2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
41 __u8 status
= *((__u8
*) skb
->data
);
43 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
48 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
53 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
56 hci_conn_check_pending(hdev
);
59 static void hci_cc_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
61 __u8 status
= *((__u8
*) skb
->data
);
63 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
68 set_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
71 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
73 __u8 status
= *((__u8
*) skb
->data
);
75 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
80 clear_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
82 hci_conn_check_pending(hdev
);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
,
88 BT_DBG("%s", hdev
->name
);
91 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
93 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
94 struct hci_conn
*conn
;
96 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
103 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
106 clear_bit(HCI_CONN_MASTER
, &conn
->flags
);
108 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
111 hci_dev_unlock(hdev
);
114 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
116 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
117 struct hci_conn
*conn
;
119 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
126 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
128 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
130 hci_dev_unlock(hdev
);
133 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
135 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
136 struct hci_conn
*conn
;
139 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
144 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
150 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
152 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
154 hci_dev_unlock(hdev
);
157 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
,
160 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
162 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
167 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
170 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
,
173 __u8 status
= *((__u8
*) skb
->data
);
176 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
181 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
185 hdev
->link_policy
= get_unaligned_le16(sent
);
188 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
190 __u8 status
= *((__u8
*) skb
->data
);
192 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
194 clear_bit(HCI_RESET
, &hdev
->flags
);
196 /* Reset all non-persistent flags */
197 hdev
->dev_flags
&= ~HCI_PERSISTENT_MASK
;
199 hdev
->discovery
.state
= DISCOVERY_STOPPED
;
200 hdev
->inq_tx_power
= HCI_TX_POWER_INVALID
;
201 hdev
->adv_tx_power
= HCI_TX_POWER_INVALID
;
203 memset(hdev
->adv_data
, 0, sizeof(hdev
->adv_data
));
204 hdev
->adv_data_len
= 0;
206 memset(hdev
->scan_rsp_data
, 0, sizeof(hdev
->scan_rsp_data
));
207 hdev
->scan_rsp_data_len
= 0;
209 hdev
->le_scan_type
= LE_SCAN_PASSIVE
;
211 hdev
->ssp_debug_mode
= 0;
214 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
216 __u8 status
= *((__u8
*) skb
->data
);
219 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
221 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
227 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
228 mgmt_set_local_name_complete(hdev
, sent
, status
);
230 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
232 hci_dev_unlock(hdev
);
235 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
237 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
239 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
244 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
245 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
248 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
250 __u8 status
= *((__u8
*) skb
->data
);
253 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
255 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
260 __u8 param
= *((__u8
*) sent
);
262 if (param
== AUTH_ENABLED
)
263 set_bit(HCI_AUTH
, &hdev
->flags
);
265 clear_bit(HCI_AUTH
, &hdev
->flags
);
268 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
269 mgmt_auth_enable_complete(hdev
, status
);
272 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
274 __u8 status
= *((__u8
*) skb
->data
);
278 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
283 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
287 param
= *((__u8
*) sent
);
290 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
292 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
295 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
297 __u8 status
= *((__u8
*) skb
->data
);
299 int old_pscan
, old_iscan
;
302 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
304 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
308 param
= *((__u8
*) sent
);
313 mgmt_write_scan_failed(hdev
, param
, status
);
314 hdev
->discov_timeout
= 0;
318 /* We need to ensure that we set this back on if someone changed
319 * the scan mode through a raw HCI socket.
321 set_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
323 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
324 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
326 if (param
& SCAN_INQUIRY
) {
327 set_bit(HCI_ISCAN
, &hdev
->flags
);
329 mgmt_discoverable(hdev
, 1);
330 } else if (old_iscan
)
331 mgmt_discoverable(hdev
, 0);
333 if (param
& SCAN_PAGE
) {
334 set_bit(HCI_PSCAN
, &hdev
->flags
);
336 mgmt_connectable(hdev
, 1);
337 } else if (old_pscan
)
338 mgmt_connectable(hdev
, 0);
341 hci_dev_unlock(hdev
);
344 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
346 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
348 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
353 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
355 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
356 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
359 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
361 __u8 status
= *((__u8
*) skb
->data
);
364 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
366 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
373 memcpy(hdev
->dev_class
, sent
, 3);
375 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
376 mgmt_set_class_of_dev_complete(hdev
, sent
, status
);
378 hci_dev_unlock(hdev
);
381 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
383 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
386 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
391 setting
= __le16_to_cpu(rp
->voice_setting
);
393 if (hdev
->voice_setting
== setting
)
396 hdev
->voice_setting
= setting
;
398 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
401 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
404 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
,
407 __u8 status
= *((__u8
*) skb
->data
);
411 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
416 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
420 setting
= get_unaligned_le16(sent
);
422 if (hdev
->voice_setting
== setting
)
425 hdev
->voice_setting
= setting
;
427 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
430 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
433 static void hci_cc_read_num_supported_iac(struct hci_dev
*hdev
,
436 struct hci_rp_read_num_supported_iac
*rp
= (void *) skb
->data
;
438 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
443 hdev
->num_iac
= rp
->num_iac
;
445 BT_DBG("%s num iac %d", hdev
->name
, hdev
->num_iac
);
448 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
450 __u8 status
= *((__u8
*) skb
->data
);
451 struct hci_cp_write_ssp_mode
*sent
;
453 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
455 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
461 hdev
->features
[1][0] |= LMP_HOST_SSP
;
463 hdev
->features
[1][0] &= ~LMP_HOST_SSP
;
466 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
467 mgmt_ssp_enable_complete(hdev
, sent
->mode
, status
);
470 set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
472 clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
476 static void hci_cc_write_sc_support(struct hci_dev
*hdev
, struct sk_buff
*skb
)
478 u8 status
= *((u8
*) skb
->data
);
479 struct hci_cp_write_sc_support
*sent
;
481 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
483 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SC_SUPPORT
);
489 hdev
->features
[1][0] |= LMP_HOST_SC
;
491 hdev
->features
[1][0] &= ~LMP_HOST_SC
;
494 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
495 mgmt_sc_enable_complete(hdev
, sent
->support
, status
);
498 set_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
500 clear_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
504 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
506 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
508 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
513 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
)) {
514 hdev
->hci_ver
= rp
->hci_ver
;
515 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
516 hdev
->lmp_ver
= rp
->lmp_ver
;
517 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
518 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
522 static void hci_cc_read_local_commands(struct hci_dev
*hdev
,
525 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
527 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
532 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
533 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
536 static void hci_cc_read_local_features(struct hci_dev
*hdev
,
539 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
541 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
546 memcpy(hdev
->features
, rp
->features
, 8);
548 /* Adjust default settings according to features
549 * supported by device. */
551 if (hdev
->features
[0][0] & LMP_3SLOT
)
552 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
554 if (hdev
->features
[0][0] & LMP_5SLOT
)
555 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
557 if (hdev
->features
[0][1] & LMP_HV2
) {
558 hdev
->pkt_type
|= (HCI_HV2
);
559 hdev
->esco_type
|= (ESCO_HV2
);
562 if (hdev
->features
[0][1] & LMP_HV3
) {
563 hdev
->pkt_type
|= (HCI_HV3
);
564 hdev
->esco_type
|= (ESCO_HV3
);
567 if (lmp_esco_capable(hdev
))
568 hdev
->esco_type
|= (ESCO_EV3
);
570 if (hdev
->features
[0][4] & LMP_EV4
)
571 hdev
->esco_type
|= (ESCO_EV4
);
573 if (hdev
->features
[0][4] & LMP_EV5
)
574 hdev
->esco_type
|= (ESCO_EV5
);
576 if (hdev
->features
[0][5] & LMP_EDR_ESCO_2M
)
577 hdev
->esco_type
|= (ESCO_2EV3
);
579 if (hdev
->features
[0][5] & LMP_EDR_ESCO_3M
)
580 hdev
->esco_type
|= (ESCO_3EV3
);
582 if (hdev
->features
[0][5] & LMP_EDR_3S_ESCO
)
583 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
586 static void hci_cc_read_local_ext_features(struct hci_dev
*hdev
,
589 struct hci_rp_read_local_ext_features
*rp
= (void *) skb
->data
;
591 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
596 if (hdev
->max_page
< rp
->max_page
)
597 hdev
->max_page
= rp
->max_page
;
599 if (rp
->page
< HCI_MAX_PAGES
)
600 memcpy(hdev
->features
[rp
->page
], rp
->features
, 8);
603 static void hci_cc_read_flow_control_mode(struct hci_dev
*hdev
,
606 struct hci_rp_read_flow_control_mode
*rp
= (void *) skb
->data
;
608 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
613 hdev
->flow_ctl_mode
= rp
->mode
;
616 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
618 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
620 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
625 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
626 hdev
->sco_mtu
= rp
->sco_mtu
;
627 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
628 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
630 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
635 hdev
->acl_cnt
= hdev
->acl_pkts
;
636 hdev
->sco_cnt
= hdev
->sco_pkts
;
638 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
, hdev
->acl_mtu
,
639 hdev
->acl_pkts
, hdev
->sco_mtu
, hdev
->sco_pkts
);
642 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
644 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
646 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
651 if (test_bit(HCI_INIT
, &hdev
->flags
))
652 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
654 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
655 bacpy(&hdev
->setup_addr
, &rp
->bdaddr
);
658 static void hci_cc_read_page_scan_activity(struct hci_dev
*hdev
,
661 struct hci_rp_read_page_scan_activity
*rp
= (void *) skb
->data
;
663 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
668 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
669 hdev
->page_scan_interval
= __le16_to_cpu(rp
->interval
);
670 hdev
->page_scan_window
= __le16_to_cpu(rp
->window
);
674 static void hci_cc_write_page_scan_activity(struct hci_dev
*hdev
,
677 u8 status
= *((u8
*) skb
->data
);
678 struct hci_cp_write_page_scan_activity
*sent
;
680 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
685 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
);
689 hdev
->page_scan_interval
= __le16_to_cpu(sent
->interval
);
690 hdev
->page_scan_window
= __le16_to_cpu(sent
->window
);
693 static void hci_cc_read_page_scan_type(struct hci_dev
*hdev
,
696 struct hci_rp_read_page_scan_type
*rp
= (void *) skb
->data
;
698 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
703 if (test_bit(HCI_INIT
, &hdev
->flags
))
704 hdev
->page_scan_type
= rp
->type
;
707 static void hci_cc_write_page_scan_type(struct hci_dev
*hdev
,
710 u8 status
= *((u8
*) skb
->data
);
713 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
718 type
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
);
720 hdev
->page_scan_type
= *type
;
723 static void hci_cc_read_data_block_size(struct hci_dev
*hdev
,
726 struct hci_rp_read_data_block_size
*rp
= (void *) skb
->data
;
728 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
733 hdev
->block_mtu
= __le16_to_cpu(rp
->max_acl_len
);
734 hdev
->block_len
= __le16_to_cpu(rp
->block_len
);
735 hdev
->num_blocks
= __le16_to_cpu(rp
->num_blocks
);
737 hdev
->block_cnt
= hdev
->num_blocks
;
739 BT_DBG("%s blk mtu %d cnt %d len %d", hdev
->name
, hdev
->block_mtu
,
740 hdev
->block_cnt
, hdev
->block_len
);
743 static void hci_cc_read_clock(struct hci_dev
*hdev
, struct sk_buff
*skb
)
745 struct hci_rp_read_clock
*rp
= (void *) skb
->data
;
746 struct hci_cp_read_clock
*cp
;
747 struct hci_conn
*conn
;
749 BT_DBG("%s", hdev
->name
);
751 if (skb
->len
< sizeof(*rp
))
759 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
763 if (cp
->which
== 0x00) {
764 hdev
->clock
= le32_to_cpu(rp
->clock
);
768 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
770 conn
->clock
= le32_to_cpu(rp
->clock
);
771 conn
->clock_accuracy
= le16_to_cpu(rp
->accuracy
);
775 hci_dev_unlock(hdev
);
778 static void hci_cc_read_local_amp_info(struct hci_dev
*hdev
,
781 struct hci_rp_read_local_amp_info
*rp
= (void *) skb
->data
;
783 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
788 hdev
->amp_status
= rp
->amp_status
;
789 hdev
->amp_total_bw
= __le32_to_cpu(rp
->total_bw
);
790 hdev
->amp_max_bw
= __le32_to_cpu(rp
->max_bw
);
791 hdev
->amp_min_latency
= __le32_to_cpu(rp
->min_latency
);
792 hdev
->amp_max_pdu
= __le32_to_cpu(rp
->max_pdu
);
793 hdev
->amp_type
= rp
->amp_type
;
794 hdev
->amp_pal_cap
= __le16_to_cpu(rp
->pal_cap
);
795 hdev
->amp_assoc_size
= __le16_to_cpu(rp
->max_assoc_size
);
796 hdev
->amp_be_flush_to
= __le32_to_cpu(rp
->be_flush_to
);
797 hdev
->amp_max_flush_to
= __le32_to_cpu(rp
->max_flush_to
);
800 a2mp_send_getinfo_rsp(hdev
);
803 static void hci_cc_read_local_amp_assoc(struct hci_dev
*hdev
,
806 struct hci_rp_read_local_amp_assoc
