ_MAX_DATA_LEN:
3414 hci_cc_le_read_max_data_len(hdev, skb);
3417 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3418 hci_cc_write_le_host_supported(hdev, skb);
3421 case HCI_OP_LE_SET_ADV_PARAM:
3422 hci_cc_set_adv_param(hdev, skb);
3425 case HCI_OP_READ_RSSI:
3426 hci_cc_read_rssi(hdev, skb);
3429 case HCI_OP_READ_TX_POWER:
3430 hci_cc_read_tx_power(hdev, skb);
3433 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3434 hci_cc_write_ssp_debug_mode(hdev, skb);
3437 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3438 hci_cc_le_set_ext_scan_param(hdev, skb);
3441 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3442 hci_cc_le_set_ext_scan_enable(hdev, skb);
3445 case HCI_OP_LE_SET_DEFAULT_PHY:
3446 hci_cc_le_set_default_phy(hdev, skb);
3449 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3450 hci_cc_le_read_num_adv_sets(hdev, skb);
3453 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3454 hci_cc_set_ext_adv_param(hdev, skb);
3457 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3458 hci_cc_le_set_ext_adv_enable(hdev, skb);
3461 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3462 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3466 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3470 if (*opcode != HCI_OP_NOP)
3471 cancel_delayed_work(&hdev->cmd_timer);
3473 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3474 atomic_set(&hdev->cmd_cnt, 1);
3476 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3479 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3481 "unexpected event for opcode 0x%4.4x", *opcode);
3485 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3486 queue_work(hdev->workqueue, &hdev->cmd_work);
3489 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3490 u16 *opcode, u8 *status,
3491 hci_req_complete_t *req_complete,
3492 hci_req_complete_skb_t *req_complete_skb)
3494 struct hci_ev_cmd_status *ev = (void *) skb->data;
3496 skb_pull(skb, sizeof(*ev));
3498 *opcode = __le16_to_cpu(ev->opcode);
3499 *status = ev->status;
3502 case HCI_OP_INQUIRY:
3503 hci_cs_inquiry(hdev, ev->status);
3506 case HCI_OP_CREATE_CONN:
3507 hci_cs_create_conn(hdev, ev->status);
3510 case HCI_OP_DISCONNECT:
3511 hci_cs_disconnect(hdev, ev->status);
3514 case HCI_OP_ADD_SCO:
3515 hci_cs_add_sco(hdev, ev->status);
3518 case HCI_OP_AUTH_REQUESTED:
3519 hci_cs_auth_requested(hdev, ev->status);
3522 case HCI_OP_SET_CONN_ENCRYPT:
3523 hci_cs_set_conn_encrypt(hdev, ev->status);
3526 case HCI_OP_REMOTE_NAME_REQ:
3527 hci_cs_remote_name_req(hdev, ev->status);
3530 case HCI_OP_READ_REMOTE_FEATURES:
3531 hci_cs_read_remote_features(hdev, ev->status);
3534 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3535 hci_cs_read_remote_ext_features(hdev, ev->status);
3538 case HCI_OP_SETUP_SYNC_CONN:
3539 hci_cs_setup_sync_conn(hdev, ev->status);
3542 case HCI_OP_SNIFF_MODE:
3543 hci_cs_sniff_mode(hdev, ev->status);
3546 case HCI_OP_EXIT_SNIFF_MODE:
3547 hci_cs_exit_sniff_mode(hdev, ev->status);
3550 case HCI_OP_SWITCH_ROLE:
3551 hci_cs_switch_role(hdev, ev->status);
3554 case HCI_OP_LE_CREATE_CONN:
3555 hci_cs_le_create_conn(hdev, ev->status);
3558 case HCI_OP_LE_READ_REMOTE_FEATURES:
3559 hci_cs_le_read_remote_features(hdev, ev->status);
3562 case HCI_OP_LE_START_ENC:
3563 hci_cs_le_start_enc(hdev, ev->status);
3566 case HCI_OP_LE_EXT_CREATE_CONN:
3567 hci_cs_le_ext_create_conn(hdev, ev->status);
3571 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3575 if (*opcode != HCI_OP_NOP)
3576 cancel_delayed_work(&hdev->cmd_timer);
3578 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3579 atomic_set(&hdev->cmd_cnt, 1);
3581 /* Indicate request completion if the command failed. Also, if
3582 * we're not waiting for a special event and we get a success
3583 * command status we should try to flag the request as completed
3584 * (since for this kind of commands there will not be a command
3588 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
3589 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3592 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3594 "unexpected event for opcode 0x%4.4x", *opcode);
3598 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3599 queue_work(hdev->workqueue, &hdev->cmd_work);
3602 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3604 struct hci_ev_hardware_error *ev = (void *) skb->data;
3606 hdev->hw_error_code = ev->code;
3608 queue_work(hdev->req_workqueue, &hdev->error_reset);
3611 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3613 struct hci_ev_role_change *ev = (void *) skb->data;
3614 struct hci_conn *conn;
3616 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3620 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3623 conn->role = ev->role;
3625 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3627 hci_role_switch_cfm(conn, ev->status, ev->role);
3630 hci_dev_unlock(hdev);
3633 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3635 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3638 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3639 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3643 if (skb->len < sizeof(*ev) ||
3644 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3645 BT_DBG("%s bad parameters", hdev->name);
3649 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3651 for (i = 0; i < ev->num_hndl; i++) {
3652 struct hci_comp_pkts_info *info = &ev->handles[i];
3653 struct hci_conn *conn;
3654 __u16 handle, count;
3656 handle = __le16_to_cpu(info->handle);
3657 count = __le16_to_cpu(info->count);
3659 conn = hci_conn_hash_lookup_handle(hdev, handle);
3663 conn->sent -= count;
3665 switch (conn->type) {
3667 hdev->acl_cnt += count;
3668 if (hdev->acl_cnt > hdev->acl_pkts)
3669 hdev->acl_cnt = hdev->acl_pkts;
3673 if (hdev->le_pkts) {
3674 hdev->le_cnt += count;
3675 if (hdev->le_cnt > hdev->le_pkts)
3676 hdev->le_cnt = hdev->le_pkts;
3678 hdev->acl_cnt += count;
3679 if (hdev->acl_cnt > hdev->acl_pkts)
3680 hdev->acl_cnt = hdev->acl_pkts;
3685 hdev->sco_cnt += count;
3686 if (hdev->sco_cnt > hdev->sco_pkts)
3687 hdev->sco_cnt = hdev->sco_pkts;
3691 bt_dev_err(hdev, "unknown type %d conn %p",
3697 queue_work(hdev->workqueue, &hdev->tx_work);
3700 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3703 struct hci_chan *chan;
3705 switch (hdev->dev_type) {
3707 return hci_conn_hash_lookup_handle(hdev, handle);
3709 chan = hci_chan_lookup_handle(hdev, handle);
3714 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3721 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3723 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3726 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3727 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3731 if (skb->len < sizeof(*ev) ||
3732 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3733 BT_DBG("%s bad parameters", hdev->name);
3737 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3740 for (i = 0; i < ev->num_hndl; i++) {
3741 struct hci_comp_blocks_info *info = &ev->handles[i];
3742 struct hci_conn *conn = NULL;
3743 __u16 handle, block_count;
3745 handle = __le16_to_cpu(info->handle);
3746 block_count = __le16_to_cpu(info->blocks);
3748 conn = __hci_conn_lookup_handle(hdev, handle);
3752 conn->sent -= block_count;
3754 switch (conn->type) {
3757 hdev->block_cnt += block_count;
3758 if (hdev->block_cnt > hdev->num_blocks)
3759 hdev->block_cnt = hdev->num_blocks;
3763 bt_dev_err(hdev, "unknown type %d conn %p",
3769 queue_work(hdev->workqueue, &hdev->tx_work);
3772 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3774 struct hci_ev_mode_change *ev = (void *) skb->data;
3775 struct hci_conn *conn;
3777 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3781 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3783 conn->mode = ev->mode;
3785 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3787 if (conn->mode == HCI_CM_ACTIVE)
3788 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3790 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3793 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3794 hci_sco_setup(conn, ev->status);
3797 hci_dev_unlock(hdev);
3800 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3802 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3803 struct hci_conn *conn;
3805 BT_DBG("%s", hdev->name);
3809 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3813 if (conn->state == BT_CONNECTED) {
3814 hci_conn_hold(conn);
3815 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3816 hci_conn_drop(conn);
3819 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3820 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3821 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3822 sizeof(ev->bdaddr), &ev->bdaddr);