*rp
= (void *) skb
->data
;
807 struct amp_assoc
*assoc
= &hdev
->loc_assoc
;
808 size_t rem_len
, frag_len
;
810 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
815 frag_len
= skb
->len
- sizeof(*rp
);
816 rem_len
= __le16_to_cpu(rp
->rem_len
);
818 if (rem_len
> frag_len
) {
819 BT_DBG("frag_len %zu rem_len %zu", frag_len
, rem_len
);
821 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, frag_len
);
822 assoc
->offset
+= frag_len
;
824 /* Read other fragments */
825 amp_read_loc_assoc_frag(hdev
, rp
->phy_handle
);
830 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, rem_len
);
831 assoc
->len
= assoc
->offset
+ rem_len
;
835 /* Send A2MP Rsp when all fragments are received */
836 a2mp_send_getampassoc_rsp(hdev
, rp
->status
);
837 a2mp_send_create_phy_link_req(hdev
, rp
->status
);
840 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
843 struct hci_rp_read_inq_rsp_tx_power
*rp
= (void *) skb
->data
;
845 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
850 hdev
->inq_tx_power
= rp
->tx_power
;
853 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
855 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
856 struct hci_cp_pin_code_reply
*cp
;
857 struct hci_conn
*conn
;
859 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
863 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
864 mgmt_pin_code_reply_complete(hdev
, &rp
->bdaddr
, rp
->status
);
869 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
873 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
875 conn
->pin_length
= cp
->pin_len
;
878 hci_dev_unlock(hdev
);
881 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
883 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
885 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
889 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
890 mgmt_pin_code_neg_reply_complete(hdev
, &rp
->bdaddr
,
893 hci_dev_unlock(hdev
);
896 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
899 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
901 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
906 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
907 hdev
->le_pkts
= rp
->le_max_pkt
;
909 hdev
->le_cnt
= hdev
->le_pkts
;
911 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
914 static void hci_cc_le_read_local_features(struct hci_dev
*hdev
,
917 struct hci_rp_le_read_local_features
*rp
= (void *) skb
->data
;
919 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
924 memcpy(hdev
->le_features
, rp
->features
, 8);
927 static void hci_cc_le_read_adv_tx_power(struct hci_dev
*hdev
,
930 struct hci_rp_le_read_adv_tx_power
*rp
= (void *) skb
->data
;
932 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
937 hdev
->adv_tx_power
= rp
->tx_power
;
940 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
942 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
944 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
948 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
949 mgmt_user_confirm_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
, 0,
952 hci_dev_unlock(hdev
);
955 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
958 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
960 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
964 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
965 mgmt_user_confirm_neg_reply_complete(hdev
, &rp
->bdaddr
,
966 ACL_LINK
, 0, rp
->status
);
968 hci_dev_unlock(hdev
);
971 static void hci_cc_user_passkey_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
973 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
975 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
979 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
980 mgmt_user_passkey_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
,
983 hci_dev_unlock(hdev
);
986 static void hci_cc_user_passkey_neg_reply(struct hci_dev
*hdev
,
989 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
991 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
995 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
996 mgmt_user_passkey_neg_reply_complete(hdev
, &rp
->bdaddr
,
997 ACL_LINK
, 0, rp
->status
);
999 hci_dev_unlock(hdev
);
1002 static void hci_cc_read_local_oob_data(struct hci_dev
*hdev
,
1003 struct sk_buff
*skb
)
1005 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
1007 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1010 mgmt_read_local_oob_data_complete(hdev
, rp
->hash
, rp
->randomizer
,
1011 NULL
, NULL
, rp
->status
);
1012 hci_dev_unlock(hdev
);
1015 static void hci_cc_read_local_oob_ext_data(struct hci_dev
*hdev
,
1016 struct sk_buff
*skb
)
1018 struct hci_rp_read_local_oob_ext_data
*rp
= (void *) skb
->data
;
1020 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1023 mgmt_read_local_oob_data_complete(hdev
, rp
->hash192
, rp
->randomizer192
,
1024 rp
->hash256
, rp
->randomizer256
,
1026 hci_dev_unlock(hdev
);
1030 static void hci_cc_le_set_random_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1032 __u8 status
= *((__u8
*) skb
->data
);
1035 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1040 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_RANDOM_ADDR
);
1046 bacpy(&hdev
->random_addr
, sent
);
1048 hci_dev_unlock(hdev
);
1051 static void hci_cc_le_set_adv_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1053 __u8
*sent
, status
= *((__u8
*) skb
->data
);
1055 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1060 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_ENABLE
);
1066 /* If we're doing connection initation as peripheral. Set a
1067 * timeout in case something goes wrong.
1070 struct hci_conn
*conn
;
1072 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
1074 queue_delayed_work(hdev
->workqueue
,
1075 &conn
->le_conn_timeout
,
1076 HCI_LE_CONN_TIMEOUT
);
1079 mgmt_advertising(hdev
, *sent
);
1081 hci_dev_unlock(hdev
);
1084 static void hci_cc_le_set_scan_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1086 struct hci_cp_le_set_scan_param
*cp
;
1087 __u8 status
= *((__u8
*) skb
->data
);
1089 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1094 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_PARAM
);
1100 hdev
->le_scan_type
= cp
->type
;
1102 hci_dev_unlock(hdev
);
1105 static bool has_pending_adv_report(struct hci_dev
*hdev
)
1107 struct discovery_state
*d
= &hdev
->discovery
;
1109 return bacmp(&d
->last_adv_addr
, BDADDR_ANY
);
1112 static void clear_pending_adv_report(struct hci_dev
*hdev
)
1114 struct discovery_state
*d
= &hdev
->discovery
;
1116 bacpy(&d
->last_adv_addr
, BDADDR_ANY
);
1117 d
->last_adv_data_len
= 0;
1120 static void store_pending_adv_report(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1121 u8 bdaddr_type
, s8 rssi
, u32 flags
,
1124 struct discovery_state
*d
= &hdev
->discovery
;
1126 bacpy(&d
->last_adv_addr
, bdaddr
);
1127 d
->last_adv_addr_type
= bdaddr_type
;
1128 d
->last_adv_rssi
= rssi
;
1129 d
->last_adv_flags
= flags
;
1130 memcpy(d
->last_adv_data
, data
, len
);
1131 d
->last_adv_data_len
= len
;
1134 static void hci_cc_le_set_scan_enable(struct hci_dev
*hdev
,
1135 struct sk_buff
*skb
)
1137 struct hci_cp_le_set_scan_enable
*cp
;
1138 __u8 status
= *((__u8
*) skb
->data
);
1140 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1145 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
);
1149 switch (cp
->enable
) {
1150 case LE_SCAN_ENABLE
:
1151 set_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1152 if (hdev
->le_scan_type
== LE_SCAN_ACTIVE
)
1153 clear_pending_adv_report(hdev
);
1156 case LE_SCAN_DISABLE
:
1157 /* We do this here instead of when setting DISCOVERY_STOPPED
1158 * since the latter would potentially require waiting for
1159 * inquiry to stop too.
1161 if (has_pending_adv_report(hdev
)) {
1162 struct discovery_state
*d
= &hdev
->discovery
;
1164 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
1165 d
->last_adv_addr_type
, NULL
,
1166 d
->last_adv_rssi
, d
->last_adv_flags
,
1168 d
->last_adv_data_len
, NULL
, 0);
1171 /* Cancel this timer so that we don't try to disable scanning
1172 * when it's already disabled.
1174 cancel_delayed_work(&hdev
->le_scan_disable
);
1176 clear_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1177 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1178 * interrupted scanning due to a connect request. Mark
1179 * therefore discovery as stopped.
1181 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED
,
1183 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1187 BT_ERR("Used reserved LE_Scan_Enable param %d", cp
->enable
);
1192 static void hci_cc_le_read_white_list_size(struct hci_dev
*hdev
,
1193 struct sk_buff
*skb
)
1195 struct hci_rp_le_read_white_list_size
*rp
= (void *) skb
->data
;
1197 BT_DBG("%s status 0x%2.2x size %u", hdev
->name
, rp
->status
, rp
->size
);
1202 hdev
->le_white_list_size
= rp
->size
;
1205 static void hci_cc_le_clear_white_list(struct hci_dev
*hdev
,
1206 struct sk_buff
*skb
)
1208 __u8 status
= *((__u8
*) skb
->data
);
1210 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1215 hci_white_list_clear(hdev
);
1218 static void hci_cc_le_add_to_white_list(struct hci_dev
*hdev
,
1219 struct sk_buff
*skb
)
1221 struct hci_cp_le_add_to_white_list
*sent
;
1222 __u8 status
= *((__u8
*) skb
->data
);
1224 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1229 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_ADD_TO_WHITE_LIST
);
1233 hci_white_list_add(hdev
, &sent
->bdaddr
, sent
->bdaddr_type
);
1236 static void hci_cc_le_del_from_white_list(struct hci_dev
*hdev
,
1237 struct sk_buff
*skb
)
1239 struct hci_cp_le_del_from_white_list
*sent
;
1240 __u8 status
= *((__u8
*) skb
->data
);
1242 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1247 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_DEL_FROM_WHITE_LIST
);
1251 hci_white_list_del(hdev
, &sent
->bdaddr
, sent
->bdaddr_type
);
1254 static void hci_cc_le_read_supported_states(struct hci_dev
*hdev
,
1255 struct sk_buff
*skb
)
1257 struct hci_rp_le_read_supported_states
*rp
= (void *) skb
->data
;
1259 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1264 memcpy(hdev
->le_states
, rp
->le_states
, 8);
1267 static void hci_cc_write_le_host_supported(struct hci_dev
*hdev
,
1268 struct sk_buff
*skb
)
1270 struct hci_cp_write_le_host_supported
*sent
;
1271 __u8 status
= *((__u8
*) skb
->data
);
1273 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1278 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
);
1283 hdev
->features
[1][0] |= LMP_HOST_LE
;
1284 set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1286 hdev
->features
[1][0] &= ~LMP_HOST_LE
;
1287 clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1288 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
1292 hdev
->features
[1][0] |= LMP_HOST_LE_BREDR
;
1294 hdev
->features
[1][0] &= ~LMP_HOST_LE_BREDR
;
1297 static void hci_cc_set_adv_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1299 struct hci_cp_le_set_adv_param
*cp
;
1300 u8 status
= *((u8
*) skb
->data
);
1302 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1307 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_PARAM
);
1312 hdev
->adv_addr_type
= cp
->own_address_type
;
1313 hci_dev_unlock(hdev
);
1316 static void hci_cc_write_remote_amp_assoc(struct hci_dev
*hdev
,
1317 struct sk_buff
*skb
)
1319 struct hci_rp_write_remote_amp_assoc
*rp
= (void *) skb
->data
;
1321 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1322 hdev
->name
, rp
->status
, rp
->phy_handle
);
1327 amp_write_rem_assoc_continue(hdev
, rp
->phy_handle
);
1330 static void hci_cc_read_rssi(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1332 struct hci_rp_read_rssi
*rp
= (void *) skb
->data
;
1333 struct hci_conn
*conn
;
1335 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1342 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1344 conn
->rssi
= rp
->rssi
;
1346 hci_dev_unlock(hdev
);
1349 static void hci_cc_read_tx_power(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1351 struct hci_cp_read_tx_power
*sent
;
1352 struct hci_rp_read_tx_power
*rp
= (void *) skb
->data
;
1353 struct hci_conn
*conn
;
1355 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1360 sent
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
1366 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1370 switch (sent
->type
) {
1372 conn
->tx_power
= rp
->tx_power
;
1375 conn
->max_tx_power
= rp
->tx_power
;
1380 hci_dev_unlock(hdev
);
1383 static void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
1385 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1388 hci_conn_check_pending(hdev
);
1392 set_bit(HCI_INQUIRY
, &hdev
->flags
);
1395 static void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
1397 struct hci_cp_create_conn
*cp
;
1398 struct hci_conn
*conn
;
1400 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1402 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
1408 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1410 BT_DBG("%s bdaddr %pMR hcon %p", hdev
->name
, &cp
->bdaddr
, conn
);
1413 if (conn
&& conn
->state
== BT_CONNECT
) {
1414 if (status
!= 0x0c || conn
->attempt
> 2) {
1415 conn
->state
= BT_CLOSED
;
1416 hci_proto_connect_cfm(conn
, status
);
1419 conn
->state
= BT_CONNECT2
;
1423 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
1426 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
1428 BT_ERR("No memory for new connection");
1432 hci_dev_unlock(hdev
);
1435 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
1437 struct hci_cp_add_sco
*cp
;
1438 struct hci_conn
*acl
, *sco
;
1441 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1446 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
1450 handle
= __le16_to_cpu(cp
->handle
);
1452 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1456 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1460 sco
->state
= BT_CLOSED
;
1462 hci_proto_connect_cfm(sco
, status
);
1467 hci_dev_unlock(hdev
);
1470 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
1472 struct hci_cp_auth_requested
*cp
;
1473 struct hci_conn
*conn
;
1475 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1480 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
1486 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1488 if (conn
->state
== BT_CONFIG
) {
1489 hci_proto_connect_cfm(conn
, status
);
1490 hci_conn_drop(conn
);
1494 hci_dev_unlock(hdev
);
1497 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
1499 struct hci_cp_set_conn_encrypt
*cp
;
1500 struct hci_conn
*conn
;
1502 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1507 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
1513 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1515 if (conn
->state
== BT_CONFIG
) {
1516 hci_proto_connect_cfm(conn
, status
);
1517 hci_conn_drop(conn
);
1521 hci_dev_unlock(hdev
);
1524 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
1525 struct hci_conn
*conn
)
1527 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
1530 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
1533 /* Only request authentication for SSP connections or non-SSP
1534 * devices with sec_level MEDIUM or HIGH or if MITM protection
1537 if (!hci_conn_ssp_enabled(conn
) && !(conn
->auth_type
& 0x01) &&
1538 conn
->pending_sec_level
!= BT_SECURITY_FIPS
&&
1539 conn
->pending_sec_level
!= BT_SECURITY_HIGH
&&
1540 conn
->pending_sec_level
!= BT_SECURITY_MEDIUM
)
1546 static int hci_resolve_name(struct hci_dev
*hdev
,
1547 struct inquiry_entry
*e
)
1549 struct hci_cp_remote_name_req cp
;
1551 memset(&cp
, 0, sizeof(cp
));
1553 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1554 cp
.pscan_rep_mode
= e
->data
.pscan_rep_mode
;
1555 cp
.pscan_mode
= e
->data
.pscan_mode
;
1556 cp
.clock_offset
= e
->data
.clock_offset
;
1558 return hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1561 static bool hci_resolve_next_name(struct hci_dev
*hdev
)
1563 struct discovery_state
*discov
= &hdev
->discovery
;
1564 struct inquiry_entry
*e
;
1566 if (list_empty(&discov
->resolve
))
1569 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1573 if (hci_resolve_name(hdev
, e
) == 0) {
1574 e
->name_state
= NAME_PENDING
;
1581 static void hci_check_pending_name(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1582 bdaddr_t
*bdaddr
, u8
*name
, u8 name_len
)
1584 struct discovery_state
*discov
= &hdev
->discovery
;
1585 struct inquiry_entry
*e
;
1587 if (conn
&& !test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
1588 mgmt_device_connected(hdev
, bdaddr
, ACL_LINK
, 0x00, 0, name
,
1589 name_len
, conn
->dev_class
);
1591 if (discov
->state
== DISCOVERY_STOPPED
)
1594 if (discov
->state
== DISCOVERY_STOPPING
)
1595 goto discov_complete
;
1597 if (discov
->state
!= DISCOVERY_RESOLVING
)
1600 e
= hci_inquiry_cache_lookup_resolve(hdev
, bdaddr
, NAME_PENDING
);
1601 /* If the device was not found in a list of found devices names of which
1602 * are pending. there is no need to continue resolving a next name as it
1603 * will be done upon receiving another Remote Name Request Complete
1610 e
->name_state
= NAME_KNOWN
;
1611 mgmt_remote_name(hdev
, bdaddr
, ACL_LINK
, 0x00,
1612 e
->data
.rssi
, name
, name_len
);
1614 e
->name_state
= NAME_NOT_KNOWN
;
1617 if (hci_resolve_next_name(hdev
))
1621 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1624 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1626 struct hci_cp_remote_name_req
*cp
;
1627 struct hci_conn
*conn
;
1629 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1631 /* If successful wait for the name req complete event before
1632 * checking for the need to do authentication */
1636 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1642 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1644 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1645 hci_check_pending_name(hdev
, conn
, &cp
->bdaddr
, NULL
, 0);
1650 if (!hci_outgoing_auth_needed(hdev
, conn
))
1653 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
1654 struct hci_cp_auth_requested auth_cp
;
1656 auth_cp
.handle
= __cpu_to_le16(conn
->handle
);
1657 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
,
1658 sizeof(auth_cp
), &auth_cp
);
1662 hci_dev_unlock(hdev
);
1665 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1667 struct hci_cp_read_remote_features
*cp
;
1668 struct hci_conn
*conn
;
1670 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1675 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1681 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1683 if (conn
->state
== BT_CONFIG
) {
1684 hci_proto_connect_cfm(conn
, status
);
1685 hci_conn_drop(conn
);
1689 hci_dev_unlock(hdev
);
1692 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1694 struct hci_cp_read_remote_ext_features
*cp
;
1695 struct hci_conn
*conn
;
1697 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1702 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1708 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1710 if (conn
->state
== BT_CONFIG
) {
1711 hci_proto_connect_cfm(conn
, status
);
1712 hci_conn_drop(conn
);
1716 hci_dev_unlock(hdev
);
1719 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1721 struct hci_cp_setup_sync_conn
*cp
;
1722 struct hci_conn
*acl
, *sco
;
1725 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1730 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1734 handle
= __le16_to_cpu(cp
->handle
);
1736 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1740 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1744 sco
->state
= BT_CLOSED
;
1746 hci_proto_connect_cfm(sco
, status
);
1751 hci_dev_unlock(hdev
);
1754 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1756 struct hci_cp_sniff_mode
*cp
;
1757 struct hci_conn
*conn
;
1759 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1764 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1770 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1772 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1774 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1775 hci_sco_setup(conn
, status
);
1778 hci_dev_unlock(hdev
);
1781 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1783 struct hci_cp_exit_sniff_mode
*cp
;
1784 struct hci_conn
*conn
;
1786 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1791 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1797 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1799 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1801 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1802 hci_sco_setup(conn
, status
);
1805 hci_dev_unlock(hdev
);
1808 static void hci_cs_disconnect(struct hci_dev
*hdev
, u8 status
)
1810 struct hci_cp_disconnect
*cp
;
1811 struct hci_conn
*conn
;
1816 cp
= hci_sent_cmd_data(hdev
, HCI_OP_DISCONNECT
);
1822 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1824 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
1825 conn
->dst_type
, status
);
1827 hci_dev_unlock(hdev
);
1830 static void hci_cs_create_phylink(struct hci_dev
*hdev
, u8 status
)
1832 struct hci_cp_create_phy_link
*cp
;
1834 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1836 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_PHY_LINK
);
1843 struct hci_conn
*hcon
;
1845 hcon
= hci_conn_hash_lookup_handle(hdev
, cp
->phy_handle
);
1849 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1852 hci_dev_unlock(hdev
);
1855 static void hci_cs_accept_phylink(struct hci_dev
*hdev
, u8 status
)
1857 struct hci_cp_accept_phy_link
*cp
;
1859 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1864 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ACCEPT_PHY_LINK
);
1868 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1871 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, u8 status
)
1873 struct hci_cp_le_create_conn
*cp
;
1874 struct hci_conn
*conn
;
1876 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1878 /* All connection failure handling is taken care of by the
1879 * hci_le_conn_failed function which is triggered by the HCI
1880 * request completion callbacks used for connecting.
1885 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1891 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1895 /* Store the initiator and responder address information which
1896 * is needed for SMP. These values will not change during the
1897 * lifetime of the connection.
1899 conn
->init_addr_type
= cp
->own_address_type
;
1900 if (cp
->own_address_type
== ADDR_LE_DEV_RANDOM
)
1901 bacpy(&conn
->init_addr
, &hdev
->random_addr
);
1903 bacpy(&conn
->init_addr
, &hdev
->bdaddr
);
1905 conn
->resp_addr_type
= cp
->peer_addr_type
;
1906 bacpy(&conn
->resp_addr
, &cp
->peer_addr
);
1908 /* We don't want the connection attempt to stick around
1909 * indefinitely since LE doesn't have a page timeout concept
1910 * like BR/EDR. Set a timer for any connection that doesn't use
1911 * the white list for connecting.
1913 if (cp
->filter_policy
== HCI_LE_USE_PEER_ADDR
)
1914 queue_delayed_work(conn
->hdev
->workqueue
,
1915 &conn
->le_conn_timeout
,
1916 HCI_LE_CONN_TIMEOUT
);
1919 hci_dev_unlock(hdev
);
1922 static void hci_cs_le_start_enc(struct hci_dev
*hdev
, u8 status
)
1924 struct hci_cp_le_start_enc
*cp
;
1925 struct hci_conn
*conn
;
1927 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1934 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_START_ENC
);
1938 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1942 if (conn
->state
!= BT_CONNECTED
)
1945 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
1946 hci_conn_drop(conn
);
1949 hci_dev_unlock(hdev
);
1952 static void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1954 __u8 status
= *((__u8
*) skb
->data
);
1955 struct discovery_state
*discov
= &hdev
->discovery
;
1956 struct inquiry_entry
*e
;
1958 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1960 hci_conn_check_pending(hdev
);
1962 if (!test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
1965 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1966 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
1968 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1973 if (discov
->state
!= DISCOVERY_FINDING
)
1976 if (list_empty(&discov
->resolve
)) {
1977 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1981 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1982 if (e
&& hci_resolve_name(hdev
, e
) == 0) {
1983 e
->name_state
= NAME_PENDING
;
1984 hci_discovery_set_state(hdev
, DISCOVERY_RESOLVING
);
1986 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1990 hci_dev_unlock(hdev
);
1993 static void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1995 struct inquiry_data data
;
1996 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1997 int num_rsp
= *((__u8
*) skb
->data
);
1999 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2004 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
2009 for (; num_rsp
; num_rsp
--, info
++) {
2012 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2013 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2014 data
.pscan_period_mode
= info
->pscan_period_mode
;
2015 data
.pscan_mode
= info
->pscan_mode
;
2016 memcpy(data
.dev_class
, info
->dev_class
, 3);
2017 data
.clock_offset
= info
->clock_offset
;
2019 data
.ssp_mode
= 0x00;
2021 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
2023 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2024 info
->dev_class
, 0, flags
, NULL
, 0, NULL
, 0);
2027 hci_dev_unlock(hdev
);
2030 static void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2032 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
2033 struct hci_conn
*conn
;
2035 BT_DBG("%s", hdev
->name
);
2039 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2041 if (ev
->link_type
!= SCO_LINK
)
2044 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2048 conn
->type
= SCO_LINK
;
2052 conn
->handle
= __le16_to_cpu(ev
->handle
);
2054 if (conn
->type
== ACL_LINK
) {
2055 conn
->state
= BT_CONFIG
;
2056 hci_conn_hold(conn
);
2058 if (!conn
->out
&& !hci_conn_ssp_enabled(conn
) &&
2059 !hci_find_link_key(hdev
, &ev
->bdaddr
))
2060 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2062 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2064 conn
->state
= BT_CONNECTED
;
2066 hci_conn_add_sysfs(conn
);
2068 if (test_bit(HCI_AUTH
, &hdev
->flags
))
2069 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2071 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
2072 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2074 /* Get remote features */
2075 if (conn
->type
== ACL_LINK
) {
2076 struct hci_cp_read_remote_features cp
;
2077 cp
.handle
= ev
->handle
;
2078 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
2082 /* Set packet type for incoming connection */
2083 if (!conn
->out
&& hdev
->hci_ver
< BLUETOOTH_VER_2_0
) {
2084 struct hci_cp_change_conn_ptype cp
;
2085 cp
.handle
= ev
->handle
;
2086 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2087 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
, sizeof(cp
),
2091 conn
->state
= BT_CLOSED
;
2092 if (conn
->type
== ACL_LINK
)
2093 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
,
2094 conn
->dst_type
, ev
->status
);
2097 if (conn
->type
== ACL_LINK
)
2098 hci_sco_setup(conn
, ev
->status
);
2101 hci_proto_connect_cfm(conn
, ev
->status
);
2103 } else if (ev
->link_type
!= ACL_LINK
)
2104 hci_proto_connect_cfm(conn
, ev
->status
);
2107 hci_dev_unlock(hdev
);
2109 hci_conn_check_pending(hdev
);
2112 static void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2114 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
2115 int mask
= hdev
->link_mode
;
2118 BT_DBG("%s bdaddr %pMR type 0x%x", hdev
->name
, &ev
->bdaddr
,
2121 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
,
2124 if ((mask
& HCI_LM_ACCEPT
) &&
2125 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
, BDADDR_BREDR
)) {
2126 /* Connection accepted */
2127 struct inquiry_entry
*ie
;
2128 struct hci_conn
*conn
;
2132 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2134 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
2136 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
,
2139 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
2141 BT_ERR("No memory for new connection");
2142 hci_dev_unlock(hdev
);
2147 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
2149 hci_dev_unlock(hdev
);
2151 if (ev
->link_type
== ACL_LINK
||
2152 (!(flags
& HCI_PROTO_DEFER
) && !lmp_esco_capable(hdev
))) {
2153 struct hci_cp_accept_conn_req cp
;
2154 conn
->state
= BT_CONNECT
;
2156 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2158 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
2159 cp
.role
= 0x00; /* Become master */
2161 cp
.role
= 0x01; /* Remain slave */
2163 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
, sizeof(cp
),
2165 } else if (!(flags
& HCI_PROTO_DEFER
)) {
2166 struct hci_cp_accept_sync_conn_req cp
;
2167 conn
->state
= BT_CONNECT
;
2169 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2170 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2172 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
2173 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
2174 cp
.max_latency
= cpu_to_le16(0xffff);
2175 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
2176 cp
.retrans_effort
= 0xff;
2178 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
2181 conn
->state
= BT_CONNECT2
;
2182 hci_proto_connect_cfm(conn
, 0);
2185 /* Connection rejected */
2186 struct hci_cp_reject_conn_req cp
;
2188 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2189 cp
.reason
= HCI_ERROR_REJ_BAD_ADDR
;
2190 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
2194 static u8
hci_to_mgmt_reason(u8 err
)
2197 case HCI_ERROR_CONNECTION_TIMEOUT
:
2198 return MGMT_DEV_DISCONN_TIMEOUT
;
2199 case HCI_ERROR_REMOTE_USER_TERM
:
2200 case HCI_ERROR_REMOTE_LOW_RESOURCES
:
2201 case HCI_ERROR_REMOTE_POWER_OFF
:
2202 return MGMT_DEV_DISCONN_REMOTE
;
2203 case HCI_ERROR_LOCAL_HOST_TERM
:
2204 return MGMT_DEV_DISCONN_LOCAL_HOST
;
2206 return MGMT_DEV_DISCONN_UNKNOWN
;
2210 static void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2212 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
2213 u8 reason
= hci_to_mgmt_reason(ev
->reason
);
2214 struct hci_conn_params
*params
;
2215 struct hci_conn
*conn
;
2216 bool mgmt_connected
;
2219 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2223 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2228 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
2229 conn
->dst_type
, ev
->status
);
2233 conn
->state
= BT_CLOSED
;
2235 mgmt_connected
= test_and_clear_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
);
2236 mgmt_device_disconnected(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
2237 reason
, mgmt_connected
);
2239 if (conn
->type
== ACL_LINK
&&
2240 test_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
))
2241 hci_remove_link_key(hdev
, &conn
->dst
);
2243 params
= hci_conn_params_lookup(hdev
, &conn
->dst
, conn
->dst_type
);
2245 switch (params
->auto_connect
) {
2246 case HCI_AUTO_CONN_LINK_LOSS
:
2247 if (ev
->reason
!= HCI_ERROR_CONNECTION_TIMEOUT
)
2251 case HCI_AUTO_CONN_ALWAYS
:
2252 list_del_init(¶ms
->action
);
2253 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
2254 hci_update_background_scan(hdev
);
2264 hci_proto_disconn_cfm(conn
, ev
->reason
);
2267 /* Re-enable advertising if necessary, since it might
2268 * have been disabled by the connection. From the
2269 * HCI_LE_Set_Advertise_Enable command description in
2270 * the core specification (v4.0):
2271 * "The Controller shall continue advertising until the Host
2272 * issues an LE_Set_Advertise_Enable command with
2273 * Advertising_Enable set to 0x00 (Advertising is disabled)
2274 * or until a connection is created or until the Advertising
2275 * is timed out due to Directed Advertising."