3823 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3826 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3831 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3835 hci_dev_unlock(hdev);
3838 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3840 if (key_type == HCI_LK_CHANGED_COMBINATION)
3843 conn->pin_length = pin_len;
3844 conn->key_type = key_type;
3847 case HCI_LK_LOCAL_UNIT:
3848 case HCI_LK_REMOTE_UNIT:
3849 case HCI_LK_DEBUG_COMBINATION:
3851 case HCI_LK_COMBINATION:
3853 conn->pending_sec_level = BT_SECURITY_HIGH;
3855 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3857 case HCI_LK_UNAUTH_COMBINATION_P192:
3858 case HCI_LK_UNAUTH_COMBINATION_P256:
3859 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3861 case HCI_LK_AUTH_COMBINATION_P192:
3862 conn->pending_sec_level = BT_SECURITY_HIGH;
3864 case HCI_LK_AUTH_COMBINATION_P256:
3865 conn->pending_sec_level = BT_SECURITY_FIPS;
3870 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3872 struct hci_ev_link_key_req *ev = (void *) skb->data;
3873 struct hci_cp_link_key_reply cp;
3874 struct hci_conn *conn;
3875 struct link_key *key;
3877 BT_DBG("%s", hdev->name);
3879 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3884 key = hci_find_link_key(hdev, &ev->bdaddr);
3886 BT_DBG("%s link key not found for %pMR", hdev->name,
3891 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3894 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3896 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3898 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3899 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3900 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3901 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3905 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3906 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3907 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3908 BT_DBG("%s ignoring key unauthenticated for high security",
3913 conn_set_key(conn, key->type, key->pin_len);
3916 bacpy(&cp.bdaddr, &ev->bdaddr);
3917 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3919 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3921 hci_dev_unlock(hdev);
3926 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3927 hci_dev_unlock(hdev);
3930 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3932 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3933 struct hci_conn *conn;
3934 struct link_key *key;
3938 BT_DBG("%s", hdev->name);
3942 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3946 hci_conn_hold(conn);
3947 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3948 hci_conn_drop(conn);
3950 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3951 conn_set_key(conn, ev->key_type, conn->pin_length);
3953 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3956 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3957 ev->key_type, pin_len, &persistent);
3961 /* Update connection information since adding the key will have
3962 * fixed up the type in the case of changed combination keys.
3964 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3965 conn_set_key(conn, key->type, key->pin_len);
3967 mgmt_new_link_key(hdev, key, persistent);
3969 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3970 * is set. If it's not set simply remove the key from the kernel
3971 * list (we've still notified user space about it but with
3972 * store_hint being 0).
3974 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3975 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
3976 list_del_rcu(&key->list);
3977 kfree_rcu(key, rcu);
3982 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3984 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3987 hci_dev_unlock(hdev);
3990 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3992 struct hci_ev_clock_offset *ev = (void *) skb->data;
3993 struct hci_conn *conn;
3995 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3999 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4000 if (conn && !ev->status) {
4001 struct inquiry_entry *ie;
4003 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4005 ie->data.clock_offset = ev->clock_offset;
4006 ie->timestamp = jiffies;
4010 hci_dev_unlock(hdev);
4013 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
4015 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
4016 struct hci_conn *conn;
4018 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4023 if (conn && !ev->status)
4024 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4026 hci_dev_unlock(hdev);
4029 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
4031 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
4032 struct inquiry_entry *ie;
4034 BT_DBG("%s", hdev->name);
4038 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4040 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4041 ie->timestamp = jiffies;
4044 hci_dev_unlock(hdev);
4047 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
4048 struct sk_buff *skb)
4050 struct inquiry_data data;
4051 int num_rsp = *((__u8 *) skb->data);
4053 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4058 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4063 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
4064 struct inquiry_info_with_rssi_and_pscan_mode *info;
4065 info = (void *) (skb->data + 1);
4067 for (; num_rsp; num_rsp--, info++) {
4070 bacpy(&data.bdaddr, &info->bdaddr);
4071 data.pscan_rep_mode = info->pscan_rep_mode;
4072 data.pscan_period_mode = info->pscan_period_mode;
4073 data.pscan_mode = info->pscan_mode;
4074 memcpy(data.dev_class, info->dev_class, 3);
4075 data.clock_offset = info->clock_offset;
4076 data.rssi = info->rssi;
4077 data.ssp_mode = 0x00;
4079 flags = hci_inquiry_cache_update(hdev, &data, false);
4081 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4082 info->dev_class, info->rssi,
4083 flags, NULL, 0, NULL, 0);
4086 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4088 for (; num_rsp; num_rsp--, info++) {
4091 bacpy(&data.bdaddr, &info->bdaddr);
4092 data.pscan_rep_mode = info->pscan_rep_mode;
4093 data.pscan_period_mode = info->pscan_period_mode;
4094 data.pscan_mode = 0x00;
4095 memcpy(data.dev_class, info->dev_class, 3);
4096 data.clock_offset = info->clock_offset;
4097 data.rssi = info->rssi;
4098 data.ssp_mode = 0x00;
4100 flags = hci_inquiry_cache_update(hdev, &data, false);
4102 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4103 info->dev_class, info->rssi,
4104 flags, NULL, 0, NULL, 0);
4108 hci_dev_unlock(hdev);
4111 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4112 struct sk_buff *skb)
4114 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4115 struct hci_conn *conn;
4117 BT_DBG("%s", hdev->name);
4121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4125 if (ev->page < HCI_MAX_PAGES)
4126 memcpy(conn->features[ev->page], ev->features, 8);
4128 if (!ev->status && ev->page == 0x01) {
4129 struct inquiry_entry *ie;
4131 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4133 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4135 if (ev->features[0] & LMP_HOST_SSP) {
4136 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4138 /* It is mandatory by the Bluetooth specification that
4139 * Extended Inquiry Results are only used when Secure
4140 * Simple Pairing is enabled, but some devices violate
4143 * To make these devices work, the internal SSP
4144 * enabled flag needs to be cleared if the remote host
4145 * features do not indicate SSP support */
4146 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4149 if (ev->features[0] & LMP_HOST_SC)
4150 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
4153 if (conn->state != BT_CONFIG)
4156 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
4157 struct hci_cp_remote_name_req cp;
4158 memset(&cp, 0, sizeof(cp));
4159 bacpy(&cp.bdaddr, &conn->dst);
4160 cp.pscan_rep_mode = 0x02;
4161 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
4162 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4163 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4165 if (!hci_outgoing_auth_needed(hdev, conn)) {
4166 conn->state = BT_CONNECTED;
4167 hci_connect_cfm(conn, ev->status);
4168 hci_conn_drop(conn);
4172 hci_dev_unlock(hdev);
4175 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4176 struct sk_buff *skb)
4178 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4179 struct hci_conn *conn;
4181 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4185 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4187 if (ev->link_type == ESCO_LINK)
4190 /* When the link type in the event indicates SCO connection
4191 * and lookup of the connection object fails, then check
4192 * if an eSCO connection object exists.