2277 if (type
== LE_LINK
)
2278 mgmt_reenable_advertising(hdev
);
2281 hci_dev_unlock(hdev
);
2284 static void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2286 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
2287 struct hci_conn
*conn
;
2289 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2293 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2298 if (!hci_conn_ssp_enabled(conn
) &&
2299 test_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
)) {
2300 BT_INFO("re-auth of legacy device is not possible.");
2302 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2303 conn
->sec_level
= conn
->pending_sec_level
;
2306 mgmt_auth_failed(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
2310 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2311 clear_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
2313 if (conn
->state
== BT_CONFIG
) {
2314 if (!ev
->status
&& hci_conn_ssp_enabled(conn
)) {
2315 struct hci_cp_set_conn_encrypt cp
;
2316 cp
.handle
= ev
->handle
;
2318 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2321 conn
->state
= BT_CONNECTED
;
2322 hci_proto_connect_cfm(conn
, ev
->status
);
2323 hci_conn_drop(conn
);
2326 hci_auth_cfm(conn
, ev
->status
);
2328 hci_conn_hold(conn
);
2329 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2330 hci_conn_drop(conn
);
2333 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
2335 struct hci_cp_set_conn_encrypt cp
;
2336 cp
.handle
= ev
->handle
;
2338 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2341 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2342 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
2347 hci_dev_unlock(hdev
);
2350 static void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2352 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
2353 struct hci_conn
*conn
;
2355 BT_DBG("%s", hdev
->name
);
2357 hci_conn_check_pending(hdev
);
2361 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2363 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2366 if (ev
->status
== 0)
2367 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, ev
->name
,
2368 strnlen(ev
->name
, HCI_MAX_NAME_LENGTH
));
2370 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, NULL
, 0);
2376 if (!hci_outgoing_auth_needed(hdev
, conn
))
2379 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
2380 struct hci_cp_auth_requested cp
;
2381 cp
.handle
= __cpu_to_le16(conn
->handle
);
2382 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
2386 hci_dev_unlock(hdev
);
2389 static void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2391 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
2392 struct hci_conn
*conn
;
2394 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2398 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2404 /* Encryption implies authentication */
2405 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2406 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2407 conn
->sec_level
= conn
->pending_sec_level
;
2409 /* P-256 authentication key implies FIPS */
2410 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION_P256
)
2411 set_bit(HCI_CONN_FIPS
, &conn
->flags
);
2413 if ((conn
->type
== ACL_LINK
&& ev
->encrypt
== 0x02) ||
2414 conn
->type
== LE_LINK
)
2415 set_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2417 clear_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2418 clear_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2422 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2424 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
2425 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
2426 hci_conn_drop(conn
);
2430 if (conn
->state
== BT_CONFIG
) {
2432 conn
->state
= BT_CONNECTED
;
2434 /* In Secure Connections Only mode, do not allow any
2435 * connections that are not encrypted with AES-CCM
2436 * using a P-256 authenticated combination key.
2438 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) &&
2439 (!test_bit(HCI_CONN_AES_CCM
, &conn
->flags
) ||
2440 conn
->key_type
!= HCI_LK_AUTH_COMBINATION_P256
)) {
2441 hci_proto_connect_cfm(conn
, HCI_ERROR_AUTH_FAILURE
);
2442 hci_conn_drop(conn
);
2446 hci_proto_connect_cfm(conn
, ev
->status
);
2447 hci_conn_drop(conn
);
2449 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
2452 hci_dev_unlock(hdev
);
2455 static void hci_change_link_key_complete_evt(struct hci_dev
*hdev
,
2456 struct sk_buff
*skb
)
2458 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
2459 struct hci_conn
*conn
;
2461 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2465 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2468 set_bit(HCI_CONN_SECURE
, &conn
->flags
);
2470 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2472 hci_key_change_cfm(conn
, ev
->status
);
2475 hci_dev_unlock(hdev
);
2478 static void hci_remote_features_evt(struct hci_dev
*hdev
,
2479 struct sk_buff
*skb
)
2481 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
2482 struct hci_conn
*conn
;
2484 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2488 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2493 memcpy(conn
->features
[0], ev
->features
, 8);
2495 if (conn
->state
!= BT_CONFIG
)
2498 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
2499 struct hci_cp_read_remote_ext_features cp
;
2500 cp
.handle
= ev
->handle
;
2502 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
2507 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
2508 struct hci_cp_remote_name_req cp
;
2509 memset(&cp
, 0, sizeof(cp
));
2510 bacpy(&cp
.bdaddr
, &conn
->dst
);
2511 cp
.pscan_rep_mode
= 0x02;
2512 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2513 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
2514 mgmt_device_connected(hdev
, &conn
->dst
, conn
->type
,
2515 conn
->dst_type
, 0, NULL
, 0,
2518 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2519 conn
->state
= BT_CONNECTED
;
2520 hci_proto_connect_cfm(conn
, ev
->status
);
2521 hci_conn_drop(conn
);
2525 hci_dev_unlock(hdev
);
2528 static void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2530 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
2531 u8 status
= skb
->data
[sizeof(*ev
)];
2534 skb_pull(skb
, sizeof(*ev
));
2536 opcode
= __le16_to_cpu(ev
->opcode
);
2539 case HCI_OP_INQUIRY_CANCEL
:
2540 hci_cc_inquiry_cancel(hdev
, skb
);
2543 case HCI_OP_PERIODIC_INQ
:
2544 hci_cc_periodic_inq(hdev
, skb
);
2547 case HCI_OP_EXIT_PERIODIC_INQ
:
2548 hci_cc_exit_periodic_inq(hdev
, skb
);
2551 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
2552 hci_cc_remote_name_req_cancel(hdev
, skb
);
2555 case HCI_OP_ROLE_DISCOVERY
:
2556 hci_cc_role_discovery(hdev
, skb
);
2559 case HCI_OP_READ_LINK_POLICY
:
2560 hci_cc_read_link_policy(hdev
, skb
);
2563 case HCI_OP_WRITE_LINK_POLICY
:
2564 hci_cc_write_link_policy(hdev
, skb
);
2567 case HCI_OP_READ_DEF_LINK_POLICY
:
2568 hci_cc_read_def_link_policy(hdev
, skb
);
2571 case HCI_OP_WRITE_DEF_LINK_POLICY
:
2572 hci_cc_write_def_link_policy(hdev
, skb
);
2576 hci_cc_reset(hdev
, skb
);
2579 case HCI_OP_WRITE_LOCAL_NAME
:
2580 hci_cc_write_local_name(hdev
, skb
);
2583 case HCI_OP_READ_LOCAL_NAME
:
2584 hci_cc_read_local_name(hdev
, skb
);
2587 case HCI_OP_WRITE_AUTH_ENABLE
:
2588 hci_cc_write_auth_enable(hdev
, skb
);
2591 case HCI_OP_WRITE_ENCRYPT_MODE
:
2592 hci_cc_write_encrypt_mode(hdev
, skb
);
2595 case HCI_OP_WRITE_SCAN_ENABLE
:
2596 hci_cc_write_scan_enable(hdev
, skb
);
2599 case HCI_OP_READ_CLASS_OF_DEV
:
2600 hci_cc_read_class_of_dev(hdev
, skb
);
2603 case HCI_OP_WRITE_CLASS_OF_DEV
:
2604 hci_cc_write_class_of_dev(hdev
, skb
);
2607 case HCI_OP_READ_VOICE_SETTING
:
2608 hci_cc_read_voice_setting(hdev
, skb
);
2611 case HCI_OP_WRITE_VOICE_SETTING
:
2612 hci_cc_write_voice_setting(hdev
, skb
);
2615 case HCI_OP_READ_NUM_SUPPORTED_IAC
:
2616 hci_cc_read_num_supported_iac(hdev
, skb
);
2619 case HCI_OP_WRITE_SSP_MODE
:
2620 hci_cc_write_ssp_mode(hdev
, skb
);
2623 case HCI_OP_WRITE_SC_SUPPORT
:
2624 hci_cc_write_sc_support(hdev
, skb
);
2627 case HCI_OP_READ_LOCAL_VERSION
:
2628 hci_cc_read_local_version(hdev
, skb
);
2631 case HCI_OP_READ_LOCAL_COMMANDS
:
2632 hci_cc_read_local_commands(hdev
, skb
);
2635 case HCI_OP_READ_LOCAL_FEATURES
:
2636 hci_cc_read_local_features(hdev
, skb
);
2639 case HCI_OP_READ_LOCAL_EXT_FEATURES
:
2640 hci_cc_read_local_ext_features(hdev
, skb
);
2643 case HCI_OP_READ_BUFFER_SIZE
:
2644 hci_cc_read_buffer_size(hdev
, skb
);
2647 case HCI_OP_READ_BD_ADDR
:
2648 hci_cc_read_bd_addr(hdev
, skb
);
2651 case HCI_OP_READ_PAGE_SCAN_ACTIVITY
:
2652 hci_cc_read_page_scan_activity(hdev
, skb
);
2655 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
:
2656 hci_cc_write_page_scan_activity(hdev
, skb
);
2659 case HCI_OP_READ_PAGE_SCAN_TYPE
:
2660 hci_cc_read_page_scan_type(hdev
, skb
);
2663 case HCI_OP_WRITE_PAGE_SCAN_TYPE
:
2664 hci_cc_write_page_scan_type(hdev
, skb
);
2667 case HCI_OP_READ_DATA_BLOCK_SIZE
:
2668 hci_cc_read_data_block_size(hdev
, skb
);
2671 case HCI_OP_READ_FLOW_CONTROL_MODE
:
2672 hci_cc_read_flow_control_mode(hdev
, skb
);
2675 case HCI_OP_READ_LOCAL_AMP_INFO
:
2676 hci_cc_read_local_amp_info(hdev
, skb
);
2679 case HCI_OP_READ_CLOCK
:
2680 hci_cc_read_clock(hdev
, skb
);
2683 case HCI_OP_READ_LOCAL_AMP_ASSOC
:
2684 hci_cc_read_local_amp_assoc(hdev
, skb
);
2687 case HCI_OP_READ_INQ_RSP_TX_POWER
:
2688 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
2691 case HCI_OP_PIN_CODE_REPLY
:
2692 hci_cc_pin_code_reply(hdev
, skb
);
2695 case HCI_OP_PIN_CODE_NEG_REPLY
:
2696 hci_cc_pin_code_neg_reply(hdev
, skb
);
2699 case HCI_OP_READ_LOCAL_OOB_DATA
:
2700 hci_cc_read_local_oob_data(hdev
, skb
);
2703 case HCI_OP_READ_LOCAL_OOB_EXT_DATA
:
2704 hci_cc_read_local_oob_ext_data(hdev
, skb
);
2707 case HCI_OP_LE_READ_BUFFER_SIZE
:
2708 hci_cc_le_read_buffer_size(hdev
, skb
);
2711 case HCI_OP_LE_READ_LOCAL_FEATURES
:
2712 hci_cc_le_read_local_features(hdev
, skb
);
2715 case HCI_OP_LE_READ_ADV_TX_POWER
:
2716 hci_cc_le_read_adv_tx_power(hdev
, skb
);
2719 case HCI_OP_USER_CONFIRM_REPLY
:
2720 hci_cc_user_confirm_reply(hdev
, skb
);
2723 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
2724 hci_cc_user_confirm_neg_reply(hdev
, skb
);
2727 case HCI_OP_USER_PASSKEY_REPLY
:
2728 hci_cc_user_passkey_reply(hdev
, skb
);
2731 case HCI_OP_USER_PASSKEY_NEG_REPLY
:
2732 hci_cc_user_passkey_neg_reply(hdev
, skb
);
2735 case HCI_OP_LE_SET_RANDOM_ADDR
:
2736 hci_cc_le_set_random_addr(hdev
, skb
);
2739 case HCI_OP_LE_SET_ADV_ENABLE
:
2740 hci_cc_le_set_adv_enable(hdev
, skb
);
2743 case HCI_OP_LE_SET_SCAN_PARAM
:
2744 hci_cc_le_set_scan_param(hdev
, skb
);
2747 case HCI_OP_LE_SET_SCAN_ENABLE