4194 * The core limits the synchronous connections to either
4195 * SCO or eSCO. The eSCO connection is preferred and tried
4196 * to be setup first and until successfully established,
4197 * the link type will be hinted as eSCO.
4199 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4204 switch (ev->status) {
4206 conn->handle = __le16_to_cpu(ev->handle);
4207 conn->state = BT_CONNECTED;
4208 conn->type = ev->link_type;
4210 hci_debugfs_create_conn(conn);
4211 hci_conn_add_sysfs(conn);
4214 case 0x10: /* Connection Accept Timeout */
4215 case 0x0d: /* Connection Rejected due to Limited Resources */
4216 case 0x11: /* Unsupported Feature or Parameter Value */
4217 case 0x1c: /* SCO interval rejected */
4218 case 0x1a: /* Unsupported Remote Feature */
4219 case 0x1f: /* Unspecified error */
4220 case 0x20: /* Unsupported LMP Parameter value */
4222 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4223 (hdev->esco_type & EDR_ESCO_MASK);
4224 if (hci_setup_sync(conn, conn->link->handle))
4230 conn->state = BT_CLOSED;
4234 hci_connect_cfm(conn, ev->status);
4239 hci_dev_unlock(hdev);
4242 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4246 while (parsed < eir_len) {
4247 u8 field_len = eir[0];
4252 parsed += field_len + 1;
4253 eir += field_len + 1;
4259 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4260 struct sk_buff *skb)
4262 struct inquiry_data data;
4263 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4264 int num_rsp = *((__u8 *) skb->data);
4267 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4272 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4277 for (; num_rsp; num_rsp--, info++) {
4281 bacpy(&data.bdaddr, &info->bdaddr);
4282 data.pscan_rep_mode = info->pscan_rep_mode;
4283 data.pscan_period_mode = info->pscan_period_mode;
4284 data.pscan_mode = 0x00;
4285 memcpy(data.dev_class, info->dev_class, 3);
4286 data.clock_offset = info->clock_offset;
4287 data.rssi = info->rssi;
4288 data.ssp_mode = 0x01;
4290 if (hci_dev_test_flag(hdev, HCI_MGMT))
4291 name_known = eir_get_data(info->data,
4293 EIR_NAME_COMPLETE, NULL);
4297 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4299 eir_len = eir_get_length(info->data, sizeof(info->data));
4301 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4302 info->dev_class, info->rssi,
4303 flags, info->data, eir_len, NULL, 0);
4306 hci_dev_unlock(hdev);
4309 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4310 struct sk_buff *skb)
4312 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4313 struct hci_conn *conn;
4315 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4316 __le16_to_cpu(ev->handle));
4320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4324 /* For BR/EDR the necessary steps are taken through the
4325 * auth_complete event.
4327 if (conn->type != LE_LINK)
4331 conn->sec_level = conn->pending_sec_level;
4333 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4335 if (ev->status && conn->state == BT_CONNECTED) {
4336 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4337 hci_conn_drop(conn);
4341 if (conn->state == BT_CONFIG) {
4343 conn->state = BT_CONNECTED;
4345 hci_connect_cfm(conn, ev->status);
4346 hci_conn_drop(conn);
4348 hci_auth_cfm(conn, ev->status);
4350 hci_conn_hold(conn);
4351 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4352 hci_conn_drop(conn);
4356 hci_dev_unlock(hdev);
4359 static u8 hci_get_auth_req(struct hci_conn *conn)
4361 /* If remote requests no-bonding follow that lead */
4362 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4363 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4364 return conn->remote_auth | (conn->auth_type & 0x01);
4366 /* If both remote and local have enough IO capabilities, require
4369 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4370 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4371 return conn->remote_auth | 0x01;
4373 /* No MITM protection possible so ignore remote requirement */
4374 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4377 static u8 bredr_oob_data_present(struct hci_conn *conn)
4379 struct hci_dev *hdev = conn->hdev;
4380 struct oob_data *data;
4382 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4386 if (bredr_sc_enabled(hdev)) {
4387 /* When Secure Connections is enabled, then just
4388 * return the present value stored with the OOB
4389 * data. The stored value contains the right present
4390 * information. However it can only be trusted when
4391 * not in Secure Connection Only mode.
4393 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4394 return data->present;
4396 /* When Secure Connections Only mode is enabled, then
4397 * the P-256 values are required. If they are not
4398 * available, then do not declare that OOB data is
4401 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4402 !memcmp(data->hash256, ZERO_KEY, 16))
4408 /* When Secure Connections is not enabled or actually
4409 * not supported by the hardware, then check that if
4410 * P-192 data values are present.
4412 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4413 !memcmp(data->hash192, ZERO_KEY, 16))
4419 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4421 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4422 struct hci_conn *conn;
4424 BT_DBG("%s", hdev->name);
4428 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4432 hci_conn_hold(conn);
4434 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4437 /* Allow pairing if we're pairable, the initiators of the
4438 * pairing or if the remote is not requesting bonding.
4440 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
4441 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4442 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4443 struct hci_cp_io_capability_reply cp;
4445 bacpy(&cp.bdaddr, &ev->bdaddr);
4446 /* Change the IO capability from KeyboardDisplay
4447 * to DisplayYesNo as it is not supported by BT spec. */
4448 cp.capability = (conn->io_capability == 0x04) ?
4449 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4451 /* If we are initiators, there is no remote information yet */
4452 if (conn->remote_auth == 0xff) {
4453 /* Request MITM protection if our IO caps allow it
4454 * except for the no-bonding case.
4456 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4457 conn->auth_type != HCI_AT_NO_BONDING)
4458 conn->auth_type |= 0x01;
4460 conn->auth_type = hci_get_auth_req(conn);
4463 /* If we're not bondable, force one of the non-bondable
4464 * authentication requirement values.
4466 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
4467 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4469 cp.authentication = conn->auth_type;
4470 cp.oob_data = bredr_oob_data_present(conn);
4472 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4475 struct hci_cp_io_capability_neg_reply cp;
4477 bacpy(&cp.bdaddr, &ev->bdaddr);
4478 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4480 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4485 hci_dev_unlock(hdev);
4488 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4490 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4491 struct hci_conn *conn;
4493 BT_DBG("%s", hdev->name);
4497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4501 conn->remote_cap = ev->capability;
4502 conn->remote_auth = ev->authentication;
4505 hci_dev_unlock(hdev);
4508 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4509 struct sk_buff *skb)
4511 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4512 int loc_mitm, rem_mitm, confirm_hint = 0;
4513 struct hci_conn *conn;
4515 BT_DBG("%s", hdev->name);
4519 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4522 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4526 loc_mitm = (conn->auth_type & 0x01);
4527 rem_mitm = (conn->remote_auth & 0x01);
4529 /* If we require MITM but the remote device can't provide that
4530 * (it has NoInputNoOutput) then reject the confirmation
4531 * request. We check the security level here since it doesn't
4532 * necessarily match conn->auth_type.
4534 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4535 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4536 BT_DBG("Rejecting request: remote device can't provide MITM");
4537 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4538 sizeof(ev->bdaddr), &ev->bdaddr);
4542 /* If no side requires MITM protection; auto-accept */
4543 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4544 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4546 /* If we're not the initiators request authorization to
4547 * proceed from user space (mgmt_user_confirm with
4548 * confirm_hint set to 1). The exception is if neither
4549 * side had MITM or if the local IO capability is
4550 * NoInputNoOutput, in which case we do auto-accept
4552 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4553 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4554 (loc_mitm || rem_mitm)) {
4555 BT_DBG("Confirming auto-accept as acceptor");
4560 BT_DBG("Auto-accept of user confirmation with %ums delay",
4561 hdev->auto_accept_delay);
4563 if (hdev->auto_accept_delay > 0) {
4564 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4565 queue_delayed_work(conn->hdev->workqueue,
4566 &conn->auto_accept_work, delay);
4570 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4571 sizeof(ev->bdaddr), &ev->bdaddr);
4576 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4577 le32_to_cpu(ev->passkey), confirm_hint);
4580 hci_dev_unlock(hdev);
4583 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4584 struct sk_buff *skb)
4586 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4588 BT_DBG("%s", hdev->name);
4590 if (hci_dev_test_flag(hdev, HCI_MGMT))
4591 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4594 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4595 struct sk_buff *skb)
4597 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4598 struct hci_conn *conn;
4600 BT_DBG("%s", hdev->name);
4602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4606 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4607 conn->passkey_entered = 0;
4609 if (hci_dev_test_flag(hdev, HCI_MGMT))
4610 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4611 conn->dst_type, conn->passkey_notify,
4612 conn->passkey_entered);
4615 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4617 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4618 struct hci_conn *conn;
4620 BT_DBG("%s", hdev->name);
4622 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4627 case HCI_KEYPRESS_STARTED:
4628 conn->passkey_entered = 0;
4631 case HCI_KEYPRESS_ENTERED:
4632 conn->passkey_entered++;
4635 case HCI_KEYPRESS_ERASED:
4636 conn->passkey_entered--;
4639 case HCI_KEYPRESS_CLEARED:
4640 conn->passkey_entered = 0;
4643 case HCI_KEYPRESS_COMPLETED:
4647 if (hci_dev_test_flag(hdev, HCI_MGMT))
4648 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4649 conn->dst_type, conn->passkey_notify,
4650 conn->passkey_entered);
4653 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4654 struct sk_buff *skb)
4656 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4657 struct hci_conn *conn;
4659 BT_DBG("%s", hdev->name);
4663 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4667 /* Reset the authentication requirement to unknown */
4668 conn->remote_auth = 0xff;
4670 /* To avoid duplicate auth_failed events to user space we check
4671 * the HCI_CONN_AUTH_PEND flag which will be set if we
4672 * initiated the authentication. A traditional auth_complete
4673 * event gets always produced as initiator and is also mapped to
4674 * the mgmt_auth_failed event */
4675 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4676 mgmt_auth_failed(conn, ev->status);
4678 hci_conn_drop(conn);
4681 hci_dev_unlock(hdev);
4684 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4685 struct sk_buff *skb)
4687 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4688 struct inquiry_entry *ie;
4689 struct hci_conn *conn;
4691 BT_DBG("%s", hdev->name);
4695 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4697 memcpy(conn->features[1], ev->features, 8);
4699 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4701 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4703 hci_dev_unlock(hdev);
4706 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4707 struct sk_buff *skb)
4709 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4710 struct oob_data *data;
4712 BT_DBG("%s", hdev->name);
4716 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4719 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4721 struct hci_cp_remote_oob_data_neg_reply cp;
4723 bacpy(&cp.bdaddr, &ev->bdaddr);
4724 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4729 if (bredr_sc_enabled(hdev)) {
4730 struct hci_cp_remote_oob_ext_data_reply cp;
4732 bacpy(&cp.bdaddr, &ev->bdaddr);
4733 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4734 memset(cp.hash192, 0, sizeof(cp.hash192));
4735 memset(cp.rand192, 0, sizeof(cp.rand192));
4737 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4738 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4740 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4741 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4743 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4746 struct hci_cp_remote_oob_data_reply cp;
4748 bacpy(&cp.bdaddr, &ev->bdaddr);
4749 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4750 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4752 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4757 hci_dev_unlock(hdev);
4760 #if IS_ENABLED(CONFIG_BT_HS)
4761 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4763 struct hci_ev_channel_selected *ev = (void *)skb->data;
4764 struct hci_conn *hcon;
4766 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4768 skb_pull(skb, sizeof(*ev));
4770 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4774 amp_read_loc_assoc_final_data(hdev, hcon);
4777 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4778 struct sk_buff *skb)
4780 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4781 struct hci_conn *hcon, *bredr_hcon;
4783 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4788 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4790 hci_dev_unlock(hdev);
4796 hci_dev_unlock(hdev);
4800 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4802 hcon->state = BT_CONNECTED;
4803 bacpy(&hcon->dst, &bredr_hcon->dst);
4805 hci_conn_hold(hcon);
4806 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4807 hci_conn_drop(hcon);
4809 hci_debugfs_create_conn(hcon);
4810 hci_conn_add_sysfs(hcon);
4812 amp_physical_cfm(bredr_hcon, hcon);
4814 hci_dev_unlock(hdev);
4817 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4819 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4820 struct hci_conn *hcon;
4821 struct hci_chan *hchan;
4822 struct amp_mgr *mgr;
4824 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4825 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4828 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4832 /* Create AMP hchan */
4833 hchan = hci_chan_create(hcon);
4837 hchan->handle = le16_to_cpu(ev->handle);
4839 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4841 mgr = hcon->amp_mgr;
4842 if (mgr && mgr->bredr_chan) {
4843 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4845 l2cap_chan_lock(bredr_chan);
4847 bredr_chan->conn->mtu = hdev->block_mtu;
4848 l2cap_logical_cfm(bredr_chan, hchan, 0);
4849 hci_conn_hold(hcon);
4851 l2cap_chan_unlock(bredr_chan);
4855 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4856 struct sk_buff *skb)
4858 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4859 struct hci_chan *hchan;
4861 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4862 le16_to_cpu(ev->handle), ev->status);
4869 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4873 amp_destroy_logical_link(hchan, ev->reason);
4876 hci_dev_unlock(hdev);
4879 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4880 struct sk_buff *skb)
4882 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4883 struct hci_conn *hcon;
4885 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4892 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4894 hcon->state = BT_CLOSED;
4898 hci_dev_unlock(hdev);
4902 static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
4903 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
4904 u16 interval, u16 latency, u16 supervision_timeout)
4906 struct hci_conn_params *params;
4907 struct hci_conn *conn;
4908 struct smp_irk *irk;
4913 /* All controllers implicitly stop advertising in the event of a
4914 * connection, so ensure that the state bit is cleared.