:
2748 hci_cc_le_set_scan_enable(hdev
, skb
);
2751 case HCI_OP_LE_READ_WHITE_LIST_SIZE
:
2752 hci_cc_le_read_white_list_size(hdev
, skb
);
2755 case HCI_OP_LE_CLEAR_WHITE_LIST
:
2756 hci_cc_le_clear_white_list(hdev
, skb
);
2759 case HCI_OP_LE_ADD_TO_WHITE_LIST
:
2760 hci_cc_le_add_to_white_list(hdev
, skb
);
2763 case HCI_OP_LE_DEL_FROM_WHITE_LIST
:
2764 hci_cc_le_del_from_white_list(hdev
, skb
);
2767 case HCI_OP_LE_READ_SUPPORTED_STATES
:
2768 hci_cc_le_read_supported_states(hdev
, skb
);
2771 case HCI_OP_WRITE_LE_HOST_SUPPORTED
:
2772 hci_cc_write_le_host_supported(hdev
, skb
);
2775 case HCI_OP_LE_SET_ADV_PARAM
:
2776 hci_cc_set_adv_param(hdev
, skb
);
2779 case HCI_OP_WRITE_REMOTE_AMP_ASSOC
:
2780 hci_cc_write_remote_amp_assoc(hdev
, skb
);
2783 case HCI_OP_READ_RSSI
:
2784 hci_cc_read_rssi(hdev
, skb
);
2787 case HCI_OP_READ_TX_POWER
:
2788 hci_cc_read_tx_power(hdev
, skb
);
2792 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2796 if (opcode
!= HCI_OP_NOP
)
2797 cancel_delayed_work(&hdev
->cmd_timer
);
2799 hci_req_cmd_complete(hdev
, opcode
, status
);
2801 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2802 atomic_set(&hdev
->cmd_cnt
, 1);
2803 if (!skb_queue_empty(&hdev
->cmd_q
))
2804 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2808 static void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2810 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
2813 skb_pull(skb
, sizeof(*ev
));
2815 opcode
= __le16_to_cpu(ev
->opcode
);
2818 case HCI_OP_INQUIRY
:
2819 hci_cs_inquiry(hdev
, ev
->status
);
2822 case HCI_OP_CREATE_CONN
:
2823 hci_cs_create_conn(hdev
, ev
->status
);
2826 case HCI_OP_ADD_SCO
:
2827 hci_cs_add_sco(hdev
, ev
->status
);
2830 case HCI_OP_AUTH_REQUESTED
:
2831 hci_cs_auth_requested(hdev
, ev
->status
);
2834 case HCI_OP_SET_CONN_ENCRYPT
:
2835 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
2838 case HCI_OP_REMOTE_NAME_REQ
:
2839 hci_cs_remote_name_req(hdev
, ev
->status
);
2842 case HCI_OP_READ_REMOTE_FEATURES
:
2843 hci_cs_read_remote_features(hdev
, ev
->status
);
2846 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
2847 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
2850 case HCI_OP_SETUP_SYNC_CONN
:
2851 hci_cs_setup_sync_conn(hdev
, ev
->status
);
2854 case HCI_OP_SNIFF_MODE
:
2855 hci_cs_sniff_mode(hdev
, ev
->status
);
2858 case HCI_OP_EXIT_SNIFF_MODE
:
2859 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
2862 case HCI_OP_DISCONNECT
:
2863 hci_cs_disconnect(hdev
, ev
->status
);
2866 case HCI_OP_CREATE_PHY_LINK
:
2867 hci_cs_create_phylink(hdev
, ev
->status
);
2870 case HCI_OP_ACCEPT_PHY_LINK
:
2871 hci_cs_accept_phylink(hdev
, ev
->status
);
2874 case HCI_OP_LE_CREATE_CONN
:
2875 hci_cs_le_create_conn(hdev
, ev
->status
);
2878 case HCI_OP_LE_START_ENC
:
2879 hci_cs_le_start_enc(hdev
, ev
->status
);
2883 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2887 if (opcode
!= HCI_OP_NOP
)
2888 cancel_delayed_work(&hdev
->cmd_timer
);
2891 (hdev
->sent_cmd
&& !bt_cb(hdev
->sent_cmd
)->req
.event
))
2892 hci_req_cmd_complete(hdev
, opcode
, ev
->status
);
2894 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2895 atomic_set(&hdev
->cmd_cnt
, 1);
2896 if (!skb_queue_empty(&hdev
->cmd_q
))
2897 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2901 static void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2903 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
2904 struct hci_conn
*conn
;
2906 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2910 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2914 clear_bit(HCI_CONN_MASTER
, &conn
->flags
);
2916 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
2919 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
2921 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
2924 hci_dev_unlock(hdev
);
2927 static void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2929 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
2932 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_PACKET_BASED
) {
2933 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
2937 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
2938 ev
->num_hndl
* sizeof(struct hci_comp_pkts_info
)) {
2939 BT_DBG("%s bad parameters", hdev
->name
);
2943 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
2945 for (i
= 0; i
< ev
->num_hndl
; i
++) {
2946 struct hci_comp_pkts_info
*info
= &ev
->handles
[i
];
2947 struct hci_conn
*conn
;
2948 __u16 handle
, count
;
2950 handle
= __le16_to_cpu(info
->handle
);
2951 count
= __le16_to_cpu(info
->count
);
2953 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2957 conn
->sent
-= count
;
2959 switch (conn
->type
) {
2961 hdev
->acl_cnt
+= count
;
2962 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2963 hdev
->acl_cnt
= hdev
->acl_pkts
;
2967 if (hdev
->le_pkts
) {
2968 hdev
->le_cnt
+= count
;
2969 if (hdev
->le_cnt
> hdev
->le_pkts
)
2970 hdev
->le_cnt
= hdev
->le_pkts
;
2972 hdev
->acl_cnt
+= count
;
2973 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2974 hdev
->acl_cnt
= hdev
->acl_pkts
;
2979 hdev
->sco_cnt
+= count
;
2980 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
2981 hdev
->sco_cnt
= hdev
->sco_pkts
;
2985 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
2990 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2993 static struct hci_conn
*__hci_conn_lookup_handle(struct hci_dev
*hdev
,
2996 struct hci_chan
*chan
;
2998 switch (hdev
->dev_type
) {
3000 return hci_conn_hash_lookup_handle(hdev
, handle
);
3002 chan
= hci_chan_lookup_handle(hdev
, handle
);
3007 BT_ERR("%s unknown dev_type %d", hdev
->name
, hdev
->dev_type
);
3014 static void hci_num_comp_blocks_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3016 struct hci_ev_num_comp_blocks
*ev
= (void *) skb
->data
;
3019 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_BLOCK_BASED
) {
3020 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
3024 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
3025 ev
->num_hndl
* sizeof(struct hci_comp_blocks_info
)) {
3026 BT_DBG("%s bad parameters", hdev
->name
);
3030 BT_DBG("%s num_blocks %d num_hndl %d", hdev
->name
, ev
->num_blocks
,
3033 for (i
= 0; i
< ev
->num_hndl
; i
++) {
3034 struct hci_comp_blocks_info
*info
= &ev
->handles
[i
];
3035 struct hci_conn
*conn
= NULL
;
3036 __u16 handle
, block_count
;
3038 handle
= __le16_to_cpu(info
->handle
);
3039 block_count
= __le16_to_cpu(info
->blocks
);
3041 conn
= __hci_conn_lookup_handle(hdev
, handle
);
3045 conn
->sent
-= block_count
;
3047 switch (conn
->type
) {
3050 hdev
->block_cnt
+= block_count
;
3051 if (hdev
->block_cnt
> hdev
->num_blocks
)
3052 hdev
->block_cnt
= hdev
->num_blocks
;
3056 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
3061 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
3064 static void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3066 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
3067 struct hci_conn
*conn
;
3069 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3073 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3075 conn
->mode
= ev
->mode
;
3077 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
,
3079 if (conn
->mode
== HCI_CM_ACTIVE
)
3080 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3082 clear_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3085 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
3086 hci_sco_setup(conn
, ev
->status
);
3089 hci_dev_unlock(hdev
);
3092 static void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3094 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
3095 struct hci_conn
*conn
;
3097 BT_DBG("%s", hdev
->name
);
3101 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3105 if (conn
->state
== BT_CONNECTED
) {
3106 hci_conn_hold(conn
);
3107 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
3108 hci_conn_drop(conn
);
3111 if (!test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
3112 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
3113 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3114 else if (test_bit(HCI_MGMT
, &hdev
->dev_flags
)) {
3117 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
3122 mgmt_pin_code_request(hdev
, &ev
->bdaddr
, secure
);
3126 hci_dev_unlock(hdev
);
3129 static void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3131 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
3132 struct hci_cp_link_key_reply cp
;
3133 struct hci_conn
*conn
;
3134 struct link_key
*key
;
3136 BT_DBG("%s", hdev
->name
);
3138 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3143 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
3145 BT_DBG("%s link key not found for %pMR", hdev
->name
,
3150 BT_DBG("%s found key type %u for %pMR", hdev
->name
, key
->type
,
3153 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3155 if ((key
->type
== HCI_LK_UNAUTH_COMBINATION_P192
||
3156 key
->type
== HCI_LK_UNAUTH_COMBINATION_P256
) &&
3157 conn
->auth_type
!= 0xff && (conn
->auth_type
& 0x01)) {
3158 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
3162 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
3163 (conn
->pending_sec_level
== BT_SECURITY_HIGH
||
3164 conn
->pending_sec_level
== BT_SECURITY_FIPS
)) {
3165 BT_DBG("%s ignoring key unauthenticated for high security",
3170 conn
->key_type
= key
->type
;
3171 conn
->pin_length
= key
->pin_len
;
3174 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3175 memcpy(cp
.link_key
, key
->val
, HCI_LINK_KEY_SIZE
);
3177 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
3179 hci_dev_unlock(hdev
);
3184 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
3185 hci_dev_unlock(hdev
);
3188 static void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3190 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
3191 struct hci_conn
*conn
;
3192 struct link_key
*key
;
3196 BT_DBG("%s", hdev
->name
);
3200 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3202 hci_conn_hold(conn
);
3203 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3204 pin_len
= conn
->pin_length
;
3206 if (ev
->key_type
!= HCI_LK_CHANGED_COMBINATION
)
3207 conn
->key_type
= ev
->key_type
;
3209 hci_conn_drop(conn
);
3212 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3215 key
= hci_add_link_key(hdev
, conn
, &ev
->bdaddr
, ev
->link_key
,
3216 ev
->key_type
, pin_len
, &persistent
);
3220 mgmt_new_link_key(hdev
, key
, persistent
);
3222 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3223 * is set. If it's not set simply remove the key from the kernel
3224 * list (we've still notified user space about it but with
3225 * store_hint being 0).