4916 hci_dev_clear_flag(hdev, HCI_LE_ADV);
4918 conn = hci_lookup_le_connect(hdev);
4920 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
4922 bt_dev_err(hdev, "no memory for new connection");
4926 conn->dst_type = bdaddr_type;
4928 /* If we didn't have a hci_conn object previously
4929 * but we're in master role this must be something
4930 * initiated using a white list. Since white list based
4931 * connections are not "first class citizens" we don't
4932 * have full tracking of them. Therefore, we go ahead
4933 * with a "best effort" approach of determining the
4934 * initiator address based on the HCI_PRIVACY flag.
4937 conn->resp_addr_type = bdaddr_type;
4938 bacpy(&conn->resp_addr, bdaddr);
4939 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4940 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4941 bacpy(&conn->init_addr, &hdev->rpa);
4943 hci_copy_identity_address(hdev,
4945 &conn->init_addr_type);
4949 cancel_delayed_work(&conn->le_conn_timeout);
4953 /* Set the responder (our side) address type based on
4954 * the advertising address type.
4956 conn->resp_addr_type = hdev->adv_addr_type;
4957 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
4958 /* In case of ext adv, resp_addr will be updated in
4959 * Adv Terminated event.
4961 if (!ext_adv_capable(hdev))
4962 bacpy(&conn->resp_addr, &hdev->random_addr);
4964 bacpy(&conn->resp_addr, &hdev->bdaddr);
4967 conn->init_addr_type = bdaddr_type;
4968 bacpy(&conn->init_addr, bdaddr);
4970 /* For incoming connections, set the default minimum
4971 * and maximum connection interval. They will be used
4972 * to check if the parameters are in range and if not
4973 * trigger the connection update procedure.
4975 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4976 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4979 /* Lookup the identity address from the stored connection
4980 * address and address type.
4982 * When establishing connections to an identity address, the
4983 * connection procedure will store the resolvable random
4984 * address first. Now if it can be converted back into the
4985 * identity address, start using the identity address from
4988 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4990 bacpy(&conn->dst, &irk->bdaddr);
4991 conn->dst_type = irk->addr_type;
4995 hci_le_conn_failed(conn, status);
4999 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5000 addr_type = BDADDR_LE_PUBLIC;
5002 addr_type = BDADDR_LE_RANDOM;
5004 /* Drop the connection if the device is blocked */
5005 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
5006 hci_conn_drop(conn);
5010 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
5011 mgmt_device_connected(hdev, conn, 0, NULL, 0);
5013 conn->sec_level = BT_SECURITY_LOW;
5014 conn->handle = handle;
5015 conn->state = BT_CONFIG;
5017 conn->le_conn_interval = interval;
5018 conn->le_conn_latency = latency;
5019 conn->le_supv_timeout = supervision_timeout;
5021 hci_debugfs_create_conn(conn);
5022 hci_conn_add_sysfs(conn);
5024 /* The remote features procedure is defined for master
5025 * role only. So only in case of an initiated connection
5026 * request the remote features.
5028 * If the local controller supports slave-initiated features
5029 * exchange, then requesting the remote features in slave
5030 * role is possible. Otherwise just transition into the
5031 * connected state without requesting the remote features.
5034 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5035 struct hci_cp_le_read_remote_features cp;
5037 cp.handle = __cpu_to_le16(conn->handle);
5039 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5042 hci_conn_hold(conn);
5044 conn->state = BT_CONNECTED;
5045 hci_connect_cfm(conn, status);
5048 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5051 list_del_init(¶ms->action);
5053 hci_conn_drop(params->conn);
5054 hci_conn_put(params->conn);
5055 params->conn = NULL;
5060 hci_update_background_scan(hdev);
5061 hci_dev_unlock(hdev);
5064 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5066 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
5068 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5070 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5071 ev->role, le16_to_cpu(ev->handle),
5072 le16_to_cpu(ev->interval),
5073 le16_to_cpu(ev->latency),
5074 le16_to_cpu(ev->supervision_timeout));
5077 static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5078 struct sk_buff *skb)
5080 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5082 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5084 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5085 ev->role, le16_to_cpu(ev->handle),
5086 le16_to_cpu(ev->interval),
5087 le16_to_cpu(ev->latency),
5088 le16_to_cpu(ev->supervision_timeout));
5091 static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5093 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5094 struct hci_conn *conn;
5096 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5103 struct adv_info *adv_instance;
5105 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5108 if (!hdev->cur_adv_instance) {
5109 bacpy(&conn->resp_addr, &hdev->random_addr);
5113 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5115 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5119 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5120 struct sk_buff *skb)
5122 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5123 struct hci_conn *conn;
5125 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5134 conn->le_conn_interval = le16_to_cpu(ev->interval);
5135 conn->le_conn_latency = le16_to_cpu(ev->latency);
5136 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5139 hci_dev_unlock(hdev);
5142 /* This function requires the caller holds hdev->lock */
5143 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5145 u8 addr_type, u8 adv_type,
5146 bdaddr_t *direct_rpa)
5148 struct hci_conn *conn;
5149 struct hci_conn_params *params;
5151 /* If the event is not connectable don't proceed further */
5152 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
5155 /* Ignore if the device is blocked */
5156 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
5159 /* Most controller will fail if we try to create new connections
5160 * while we have an existing one in slave role.