3227 if (key
->type
== HCI_LK_DEBUG_COMBINATION
&&
3228 !test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
)) {
3229 list_del(&key
->list
);
3233 clear_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3235 set_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3239 hci_dev_unlock(hdev
);
3242 static void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3244 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
3245 struct hci_conn
*conn
;
3247 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3251 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3252 if (conn
&& !ev
->status
) {
3253 struct inquiry_entry
*ie
;
3255 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3257 ie
->data
.clock_offset
= ev
->clock_offset
;
3258 ie
->timestamp
= jiffies
;
3262 hci_dev_unlock(hdev
);
3265 static void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3267 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
3268 struct hci_conn
*conn
;
3270 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3274 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3275 if (conn
&& !ev
->status
)
3276 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
3278 hci_dev_unlock(hdev
);
3281 static void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3283 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
3284 struct inquiry_entry
*ie
;
3286 BT_DBG("%s", hdev
->name
);
3290 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3292 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
3293 ie
->timestamp
= jiffies
;
3296 hci_dev_unlock(hdev
);
3299 static void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
,
3300 struct sk_buff
*skb
)
3302 struct inquiry_data data
;
3303 int num_rsp
= *((__u8
*) skb
->data
);
3305 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3310 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3315 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
3316 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
3317 info
= (void *) (skb
->data
+ 1);
3319 for (; num_rsp
; num_rsp
--, info
++) {
3322 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3323 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3324 data
.pscan_period_mode
= info
->pscan_period_mode
;
3325 data
.pscan_mode
= info
->pscan_mode
;
3326 memcpy(data
.dev_class
, info
->dev_class
, 3);
3327 data
.clock_offset
= info
->clock_offset
;
3328 data
.rssi
= info
->rssi
;
3329 data
.ssp_mode
= 0x00;
3331 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3333 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3334 info
->dev_class
, info
->rssi
,
3335 flags
, NULL
, 0, NULL
, 0);
3338 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
3340 for (; num_rsp
; num_rsp
--, info
++) {
3343 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3344 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3345 data
.pscan_period_mode
= info
->pscan_period_mode
;
3346 data
.pscan_mode
= 0x00;
3347 memcpy(data
.dev_class
, info
->dev_class
, 3);
3348 data
.clock_offset
= info
->clock_offset
;
3349 data
.rssi
= info
->rssi
;
3350 data
.ssp_mode
= 0x00;
3352 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3354 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3355 info
->dev_class
, info
->rssi
,
3356 flags
, NULL
, 0, NULL
, 0);
3360 hci_dev_unlock(hdev
);
3363 static void hci_remote_ext_features_evt(struct hci_dev
*hdev
,
3364 struct sk_buff
*skb
)
3366 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
3367 struct hci_conn
*conn
;
3369 BT_DBG("%s", hdev
->name
);
3373 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3377 if (ev
->page
< HCI_MAX_PAGES
)
3378 memcpy(conn
->features
[ev
->page
], ev
->features
, 8);
3380 if (!ev
->status
&& ev
->page
== 0x01) {
3381 struct inquiry_entry
*ie
;
3383 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3385 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3387 if (ev
->features
[0] & LMP_HOST_SSP
) {
3388 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3390 /* It is mandatory by the Bluetooth specification that
3391 * Extended Inquiry Results are only used when Secure
3392 * Simple Pairing is enabled, but some devices violate
3395 * To make these devices work, the internal SSP
3396 * enabled flag needs to be cleared if the remote host
3397 * features do not indicate SSP support */
3398 clear_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3401 if (ev
->features
[0] & LMP_HOST_SC
)
3402 set_bit(HCI_CONN_SC_ENABLED
, &conn
->flags
);
3405 if (conn
->state
!= BT_CONFIG
)
3408 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
3409 struct hci_cp_remote_name_req cp
;
3410 memset(&cp
, 0, sizeof(cp
));
3411 bacpy(&cp
.bdaddr
, &conn
->dst
);
3412 cp
.pscan_rep_mode
= 0x02;
3413 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
3414 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
3415 mgmt_device_connected(hdev
, &conn
->dst
, conn
->type
,
3416 conn
->dst_type
, 0, NULL
, 0,
3419 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
3420 conn
->state
= BT_CONNECTED
;
3421 hci_proto_connect_cfm(conn
, ev
->status
);
3422 hci_conn_drop(conn
);
3426 hci_dev_unlock(hdev
);
3429 static void hci_sync_conn_complete_evt(struct hci_dev
*hdev
,
3430 struct sk_buff
*skb
)
3432 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
3433 struct hci_conn
*conn
;
3435 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3439 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
3441 if (ev
->link_type
== ESCO_LINK
)
3444 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
3448 conn
->type
= SCO_LINK
;
3451 switch (ev
->status
) {
3453 conn
->handle
= __le16_to_cpu(ev
->handle
);
3454 conn
->state
= BT_CONNECTED
;
3456 hci_conn_add_sysfs(conn
);
3459 case 0x10: /* Connection Accept Timeout */
3460 case 0x0d: /* Connection Rejected due to Limited Resources */
3461 case 0x11: /* Unsupported Feature or Parameter Value */
3462 case 0x1c: /* SCO interval rejected */
3463 case 0x1a: /* Unsupported Remote Feature */
3464 case 0x1f: /* Unspecified error */
3465 case 0x20: /* Unsupported LMP Parameter value */
3467 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
3468 (hdev
->esco_type
& EDR_ESCO_MASK
);
3469 if (hci_setup_sync(conn
, conn
->link
->handle
))
3475 conn
->state
= BT_CLOSED
;
3479 hci_proto_connect_cfm(conn
, ev
->status
);
3484 hci_dev_unlock(hdev
);
3487 static inline size_t eir_get_length(u8
*eir
, size_t eir_len
)
3491 while (parsed
< eir_len
) {
3492 u8 field_len
= eir
[0];
3497 parsed
+= field_len
+ 1;
3498 eir
+= field_len
+ 1;
3504 static void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
,
3505 struct sk_buff
*skb
)
3507 struct inquiry_data data
;
3508 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
3509 int num_rsp
= *((__u8
*) skb
->data
);
3512 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3517 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3522 for (; num_rsp
; num_rsp
--, info
++) {
3526 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3527 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3528 data
.pscan_period_mode
= info
->pscan_period_mode
;
3529 data
.pscan_mode
= 0x00;
3530 memcpy(data
.dev_class
, info
->dev_class
, 3);
3531 data
.clock_offset
= info
->clock_offset
;
3532 data
.rssi
= info
->rssi
;
3533 data
.ssp_mode
= 0x01;
3535 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3536 name_known
= eir_has_data_type(info
->data
,
3542 flags
= hci_inquiry_cache_update(hdev
, &data
, name_known
);
3544 eir_len
= eir_get_length(info
->data
, sizeof(info
->data
));
3546 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3547 info
->dev_class
, info
->rssi
,
3548 flags
, info
->data
, eir_len
, NULL
, 0);
3551 hci_dev_unlock(hdev
);
3554 static void hci_key_refresh_complete_evt(struct hci_dev
*hdev
,
3555 struct sk_buff
*skb
)
3557 struct hci_ev_key_refresh_complete
*ev
= (void *) skb
->data
;
3558 struct hci_conn
*conn
;
3560 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev
->name
, ev
->status
,
3561 __le16_to_cpu(ev
->handle
));
3565 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3569 /* For BR/EDR the necessary steps are taken through the
3570 * auth_complete event.
3572 if (conn
->type
!= LE_LINK
)
3576 conn
->sec_level
= conn
->pending_sec_level
;
3578 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
3580 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
3581 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
3582 hci_conn_drop(conn
);
3586 if (conn
->state
== BT_CONFIG
) {
3588 conn
->state
= BT_CONNECTED
;
3590 hci_proto_connect_cfm(conn
, ev
->status
);
3591 hci_conn_drop(conn
);
3593 hci_auth_cfm(conn
, ev
->status
);
3595 hci_conn_hold(conn
);
3596 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3597 hci_conn_drop(conn
);
3601 hci_dev_unlock(hdev
);
3604 static u8
hci_get_auth_req(struct hci_conn
*conn
)
3606 /* If remote requests no-bonding follow that lead */
3607 if (conn
->remote_auth
== HCI_AT_NO_BONDING
||
3608 conn
->remote_auth
== HCI_AT_NO_BONDING_MITM
)
3609 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
3611 /* If both remote and local have enough IO capabilities, require
3614 if (conn
->remote_cap
!= HCI_IO_NO_INPUT_OUTPUT
&&
3615 conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
)
3616 return conn
->remote_auth
| 0x01;
3618 /* No MITM protection possible so ignore remote requirement */
3619 return (conn
->remote_auth
& ~0x01) | (conn
->auth_type
& 0x01);
3622 static void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3624 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
3625 struct hci_conn
*conn
;
3627 BT_DBG("%s", hdev
->name
);
3631 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3635 hci_conn_hold(conn
);
3637 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3640 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
) ||
3641 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
3642 struct hci_cp_io_capability_reply cp
;
3644 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3645 /* Change the IO capability from KeyboardDisplay
3646 * to DisplayYesNo as it is not supported by BT spec. */
3647 cp
.capability
= (conn
->io_capability
== 0x04) ?
3648 HCI_IO_DISPLAY_YESNO
: conn
->io_capability
;
3650 /* If we are initiators, there is no remote information yet */
3651 if (conn
->remote_auth
== 0xff) {
3652 cp
.authentication
= conn
->auth_type
;
3654 /* Request MITM protection if our IO caps allow it
3655 * except for the no-bonding case.
3656 * conn->auth_type is not updated here since
3657 * that might cause the user confirmation to be
3658 * rejected in case the remote doesn't have the
3659 * IO capabilities for MITM.
3661 if (conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
&&
3662 cp
.authentication
!= HCI_AT_NO_BONDING
)
3663 cp
.authentication
|= 0x01;
3665 conn
->auth_type
= hci_get_auth_req(conn
);
3666 cp
.authentication
= conn
->auth_type
;
3669 if (hci_find_remote_oob_data(hdev
, &conn
->dst
) &&
3670 (conn
->out
|| test_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
)))
3675 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
3678 struct hci_cp_io_capability_neg_reply cp
;
3680 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3681 cp
.reason
= HCI_ERROR_PAIRING_NOT_ALLOWED
;
3683 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
3688 hci_dev_unlock(hdev
);
3691 static void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3693 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
3694 struct hci_conn
*conn
;
3696 BT_DBG("%s", hdev
->name
);
3700 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3704 conn
->remote_cap
= ev
->capability
;
3705 conn
->remote_auth
= ev
->authentication
;
3707 set_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
);
3710 hci_dev_unlock(hdev
);
3713 static void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
3714 struct sk_buff
*skb
)
3716 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
3717 int loc_mitm
, rem_mitm
, confirm_hint
= 0;
3718 struct hci_conn
*conn
;
3720 BT_DBG("%s", hdev
->name
);
3724 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3727 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3731 loc_mitm
= (conn
->auth_type
& 0x01);
3732 rem_mitm
= (conn
->remote_auth
& 0x01);
3734 /* If we require MITM but the remote device can't provide that
3735 * (it has NoInputNoOutput) then reject the confirmation request
3737 if (loc_mitm
&& conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) {
3738 BT_DBG("Rejecting request: remote device can't provide MITM");
3739 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
3740 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3744 /* If no side requires MITM protection; auto-accept */
3745 if ((!loc_mitm
|| conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) &&
3746 (!rem_mitm
|| conn
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)) {
3748 /* If we're not the initiators request authorization to
3749 * proceed from user space (mgmt_user_confirm with
3750 * confirm_hint set to 1). The exception is if neither
3751 * side had MITM in which case we do auto-accept.