5162 if (hdev->conn_hash.le_num_slave > 0)
5165 /* If we're not connectable only connect devices that we have in
5166 * our pend_le_conns list.
5168 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5173 if (!params->explicit_connect) {
5174 switch (params->auto_connect) {
5175 case HCI_AUTO_CONN_DIRECT:
5176 /* Only devices advertising with ADV_DIRECT_IND are
5177 * triggering a connection attempt. This is allowing
5178 * incoming connections from slave devices.
5180 if (adv_type != LE_ADV_DIRECT_IND)
5183 case HCI_AUTO_CONN_ALWAYS:
5184 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5185 * are triggering a connection attempt. This means
5186 * that incoming connectioms from slave device are
5187 * accepted and also outgoing connections to slave
5188 * devices are established when found.
5196 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
5197 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER,
5199 if (!IS_ERR(conn)) {
5200 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5201 * by higher layer that tried to connect, if no then
5202 * store the pointer since we don't really have any
5203 * other owner of the object besides the params that
5204 * triggered it. This way we can abort the connection if
5205 * the parameters get removed and keep the reference
5206 * count consistent once the connection is established.
5209 if (!params->explicit_connect)
5210 params->conn = hci_conn_get(conn);
5215 switch (PTR_ERR(conn)) {
5217 /* If hci_connect() returns -EBUSY it means there is already
5218 * an LE connection attempt going on. Since controllers don't
5219 * support more than one connection attempt at the time, we
5220 * don't consider this an error case.
5224 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
5231 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
5232 u8 bdaddr_type, bdaddr_t *direct_addr,
5233 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
5235 struct discovery_state *d = &hdev->discovery;
5236 struct smp_irk *irk;
5237 struct hci_conn *conn;
5244 case LE_ADV_DIRECT_IND:
5245 case LE_ADV_SCAN_IND:
5246 case LE_ADV_NONCONN_IND:
5247 case LE_ADV_SCAN_RSP:
5250 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5251 "type: 0x%02x", type);
5255 /* Find the end of the data in case the report contains padded zero
5256 * bytes at the end causing an invalid length value.
5258 * When data is NULL, len is 0 so there is no need for extra ptr
5259 * check as 'ptr < data + 0' is already false in such case.
5261 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5262 if (ptr + 1 + *ptr > data + len)
5266 real_len = ptr - data;
5268 /* Adjust for actual length */
5269 if (len != real_len) {
5270 bt_dev_err_ratelimited(hdev, "advertising data len corrected");
5274 /* If the direct address is present, then this report is from
5275 * a LE Direct Advertising Report event. In that case it is
5276 * important to see if the address is matching the local
5277 * controller address.
5280 /* Only resolvable random addresses are valid for these
5281 * kind of reports and others can be ignored.
5283 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5286 /* If the controller is not using resolvable random
5287 * addresses, then this report can be ignored.
5289 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
5292 /* If the local IRK of the controller does not match
5293 * with the resolvable random address provided, then
5294 * this report can be ignored.
5296 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5300 /* Check if we need to convert to identity address */
5301 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5303 bdaddr = &irk->bdaddr;
5304 bdaddr_type = irk->addr_type;
5307 /* Check if we have been requested to connect to this device.
5309 * direct_addr is set only for directed advertising reports (it is NULL
5310 * for advertising reports) and is already verified to be RPA above.
5312 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5314 if (conn && type == LE_ADV_IND) {
5315 /* Store report for later inclusion by
5316 * mgmt_device_connected
5318 memcpy(conn->le_adv_data, data, len);
5319 conn->le_adv_data_len = len;
5322 /* Passive scanning shouldn't trigger any device found events,
5323 * except for devices marked as CONN_REPORT for which we do send
5324 * device found events.
5326 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
5327 if (type == LE_ADV_DIRECT_IND)
5330 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
5331 bdaddr, bdaddr_type))
5334 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5335 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5338 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5339 rssi, flags, data, len, NULL, 0);
5343 /* When receiving non-connectable or scannable undirected
5344 * advertising reports, this means that the remote device is
5345 * not connectable and then clearly indicate this in the
5346 * device found event.
5348 * When receiving a scan response, then there is no way to
5349 * know if the remote device is connectable or not. However
5350 * since scan responses are merged with a previously seen
5351 * advertising report, the flags field from that report
5354 * In the really unlikely case that a controller get confused
5355 * and just sends a scan response event, then it is marked as
5356 * not connectable as well.
5358 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5359 type == LE_ADV_SCAN_RSP)
5360 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5364 /* If there's nothing pending either store the data from this
5365 * event or send an immediate device found event if the data
5366 * should not be stored for later.
5368 if (!has_pending_adv_report(hdev)) {
5369 /* If the report will trigger a SCAN_REQ store it for
5372 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5373 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5374 rssi, flags, data, len);
5378 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5379 rssi, flags, data, len, NULL, 0);
5383 /* Check if the pending report is for the same device as the new one */
5384 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5385 bdaddr_type == d->last_adv_addr_type);
5387 /* If the pending data doesn't match this report or this isn't a
5388 * scan response (e.g. we got a duplicate ADV_IND) then force
5389 * sending of the pending data.
5391 if (type != LE_ADV_SCAN_RSP || !match) {
5392 /* Send out whatever is in the cache, but skip duplicates */
5394 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5395 d->last_adv_addr_type, NULL,
5396 d->last_adv_rssi, d->last_adv_flags,
5398 d->last_adv_data_len, NULL, 0);
5400 /* If the new report will trigger a SCAN_REQ store it for
5403 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5404 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5405 rssi, flags, data, len);
5409 /* The advertising reports cannot be merged, so clear
5410 * the pending report and send out a device found event.
5412 clear_pending_adv_report(hdev);
5413 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5414 rssi, flags, data, len, NULL, 0);
5418 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5419 * the new event is a SCAN_RSP. We can therefore proceed with
5420 * sending a merged device found event.
5422 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5423 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5424 d->last_adv_data, d->last_adv_data_len, data, len);
5425 clear_pending_adv_report(hdev);
5428 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5430 u8 num_reports = skb->data[0];
5431 void *ptr = &skb->data[1];
5435 while (num_reports--) {
5436 struct hci_ev_le_advertising_info *ev = ptr;
5439 if (ev->length <= HCI_MAX_AD_LENGTH) {
5440 rssi = ev->data[ev->length];
5441 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5442 ev->bdaddr_type, NULL, 0, rssi,
5443 ev->data, ev->length);
5445 bt_dev_err(hdev, "Dropping invalid advertising data");
5448 ptr += sizeof(*ev) + ev->length + 1;
5451 hci_dev_unlock(hdev);
5454 static u8 ext_evt_type_to_legacy(u16 evt_type)
5456 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5458 case LE_LEGACY_ADV_IND:
5460 case LE_LEGACY_ADV_DIRECT_IND:
5461 return LE_ADV_DIRECT_IND;
5462 case LE_LEGACY_ADV_SCAN_IND:
5463 return LE_ADV_SCAN_IND;
5464 case LE_LEGACY_NONCONN_IND:
5465 return LE_ADV_NONCONN_IND;
5466 case LE_LEGACY_SCAN_RSP_ADV:
5467 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5468 return LE_ADV_SCAN_RSP;
5471 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5474 return LE_ADV_INVALID;
5477 if (evt_type & LE_EXT_ADV_CONN_IND) {
5478 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5479 return LE_ADV_DIRECT_IND;
5484 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5485 return LE_ADV_SCAN_RSP;
5487 if (evt_type & LE_EXT_ADV_SCAN_IND)
5488 return LE_ADV_SCAN_IND;
5490 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5491 evt_type & LE_EXT_ADV_DIRECT_IND)
5492 return LE_ADV_NONCONN_IND;
5494 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5497 return LE_ADV_INVALID;
5500 static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5502 u8 num_reports = skb->data[0];
5503 void *ptr = &skb->data[1];
5507 while (num_reports--) {
5508 struct hci_ev_le_ext_adv_report *ev = ptr;
5512 evt_type = __le16_to_cpu(ev->evt_type);
5513 legacy_evt_type = ext_evt_type_to_legacy(evt_type);
5514 if (legacy_evt_type != LE_ADV_INVALID) {
5515 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5516 ev->bdaddr_type, NULL, 0, ev->rssi,
5517 ev->data, ev->length);
5520 ptr += sizeof(*ev) + ev->length;
5523 hci_dev_unlock(hdev);
5526 static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5527 struct sk_buff *skb)
5529 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5530 struct hci_conn *conn;
5532 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5536 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5539 memcpy(conn->features[0], ev->features, 8);
5541 if (conn->state == BT_CONFIG) {
5544 /* If the local controller supports slave-initiated
5545 * features exchange, but the remote controller does
5546 * not, then it is possible that the error code 0x1a
5547 * for unsupported remote feature gets returned.
5549 * In this specific case, allow the connection to
5550 * transition into connected state and mark it as
5553 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5554 !conn->out && ev->status == 0x1a)
5557 status = ev->status;
5559 conn->state = BT_CONNECTED;
5560 hci_connect_cfm(conn, status);
5561 hci_conn_drop(conn);
5565 hci_dev_unlock(hdev);
5568 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5570 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5571 struct hci_cp_le_ltk_reply cp;
5572 struct hci_cp_le_ltk_neg_reply neg;
5573 struct hci_conn *conn;
5574 struct smp_ltk *ltk;
5576 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5584 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5588 if (smp_ltk_is_sc(ltk)) {
5589 /* With SC both EDiv and Rand are set to zero */
5590 if (ev->ediv || ev->rand)
5593 /* For non-SC keys check that EDiv and Rand match */
5594 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5598 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5599 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
5600 cp.handle = cpu_to_le16(conn->handle);
5602 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5604 conn->enc_key_size = ltk->enc_size;
5606 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5608 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5609 * temporary key used to encrypt a connection following
5610 * pairing. It is used during the Encrypted Session Setup to
5611 * distribute the keys. Later, security can be re-established
5612 * using a distributed LTK.
5614 if (ltk->type == SMP_STK) {
5615 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5616 list_del_rcu(<k->list);
5617 kfree_rcu(ltk, rcu);
5619 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5622 hci_dev_unlock(hdev);
5627 neg.handle = ev->handle;
5628 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5629 hci_dev_unlock(hdev);
5632 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5635 struct hci_cp_le_conn_param_req_neg_reply cp;
5637 cp.handle = cpu_to_le16(handle);
5640 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5644 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5645 struct sk_buff *skb)
5647 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5648 struct hci_cp_le_conn_param_req_reply cp;
5649 struct hci_conn *hcon;
5650 u16 handle, min, max, latency, timeout;
5652 handle = le16_to_cpu(ev->handle);
5653 min = le16_to_cpu(ev->interval_min);
5654 max = le16_to_cpu(ev->interval_max);
5655 latency = le16_to_cpu(ev->latency);
5656 timeout = le16_to_cpu(ev->timeout);
5658 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5659 if (!hcon || hcon->state != BT_CONNECTED)
5660 return send_conn_param_neg_reply(hdev, handle,
5661 HCI_ERROR_UNKNOWN_CONN_ID);
5663 if (hci_check_conn_params(min, max, latency, timeout))
5664 return send_conn_param_neg_reply(hdev, handle,
5665 HCI_ERROR_INVALID_LL_PARAMS);
5667 if (hcon->role == HCI_ROLE_MASTER) {
5668 struct hci_conn_params *params;
5673 params = hci_conn_params_lookup(hdev, &hcon->dst,
5676 params->conn_min_interval = min;
5677 params->conn_max_interval = max;
5678 params->conn_latency = latency;
5679 params->supervision_timeout = timeout;
5685 hci_dev_unlock(hdev);
5687 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5688 store_hint, min, max, latency, timeout);
5691 cp.handle = ev->handle;
5692 cp.interval_min = ev->interval_min;
5693 cp.interval_max = ev->interval_max;
5694 cp.latency = ev->latency;
5695 cp.timeout = ev->timeout;
5699 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5702 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5703 struct sk_buff *skb)
5705 u8 num_reports = skb->data[0];
5706 void *ptr = &skb->data[1];
5710 while (num_reports--) {
5711 struct hci_ev_le_direct_adv_info *ev = ptr;
5713 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5714 ev->bdaddr_type, &ev->direct_addr,
5715 ev->direct_addr_type, ev->rssi, NULL, 0);
5720 hci_dev_unlock(hdev);
5723 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5725 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5727 skb_pull(skb, sizeof(*le_ev));
5729 switch (le_ev->subevent) {
5730 case HCI_EV_LE_CONN_COMPLETE:
5731 hci_le_conn_complete_evt(hdev, skb);
5734 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5735 hci_le_conn_update_complete_evt(hdev, skb);
5738 case HCI_EV_LE_ADVERTISING_REPORT:
5739 hci_le_adv_report_evt(hdev, skb);
5742 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5743 hci_le_remote_feat_complete_evt(hdev, skb);
5746 case HCI_EV_LE_LTK_REQ:
5747 hci_le_ltk_request_evt(hdev, skb);
5750 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5751 hci_le_remote_conn_param_req_evt(hdev, skb);
5754 case HCI_EV_LE_DIRECT_ADV_REPORT:
5755 hci_le_direct_adv_report_evt(hdev, skb);
5758 case HCI_EV_LE_EXT_ADV_REPORT:
5759 hci_le_ext_adv_report_evt(hdev, skb);
5762 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5763 hci_le_enh_conn_complete_evt(hdev, skb);
5766 case HCI_EV_LE_EXT_ADV_SET_TERM:
5767 hci_le_ext_adv_term_evt(hdev, skb);
5775 static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5776 u8 event, struct sk_buff *skb)
5778 struct hci_ev_cmd_complete *ev;
5779 struct hci_event_hdr *hdr;
5784 if (skb->len < sizeof(*hdr)) {
5785 bt_dev_err(hdev, "too short HCI event");
5789 hdr = (void *) skb->data;
5790 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5793 if (hdr->evt != event)
5798 /* Check if request ended in Command Status - no way to retreive
5799 * any extra parameters in this case.