3753 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) &&
3754 (loc_mitm
|| rem_mitm
)) {
3755 BT_DBG("Confirming auto-accept as acceptor");
3760 BT_DBG("Auto-accept of user confirmation with %ums delay",
3761 hdev
->auto_accept_delay
);
3763 if (hdev
->auto_accept_delay
> 0) {
3764 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
3765 queue_delayed_work(conn
->hdev
->workqueue
,
3766 &conn
->auto_accept_work
, delay
);
3770 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
3771 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3776 mgmt_user_confirm_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0,
3777 le32_to_cpu(ev
->passkey
), confirm_hint
);
3780 hci_dev_unlock(hdev
);
3783 static void hci_user_passkey_request_evt(struct hci_dev
*hdev
,
3784 struct sk_buff
*skb
)
3786 struct hci_ev_user_passkey_req
*ev
= (void *) skb
->data
;
3788 BT_DBG("%s", hdev
->name
);
3790 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3791 mgmt_user_passkey_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0);
3794 static void hci_user_passkey_notify_evt(struct hci_dev
*hdev
,
3795 struct sk_buff
*skb
)
3797 struct hci_ev_user_passkey_notify
*ev
= (void *) skb
->data
;
3798 struct hci_conn
*conn
;
3800 BT_DBG("%s", hdev
->name
);
3802 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3806 conn
->passkey_notify
= __le32_to_cpu(ev
->passkey
);
3807 conn
->passkey_entered
= 0;
3809 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3810 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3811 conn
->dst_type
, conn
->passkey_notify
,
3812 conn
->passkey_entered
);
3815 static void hci_keypress_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3817 struct hci_ev_keypress_notify
*ev
= (void *) skb
->data
;
3818 struct hci_conn
*conn
;
3820 BT_DBG("%s", hdev
->name
);
3822 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3827 case HCI_KEYPRESS_STARTED
:
3828 conn
->passkey_entered
= 0;
3831 case HCI_KEYPRESS_ENTERED
:
3832 conn
->passkey_entered
++;
3835 case HCI_KEYPRESS_ERASED
:
3836 conn
->passkey_entered
--;
3839 case HCI_KEYPRESS_CLEARED
:
3840 conn
->passkey_entered
= 0;
3843 case HCI_KEYPRESS_COMPLETED
:
3847 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3848 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3849 conn
->dst_type
, conn
->passkey_notify
,
3850 conn
->passkey_entered
);
3853 static void hci_simple_pair_complete_evt(struct hci_dev
*hdev
,
3854 struct sk_buff
*skb
)
3856 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
3857 struct hci_conn
*conn
;
3859 BT_DBG("%s", hdev
->name
);
3863 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3867 /* To avoid duplicate auth_failed events to user space we check
3868 * the HCI_CONN_AUTH_PEND flag which will be set if we
3869 * initiated the authentication. A traditional auth_complete
3870 * event gets always produced as initiator and is also mapped to
3871 * the mgmt_auth_failed event */
3872 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) && ev
->status
)
3873 mgmt_auth_failed(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
3876 hci_conn_drop(conn
);
3879 hci_dev_unlock(hdev
);
3882 static void hci_remote_host_features_evt(struct hci_dev
*hdev
,
3883 struct sk_buff
*skb
)
3885 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
3886 struct inquiry_entry
*ie
;
3887 struct hci_conn
*conn
;
3889 BT_DBG("%s", hdev
->name
);
3893 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3895 memcpy(conn
->features
[1], ev
->features
, 8);
3897 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3899 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3901 hci_dev_unlock(hdev
);
3904 static void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
3905 struct sk_buff
*skb
)
3907 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
3908 struct oob_data
*data
;
3910 BT_DBG("%s", hdev
->name
);
3914 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3917 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
);
3919 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
)) {
3920 struct hci_cp_remote_oob_ext_data_reply cp
;
3922 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3923 memcpy(cp
.hash192
, data
->hash192
, sizeof(cp
.hash192
));
3924 memcpy(cp
.randomizer192
, data
->randomizer192
,
3925 sizeof(cp
.randomizer192
));
3926 memcpy(cp
.hash256
, data
->hash256
, sizeof(cp
.hash256
));
3927 memcpy(cp
.randomizer256
, data
->randomizer256
,
3928 sizeof(cp
.randomizer256
));
3930 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY
,
3933 struct hci_cp_remote_oob_data_reply cp
;
3935 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3936 memcpy(cp
.hash
, data
->hash192
, sizeof(cp
.hash
));
3937 memcpy(cp
.randomizer
, data
->randomizer192
,
3938 sizeof(cp
.randomizer
));
3940 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
,
3944 struct hci_cp_remote_oob_data_neg_reply cp
;
3946 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3947 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
,
3952 hci_dev_unlock(hdev
);
3955 static void hci_phy_link_complete_evt(struct hci_dev
*hdev
,
3956 struct sk_buff
*skb
)
3958 struct hci_ev_phy_link_complete
*ev
= (void *) skb
->data
;
3959 struct hci_conn
*hcon
, *bredr_hcon
;
3961 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev
->name
, ev
->phy_handle
,
3966 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
3968 hci_dev_unlock(hdev
);
3974 hci_dev_unlock(hdev
);
3978 bredr_hcon
= hcon
->amp_mgr
->l2cap_conn
->hcon
;
3980 hcon
->state
= BT_CONNECTED
;
3981 bacpy(&hcon
->dst
, &bredr_hcon
->dst
);
3983 hci_conn_hold(hcon
);
3984 hcon
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3985 hci_conn_drop(hcon
);
3987 hci_conn_add_sysfs(hcon
);
3989 amp_physical_cfm(bredr_hcon
, hcon
);
3991 hci_dev_unlock(hdev
);
3994 static void hci_loglink_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3996 struct hci_ev_logical_link_complete
*ev
= (void *) skb
->data
;
3997 struct hci_conn
*hcon
;
3998 struct hci_chan
*hchan
;
3999 struct amp_mgr
*mgr
;
4001 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4002 hdev
->name
, le16_to_cpu(ev
->handle
), ev
->phy_handle
,
4005 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4009 /* Create AMP hchan */
4010 hchan
= hci_chan_create(hcon
);
4014 hchan
->handle
= le16_to_cpu(ev
->handle
);
4016 BT_DBG("hcon %p mgr %p hchan %p", hcon
, hcon
->amp_mgr
, hchan
);
4018 mgr
= hcon
->amp_mgr
;
4019 if (mgr
&& mgr
->bredr_chan
) {
4020 struct l2cap_chan
*bredr_chan
= mgr
->bredr_chan
;
4022 l2cap_chan_lock(bredr_chan
);
4024 bredr_chan
->conn
->mtu
= hdev
->block_mtu
;
4025 l2cap_logical_cfm(bredr_chan
, hchan
, 0);
4026 hci_conn_hold(hcon
);
4028 l2cap_chan_unlock(bredr_chan
);
4032 static void hci_disconn_loglink_complete_evt(struct hci_dev
*hdev
,
4033 struct sk_buff
*skb
)
4035 struct hci_ev_disconn_logical_link_complete
*ev
= (void *) skb
->data
;
4036 struct hci_chan
*hchan
;
4038 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev
->name
,
4039 le16_to_cpu(ev
->handle
), ev
->status
);
4046 hchan
= hci_chan_lookup_handle(hdev
, le16_to_cpu(ev
->handle
));
4050 amp_destroy_logical_link(hchan
, ev
->reason
);
4053 hci_dev_unlock(hdev
);
4056 static void hci_disconn_phylink_complete_evt(struct hci_dev
*hdev
,
4057 struct sk_buff
*skb
)
4059 struct hci_ev_disconn_phy_link_complete
*ev
= (void *) skb
->data
;
4060 struct hci_conn
*hcon
;
4062 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4069 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4071 hcon
->state
= BT_CLOSED
;
4075 hci_dev_unlock(hdev
);
4078 static void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4080 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
4081 struct hci_conn_params
*params
;
4082 struct hci_conn
*conn
;
4083 struct smp_irk
*irk
;
4086 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4090 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
4092 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
4094 BT_ERR("No memory for new connection");
4098 conn
->dst_type
= ev
->bdaddr_type
;
4100 if (ev
->role
== LE_CONN_ROLE_MASTER
) {
4102 set_bit(HCI_CONN_MASTER
, &conn
->flags
);
4105 /* If we didn't have a hci_conn object previously
4106 * but we're in master role this must be something
4107 * initiated using a white list. Since white list based
4108 * connections are not "first class citizens" we don't
4109 * have full tracking of them. Therefore, we go ahead
4110 * with a "best effort" approach of determining the
4111 * initiator address based on the HCI_PRIVACY flag.
4114 conn
->resp_addr_type
= ev
->bdaddr_type
;
4115 bacpy(&conn
->resp_addr
, &ev
->bdaddr
);
4116 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
)) {
4117 conn
->init_addr_type
= ADDR_LE_DEV_RANDOM
;
4118 bacpy(&conn
->init_addr
, &hdev
->rpa
);
4120 hci_copy_identity_address(hdev
,
4122 &conn
->init_addr_type
);
4126 cancel_delayed_work(&conn
->le_conn_timeout
);
4130 /* Set the responder (our side) address type based on
4131 * the advertising address type.
4133 conn
->resp_addr_type
= hdev
->adv_addr_type
;
4134 if (hdev
->adv_addr_type
== ADDR_LE_DEV_RANDOM
)
4135 bacpy(&conn
->resp_addr
, &hdev
->random_addr
);
4137 bacpy(&conn
->resp_addr
, &hdev
->bdaddr
);
4139 conn
->init_addr_type
= ev
->bdaddr_type
;
4140 bacpy(&conn
->init_addr
, &ev
->bdaddr
);
4142 /* For incoming connections, set the default minimum
4143 * and maximum connection interval. They will be used
4144 * to check if the parameters are in range and if not
4145 * trigger the connection update procedure.
4147 conn
->le_conn_min_interval
= hdev
->le_conn_min_interval
;
4148 conn
->le_conn_max_interval
= hdev
->le_conn_max_interval
;
4151 /* Lookup the identity address from the stored connection
4152 * address and address type.
4154 * When establishing connections to an identity address, the
4155 * connection procedure will store the resolvable random
4156 * address first. Now if it can be converted back into the
4157 * identity address, start using the identity address from
4160 irk
= hci_get_irk(hdev
, &conn
->dst
, conn
->dst_type
);
4162 bacpy(&conn
->dst
, &irk
->bdaddr
);
4163 conn
->dst_type
= irk
->addr_type
;
4166 if (conn
->dst_type
== ADDR_LE_DEV_PUBLIC
)
4167 addr_type
= BDADDR_LE_PUBLIC
;
4169 addr_type
= BDADDR_LE_RANDOM
;
4171 /* Drop the connection if he device is blocked */
4172 if (hci_blacklist_lookup(hdev
, &conn
->dst
, addr_type
)) {
4173 hci_conn_drop(conn
);
4178 hci_le_conn_failed(conn
, ev
->status
);
4182 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
4183 mgmt_device_connected(hdev
, &conn
->dst
, conn
->type
,
4184 conn
->dst_type
, 0, NULL
, 0, NULL
);
4186 conn
->sec_level
= BT_SECURITY_LOW
;
4187 conn
->handle
= __le16_to_cpu(ev
->handle
);
4188 conn
->state
= BT_CONNECTED
;
4190 conn
->le_conn_interval
= le16_to_cpu(ev
->interval
);
4191 conn
->le_conn_latency
= le16_to_cpu(ev
->latency
);
4192 conn
->le_supv_timeout
= le16_to_cpu(ev
->supervision_timeout
);
4194 hci_conn_add_sysfs(conn
);
4196 hci_proto_connect_cfm(conn
, ev
->status
);
4198 params
= hci_conn_params_lookup(hdev
, &conn
->dst
, conn
->dst_type
);
4200 list_del_init(¶ms
->action
);
4201 hci_update_background_scan(hdev
);
4205 hci_dev_unlock(hdev
);
4208 static void hci_le_conn_update_complete_evt(struct hci_dev
*hdev
,
4209 struct sk_buff
*skb
)
4211 struct hci_ev_le_conn_update_complete
*ev
= (void *) skb
->data
;
4212 struct hci_conn
*conn
;
4214 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4221 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4223 conn
->le_conn_interval
= le16_to_cpu(ev
->interval
);
4224 conn
->le_conn_latency
= le16_to_cpu(ev
->latency
);
4225 conn
->le_supv_timeout
= le16_to_cpu(ev
->supervision_timeout
);
4228 hci_dev_unlock(hdev
);
4231 /* This function requires the caller holds hdev->lock */
4232 static bool check_pending_le_conn(struct hci_dev
*hdev
, bdaddr_t
*addr
,
4235 struct hci_conn
*conn
;
4237 if (!hci_pend_le_action_lookup(&hdev
->pend_le_conns
, addr
, addr_type
))
4240 conn
= hci_connect_le(hdev
, addr
, addr_type
, BT_SECURITY_LOW
,
4245 switch (PTR_ERR(conn
)) {
4247 /* If hci_connect() returns -EBUSY it means there is already
4248 * an LE connection attempt going on. Since controllers don't
4249 * support more than one connection attempt at the time, we
4250 * don't consider this an error case.
4254 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn
));
4260 static void process_adv_report(struct hci_dev
*hdev
, u8 type
, bdaddr_t
*bdaddr
,
4261 u8 bdaddr_type
, s8 rssi
, u8
*data
, u8 len
)
4263 struct discovery_state
*d
= &hdev
->discovery
;
4267 /* Passive scanning shouldn't trigger any device found events,
4268 * except for devices marked as CONN_REPORT for which we do send
4269 * device found events.
4271 if (hdev
->le_scan_type
== LE_SCAN_PASSIVE
) {
4272 struct hci_conn_params
*param
;
4273 struct smp_irk
*irk
;
4275 /* Check if we need to convert to identity address */
4276 irk
= hci_get_irk(hdev
, bdaddr
, bdaddr_type
);
4278 bdaddr
= &irk
->bdaddr
;
4279 bdaddr_type
= irk
->addr_type
;
4282 /* Ignore if the device is blocked */
4283 if (hci_blacklist_lookup(hdev
, bdaddr
, bdaddr_type
))
4286 if (type
== LE_ADV_IND
|| type
== LE_ADV_DIRECT_IND
) {
4287 if (check_pending_le_conn(hdev
, bdaddr
, bdaddr_type
))
4291 if (type
== LE_ADV_DIRECT_IND
)
4294 param
= hci_pend_le_action_lookup(&hdev
->pend_le_reports
,
4295 bdaddr
, bdaddr_type
);
4299 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
)
4300 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
4303 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4304 rssi
, flags
, data
, len
, NULL
, 0);
4308 /* When receiving non-connectable or scannable undirected
4309 * advertising reports, this means that the remote device is
4310 * not connectable and then clearly indicate this in the
4311 * device found event.
4313 * When receiving a scan response, then there is no way to
4314 * know if the remote device is connectable or not. However
4315 * since scan responses are merged with a previously seen
4316 * advertising report, the flags field from that report
4319 * In the really unlikely case that a controller get confused
4320 * and just sends a scan response event, then it is marked as
4321 * not connectable as well.
4323 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
||
4324 type
== LE_ADV_SCAN_RSP
)
4325 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
4329 /* If there's nothing pending either store the data from this
4330 * event or send an immediate device found event if the data
4331 * should not be stored for later.
4333 if (!has_pending_adv_report(hdev
)) {
4334 /* If the report will trigger a SCAN_REQ store it for
4337 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
4338 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
4339 rssi
, flags
, data
, len
);
4343 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4344 rssi
, flags
, data
, len
, NULL
, 0);
4348 /* Check if the pending report is for the same device as the new one */
4349 match
= (!bacmp(bdaddr
, &d
->last_adv_addr
) &&
4350 bdaddr_type
== d
->last_adv_addr_type
);
4352 /* If the pending data doesn't match this report or this isn't a
4353 * scan response (e.g. we got a duplicate ADV_IND) then force
4354 * sending of the pending data.
4356 if (type
!= LE_ADV_SCAN_RSP
|| !match
) {
4357 /* Send out whatever is in the cache, but skip duplicates */
4359 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
4360 d
->last_adv_addr_type
, NULL
,
4361 d
->last_adv_rssi
, d
->last_adv_flags
,
4363 d
->last_adv_data_len
, NULL
, 0);
4365 /* If the new report will trigger a SCAN_REQ store it for
4368 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
4369 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
4370 rssi
, flags
, data
, len
);
4374 /* The advertising reports cannot be merged, so clear
4375 * the pending report and send out a device found event.
4377 clear_pending_adv_report(hdev
);
4378 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4379 rssi
, flags
, data
, len
, NULL
, 0);
4383 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4384 * the new event is a SCAN_RSP. We can therefore proceed with
4385 * sending a merged device found event.
4387 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
4388 d
->last_adv_addr_type
, NULL
, rssi
, d
->last_adv_flags
,
4389 d
->last_adv_data
, d
->last_adv_data_len
, data
, len
);
4390 clear_pending_adv_report(hdev
);
4393 static void hci_le_adv_report_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4395 u8 num_reports
= skb
->data
[0];
4396 void *ptr
= &skb
->data
[1];
4400 while (num_reports
--) {
4401 struct hci_ev_le_advertising_info
*ev
= ptr
;
4404 rssi
= ev
->data
[ev
->length
];
4405 process_adv_report(hdev
, ev
->evt_type
, &ev
->bdaddr
,
4406 ev
->bdaddr_type
, rssi
, ev
->data
, ev
->length
);
4408 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
4411 hci_dev_unlock(hdev
);
4414 static void hci_le_ltk_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4416 struct hci_ev_le_ltk_req
*ev
= (void *) skb
->data
;
4417 struct hci_cp_le_ltk_reply cp
;
4418 struct hci_cp_le_ltk_neg_reply neg
;
4419 struct hci_conn
*conn
;
4420 struct smp_ltk
*ltk
;
4422 BT_DBG("%s handle 0x%4.4x", hdev
->name
, __le16_to_cpu(ev
->handle
));
4426 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4430 ltk
= hci_find_ltk(hdev
, ev
->ediv
, ev
->rand
, conn
->out
);
4434 memcpy(cp
.ltk
, ltk
->val
, sizeof(ltk
->val
));
4435 cp
.handle
= cpu_to_le16(conn
->handle
);
4437 if (ltk
->authenticated
)
4438 conn
->pending_sec_level
= BT_SECURITY_HIGH
;
4440 conn
->pending_sec_level
= BT_SECURITY_MEDIUM
;
4442 conn
->enc_key_size
= ltk
->enc_size
;
4444 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
4446 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4447 * temporary key used to encrypt a connection following
4448 * pairing. It is used during the Encrypted Session Setup to
4449 * distribute the keys. Later, security can be re-established
4450 * using a distributed LTK.
4452 if (ltk
->type
== SMP_STK
) {
4453 set_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
4454 list_del(<k
->list
);
4457 clear_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
4460 hci_dev_unlock(hdev
);
4465 neg
.handle
= ev
->handle
;
4466 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(neg
), &neg
);
4467 hci_dev_unlock(hdev
);
4470 static void send_conn_param_neg_reply(struct hci_dev
*hdev
, u16 handle
,
4473 struct hci_cp_le_conn_param_req_neg_reply cp
;
4475 cp
.handle
= cpu_to_le16(handle
);
4478 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY
, sizeof(cp
),
4482 static void hci_le_remote_conn_param_req_evt(struct hci_dev
*hdev
,
4483 struct sk_buff
*skb
)
4485 struct hci_ev_le_remote_conn_param_req
*ev
= (void *) skb
->data
;
4486 struct hci_cp_le_conn_param_req_reply cp
;
4487 struct hci_conn
*hcon
;
4488 u16 handle
, min
, max
, latency
, timeout
;
4490 handle
= le16_to_cpu(ev
->handle
);
4491 min
= le16_to_cpu(ev
->interval_min
);
4492 max
= le16_to_cpu(ev
->interval_max
);
4493 latency
= le16_to_cpu(ev
->latency
);
4494 timeout
= le16_to_cpu(ev
->timeout
);
4496 hcon
= hci_conn_hash_lookup_handle(hdev
, handle
);
4497 if (!hcon
|| hcon
->state
!= BT_CONNECTED
)
4498 return send_conn_param_neg_reply(hdev
, handle
,
4499 HCI_ERROR_UNKNOWN_CONN_ID
);
4501 if (hci_check_conn_params(min
, max
, latency
, timeout
))
4502 return send_conn_param_neg_reply(hdev
, handle
,
4503 HCI_ERROR_INVALID_LL_PARAMS
);
4505 if (test_bit(HCI_CONN_MASTER
, &hcon
->flags
)) {
4506 struct hci_conn_params
*params
;
4511 params
= hci_conn_params_lookup(hdev
, &hcon
->dst
,
4514 params
->conn_min_interval
= min
;
4515 params
->conn_max_interval
= max
;
4516 params
->conn_latency
= latency
;
4517 params
->supervision_timeout
= timeout
;
4523 hci_dev_unlock(hdev
);
4525 mgmt_new_conn_param(hdev
, &hcon
->dst
, hcon
->dst_type
,
4526 store_hint
, min
, max
, latency
, timeout
);
4529 cp
.handle
= ev
->handle
;
4530 cp
.interval_min
= ev
->interval_min
;
4531 cp
.interval_max
= ev
->interval_max
;
4532 cp
.latency
= ev
->latency
;
4533 cp
.timeout
= ev
->timeout
;
4537 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_REPLY
, sizeof(cp
), &cp
);
4540 static void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4542 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
4544 skb_pull(skb
, sizeof(*le_ev
));
4546 switch (le_ev
->subevent
) {
4547 case HCI_EV_LE_CONN_COMPLETE
:
4548 hci_le_conn_complete_evt(hdev
, skb
);
4551 case HCI_EV_LE_CONN_UPDATE_COMPLETE
:
4552 hci_le_conn_update_complete_evt(hdev
, skb
);
4555 case HCI_EV_LE_ADVERTISING_REPORT
:
4556 hci_le_adv_report_evt(hdev
, skb
);
4559 case HCI_EV_LE_LTK_REQ
:
4560 hci_le_ltk_request_evt(hdev
, skb
);
4563 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ
:
4564 hci_le_remote_conn_param_req_evt(hdev
, skb
);
4572 static void hci_chan_selected_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4574 struct hci_ev_channel_selected
*ev
= (void *) skb
->data
;
4575 struct hci_conn
*hcon
;
4577 BT_DBG("%s handle 0x%2.2x", hdev
->name
, ev
->phy_handle
);
4579 skb_pull(skb
, sizeof(*ev
));
4581 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4585 amp_read_loc_assoc_final_data(hdev
, hcon
);
4588 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4590 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
4591 __u8 event
= hdr
->evt
;
4595 /* Received events are (currently) only needed when a request is
4596 * ongoing so avoid unnecessary memory allocation.
4598 if (hdev
->req_status
== HCI_REQ_PEND
) {
4599 kfree_skb(hdev
->recv_evt
);
4600 hdev
->recv_evt
= skb_clone(skb
, GFP_KERNEL
);
4603 hci_dev_unlock(hdev
);
4605 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
4607 if (hdev
->sent_cmd
&& bt_cb(hdev
->sent_cmd
)->req
.event
== event
) {
4608 struct hci_command_hdr
*cmd_hdr
= (void *) hdev
->sent_cmd
->data
;
4609 u16 opcode
= __le16_to_cpu(cmd_hdr
->opcode
);
4611 hci_req_cmd_complete(hdev
, opcode
, 0);
4615 case HCI_EV_INQUIRY_COMPLETE
:
4616 hci_inquiry_complete_evt(hdev
, skb
);
4619 case HCI_EV_INQUIRY_RESULT
:
4620 hci_inquiry_result_evt(hdev
, skb
);
4623 case HCI_EV_CONN_COMPLETE
:
4624 hci_conn_complete_evt(hdev
, skb
);
4627 case HCI_EV_CONN_REQUEST
:
4628 hci_conn_request_evt(hdev
, skb
);
4631 case HCI_EV_DISCONN_COMPLETE
:
4632 hci_disconn_complete_evt(hdev
, skb
);
4635 case HCI_EV_AUTH_COMPLETE
:
4636 hci_auth_complete_evt(hdev
, skb
);
4639 case HCI_EV_REMOTE_NAME
:
4640 hci_remote_name_evt(hdev
, skb
);
4643 case HCI_EV_ENCRYPT_CHANGE
:
4644 hci_encrypt_change_evt(hdev
, skb
);
4647 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
4648 hci_change_link_key_complete_evt(hdev
, skb
);
4651 case HCI_EV_REMOTE_FEATURES
:
4652 hci_remote_features_evt(hdev
, skb
);
4655 case HCI_EV_CMD_COMPLETE
:
4656 hci_cmd_complete_evt(hdev
, skb
);
4659 case HCI_EV_CMD_STATUS
:
4660 hci_cmd_status_evt(hdev
, skb
);
4663 case HCI_EV_ROLE_CHANGE
:
4664 hci_role_change_evt(hdev
, skb
);
4667 case HCI_EV_NUM_COMP_PKTS
:
4668 hci_num_comp_pkts_evt(hdev
, skb
);
4671 case HCI_EV_MODE_CHANGE
:
4672 hci_mode_change_evt(hdev
, skb
);
4675 case HCI_EV_PIN_CODE_REQ
:
4676 hci_pin_code_request_evt(hdev
, skb
);
4679 case HCI_EV_LINK_KEY_REQ
:
4680 hci_link_key_request_evt(hdev
, skb
);
4683 case HCI_EV_LINK_KEY_NOTIFY
:
4684 hci_link_key_notify_evt(hdev
, skb
);
4687 case HCI_EV_CLOCK_OFFSET
:
4688 hci_clock_offset_evt(hdev
, skb
);
4691 case HCI_EV_PKT_TYPE_CHANGE
:
4692 hci_pkt_type_change_evt(hdev
, skb
);
4695 case HCI_EV_PSCAN_REP_MODE
:
4696 hci_pscan_rep_mode_evt(hdev
, skb
);
4699 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
4700 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
4703 case HCI_EV_REMOTE_EXT_FEATURES
:
4704 hci_remote_ext_features_evt(hdev
, skb
);
4707 case HCI_EV_SYNC_CONN_COMPLETE
:
4708 hci_sync_conn_complete_evt(hdev
, skb
);
4711 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
4712 hci_extended_inquiry_result_evt(hdev
, skb
);
4715 case HCI_EV_KEY_REFRESH_COMPLETE
:
4716 hci_key_refresh_complete_evt(hdev
, skb
);
4719 case HCI_EV_IO_CAPA_REQUEST
:
4720 hci_io_capa_request_evt(hdev
, skb
);
4723 case HCI_EV_IO_CAPA_REPLY
:
4724 hci_io_capa_reply_evt(hdev
, skb
);
4727 case HCI_EV_USER_CONFIRM_REQUEST
:
4728 hci_user_confirm_request_evt(hdev
, skb
);
4731 case HCI_EV_USER_PASSKEY_REQUEST
:
4732 hci_user_passkey_request_evt(hdev
, skb
);
4735 case HCI_EV_USER_PASSKEY_NOTIFY
:
4736 hci_user_passkey_notify_evt(hdev
, skb
);
4739 case HCI_EV_KEYPRESS_NOTIFY
:
4740 hci_keypress_notify_evt(hdev
, skb
);
4743 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
4744 hci_simple_pair_complete_evt(hdev
, skb
);
4747 case HCI_EV_REMOTE_HOST_FEATURES
:
4748 hci_remote_host_features_evt(hdev
, skb
);
4751 case HCI_EV_LE_META
:
4752 hci_le_meta_evt(hdev
, skb
);
4755 case HCI_EV_CHANNEL_SELECTED
:
4756 hci_chan_selected_evt(hdev
, skb
);
4759 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
4760 hci_remote_oob_data_request_evt(hdev
, skb
);
4763 case HCI_EV_PHY_LINK_COMPLETE
:
4764 hci_phy_link_complete_evt(hdev
, skb
);
4767 case HCI_EV_LOGICAL_LINK_COMPLETE
:
4768 hci_loglink_complete_evt(hdev
, skb
);
4771 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE
:
4772 hci_disconn_loglink_complete_evt(hdev
, skb
);
4775 case HCI_EV_DISCONN_PHY_LINK_COMPLETE
:
4776 hci_disconn_phylink_complete_evt(hdev
, skb
);
4779 case HCI_EV_NUM_COMP_BLOCKS
:
4780 hci_num_comp_blocks_evt(hdev
, skb
);
4784 BT_DBG("%s event 0x%2.2x", hdev
->name
, event
);
4789 hdev
->stat
.evt_rx
++;