5801 if (hdr->evt == HCI_EV_CMD_STATUS)
5804 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5805 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5810 if (skb->len < sizeof(*ev)) {
5811 bt_dev_err(hdev, "too short cmd_complete event");
5815 ev = (void *) skb->data;
5816 skb_pull(skb, sizeof(*ev));
5818 if (opcode != __le16_to_cpu(ev->opcode)) {
5819 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5820 __le16_to_cpu(ev->opcode));
5827 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5829 struct hci_event_hdr *hdr = (void *) skb->data;
5830 hci_req_complete_t req_complete = NULL;
5831 hci_req_complete_skb_t req_complete_skb = NULL;
5832 struct sk_buff *orig_skb = NULL;
5833 u8 status = 0, event = hdr->evt, req_evt = 0;
5834 u16 opcode = HCI_OP_NOP;
5836 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
5837 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5838 opcode = __le16_to_cpu(cmd_hdr->opcode);
5839 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5844 /* If it looks like we might end up having to call
5845 * req_complete_skb, store a pristine copy of the skb since the
5846 * various handlers may modify the original one through
5847 * skb_pull() calls, etc.
5849 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5850 event == HCI_EV_CMD_COMPLETE)
5851 orig_skb = skb_clone(skb, GFP_KERNEL);
5853 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5856 case HCI_EV_INQUIRY_COMPLETE:
5857 hci_inquiry_complete_evt(hdev, skb);
5860 case HCI_EV_INQUIRY_RESULT:
5861 hci_inquiry_result_evt(hdev, skb);
5864 case HCI_EV_CONN_COMPLETE:
5865 hci_conn_complete_evt(hdev, skb);
5868 case HCI_EV_CONN_REQUEST:
5869 hci_conn_request_evt(hdev, skb);
5872 case HCI_EV_DISCONN_COMPLETE:
5873 hci_disconn_complete_evt(hdev, skb);
5876 case HCI_EV_AUTH_COMPLETE:
5877 hci_auth_complete_evt(hdev, skb);
5880 case HCI_EV_REMOTE_NAME:
5881 hci_remote_name_evt(hdev, skb);
5884 case HCI_EV_ENCRYPT_CHANGE:
5885 hci_encrypt_change_evt(hdev, skb);
5888 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5889 hci_change_link_key_complete_evt(hdev, skb);
5892 case HCI_EV_REMOTE_FEATURES:
5893 hci_remote_features_evt(hdev, skb);
5896 case HCI_EV_CMD_COMPLETE:
5897 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
5898 &req_complete, &req_complete_skb);
5901 case HCI_EV_CMD_STATUS:
5902 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
5906 case HCI_EV_HARDWARE_ERROR:
5907 hci_hardware_error_evt(hdev, skb);
5910 case HCI_EV_ROLE_CHANGE:
5911 hci_role_change_evt(hdev, skb);
5914 case HCI_EV_NUM_COMP_PKTS:
5915 hci_num_comp_pkts_evt(hdev, skb);
5918 case HCI_EV_MODE_CHANGE:
5919 hci_mode_change_evt(hdev, skb);
5922 case HCI_EV_PIN_CODE_REQ:
5923 hci_pin_code_request_evt(hdev, skb);
5926 case HCI_EV_LINK_KEY_REQ:
5927 hci_link_key_request_evt(hdev, skb);
5930 case HCI_EV_LINK_KEY_NOTIFY:
5931 hci_link_key_notify_evt(hdev, skb);
5934 case HCI_EV_CLOCK_OFFSET:
5935 hci_clock_offset_evt(hdev, skb);
5938 case HCI_EV_PKT_TYPE_CHANGE:
5939 hci_pkt_type_change_evt(hdev, skb);
5942 case HCI_EV_PSCAN_REP_MODE:
5943 hci_pscan_rep_mode_evt(hdev, skb);
5946 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5947 hci_inquiry_result_with_rssi_evt(hdev, skb);
5950 case HCI_EV_REMOTE_EXT_FEATURES:
5951 hci_remote_ext_features_evt(hdev, skb);
5954 case HCI_EV_SYNC_CONN_COMPLETE:
5955 hci_sync_conn_complete_evt(hdev, skb);
5958 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5959 hci_extended_inquiry_result_evt(hdev, skb);
5962 case HCI_EV_KEY_REFRESH_COMPLETE:
5963 hci_key_refresh_complete_evt(hdev, skb);
5966 case HCI_EV_IO_CAPA_REQUEST:
5967 hci_io_capa_request_evt(hdev, skb);
5970 case HCI_EV_IO_CAPA_REPLY:
5971 hci_io_capa_reply_evt(hdev, skb);
5974 case HCI_EV_USER_CONFIRM_REQUEST:
5975 hci_user_confirm_request_evt(hdev, skb);
5978 case HCI_EV_USER_PASSKEY_REQUEST:
5979 hci_user_passkey_request_evt(hdev, skb);
5982 case HCI_EV_USER_PASSKEY_NOTIFY:
5983 hci_user_passkey_notify_evt(hdev, skb);
5986 case HCI_EV_KEYPRESS_NOTIFY:
5987 hci_keypress_notify_evt(hdev, skb);
5990 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5991 hci_simple_pair_complete_evt(hdev, skb);
5994 case HCI_EV_REMOTE_HOST_FEATURES:
5995 hci_remote_host_features_evt(hdev, skb);
5998 case HCI_EV_LE_META:
5999 hci_le_meta_evt(hdev, skb);
6002 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
6003 hci_remote_oob_data_request_evt(hdev, skb);
6006 #if IS_ENABLED(CONFIG_BT_HS)
6007 case HCI_EV_CHANNEL_SELECTED:
6008 hci_chan_selected_evt(hdev, skb);
6011 case HCI_EV_PHY_LINK_COMPLETE:
6012 hci_phy_link_complete_evt(hdev, skb);
6015 case HCI_EV_LOGICAL_LINK_COMPLETE:
6016 hci_loglink_complete_evt(hdev, skb);
6019 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
6020 hci_disconn_loglink_complete_evt(hdev, skb);
6023 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
6024 hci_disconn_phylink_complete_evt(hdev, skb);
6028 case HCI_EV_NUM_COMP_BLOCKS:
6029 hci_num_comp_blocks_evt(hdev, skb);
6033 BT_DBG("%s event 0x%2.2x", hdev->name, event);
6038 req_complete(hdev, status, opcode);
6039 } else if (req_complete_skb) {
6040 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
6041 kfree_skb(orig_skb);
6044 req_complete_skb(hdev, status, opcode, orig_skb);
6047 kfree_skb(orig_skb);
6049 hdev->stat.evt_rx++;
git.samba.org / sfrench / cifs-2.6.git / blob