2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
41 __u8 status
= *((__u8
*) skb
->data
);
43 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
48 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
53 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
56 hci_conn_check_pending(hdev
);
59 static void hci_cc_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
61 __u8 status
= *((__u8
*) skb
->data
);
63 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
68 set_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
71 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
73 __u8 status
= *((__u8
*) skb
->data
);
75 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
80 clear_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
82 hci_conn_check_pending(hdev
);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
,
88 BT_DBG("%s", hdev
->name
);
91 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
93 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
94 struct hci_conn
*conn
;
96 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
103 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
105 conn
->role
= rp
->role
;
107 hci_dev_unlock(hdev
);
110 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
112 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
113 struct hci_conn
*conn
;
115 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
122 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
124 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
126 hci_dev_unlock(hdev
);
129 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
131 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
132 struct hci_conn
*conn
;
135 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
140 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
146 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
148 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
150 hci_dev_unlock(hdev
);
153 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
,
156 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
158 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
163 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
166 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
,
169 __u8 status
= *((__u8
*) skb
->data
);
172 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
177 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
181 hdev
->link_policy
= get_unaligned_le16(sent
);
184 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
186 __u8 status
= *((__u8
*) skb
->data
);
188 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
190 clear_bit(HCI_RESET
, &hdev
->flags
);
195 /* Reset all non-persistent flags */
196 hdev
->dev_flags
&= ~HCI_PERSISTENT_MASK
;
198 hdev
->discovery
.state
= DISCOVERY_STOPPED
;
199 hdev
->inq_tx_power
= HCI_TX_POWER_INVALID
;
200 hdev
->adv_tx_power
= HCI_TX_POWER_INVALID
;
202 memset(hdev
->adv_data
, 0, sizeof(hdev
->adv_data
));
203 hdev
->adv_data_len
= 0;
205 memset(hdev
->scan_rsp_data
, 0, sizeof(hdev
->scan_rsp_data
));
206 hdev
->scan_rsp_data_len
= 0;
208 hdev
->le_scan_type
= LE_SCAN_PASSIVE
;
210 hdev
->ssp_debug_mode
= 0;
212 hci_bdaddr_list_clear(&hdev
->le_white_list
);
215 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
217 __u8 status
= *((__u8
*) skb
->data
);
220 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
222 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
228 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
229 mgmt_set_local_name_complete(hdev
, sent
, status
);
231 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
233 hci_dev_unlock(hdev
);
236 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
238 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
240 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
245 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
246 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
249 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
251 __u8 status
= *((__u8
*) skb
->data
);
254 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
256 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
263 __u8 param
= *((__u8
*) sent
);
265 if (param
== AUTH_ENABLED
)
266 set_bit(HCI_AUTH
, &hdev
->flags
);
268 clear_bit(HCI_AUTH
, &hdev
->flags
);
271 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
272 mgmt_auth_enable_complete(hdev
, status
);
274 hci_dev_unlock(hdev
);
277 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
279 __u8 status
= *((__u8
*) skb
->data
);
283 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
288 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
292 param
= *((__u8
*) sent
);
295 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
297 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
300 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
302 __u8 status
= *((__u8
*) skb
->data
);
306 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
308 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
312 param
= *((__u8
*) sent
);
317 hdev
->discov_timeout
= 0;
321 if (param
& SCAN_INQUIRY
)
322 set_bit(HCI_ISCAN
, &hdev
->flags
);
324 clear_bit(HCI_ISCAN
, &hdev
->flags
);
326 if (param
& SCAN_PAGE
)
327 set_bit(HCI_PSCAN
, &hdev
->flags
);
329 clear_bit(HCI_PSCAN
, &hdev
->flags
);
332 hci_dev_unlock(hdev
);
335 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
337 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
339 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
344 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
347 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
350 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
352 __u8 status
= *((__u8
*) skb
->data
);
355 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
357 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
364 memcpy(hdev
->dev_class
, sent
, 3);
366 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
367 mgmt_set_class_of_dev_complete(hdev
, sent
, status
);
369 hci_dev_unlock(hdev
);
372 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
374 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
377 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
382 setting
= __le16_to_cpu(rp
->voice_setting
);
384 if (hdev
->voice_setting
== setting
)
387 hdev
->voice_setting
= setting
;
389 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
392 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
395 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
,
398 __u8 status
= *((__u8
*) skb
->data
);
402 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
407 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
411 setting
= get_unaligned_le16(sent
);
413 if (hdev
->voice_setting
== setting
)
416 hdev
->voice_setting
= setting
;
418 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
421 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
424 static void hci_cc_read_num_supported_iac(struct hci_dev
*hdev
,
427 struct hci_rp_read_num_supported_iac
*rp
= (void *) skb
->data
;
429 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
434 hdev
->num_iac
= rp
->num_iac
;
436 BT_DBG("%s num iac %d", hdev
->name
, hdev
->num_iac
);
439 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
441 __u8 status
= *((__u8
*) skb
->data
);
442 struct hci_cp_write_ssp_mode
*sent
;
444 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
446 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
454 hdev
->features
[1][0] |= LMP_HOST_SSP
;
456 hdev
->features
[1][0] &= ~LMP_HOST_SSP
;
459 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
460 mgmt_ssp_enable_complete(hdev
, sent
->mode
, status
);
463 set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
465 clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
468 hci_dev_unlock(hdev
);
471 static void hci_cc_write_sc_support(struct hci_dev
*hdev
, struct sk_buff
*skb
)
473 u8 status
= *((u8
*) skb
->data
);
474 struct hci_cp_write_sc_support
*sent
;
476 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
478 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SC_SUPPORT
);
486 hdev
->features
[1][0] |= LMP_HOST_SC
;
488 hdev
->features
[1][0] &= ~LMP_HOST_SC
;
491 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
492 mgmt_sc_enable_complete(hdev
, sent
->support
, status
);
495 set_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
497 clear_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
500 hci_dev_unlock(hdev
);
503 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
505 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
507 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
512 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
)) {
513 hdev
->hci_ver
= rp
->hci_ver
;
514 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
515 hdev
->lmp_ver
= rp
->lmp_ver
;
516 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
517 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
521 static void hci_cc_read_local_commands(struct hci_dev
*hdev
,
524 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
526 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
531 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
532 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
535 static void hci_cc_read_local_features(struct hci_dev
*hdev
,
538 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
540 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
545 memcpy(hdev
->features
, rp
->features
, 8);
547 /* Adjust default settings according to features
548 * supported by device. */
550 if (hdev
->features
[0][0] & LMP_3SLOT
)
551 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
553 if (hdev
->features
[0][0] & LMP_5SLOT
)
554 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
556 if (hdev
->features
[0][1] & LMP_HV2
) {
557 hdev
->pkt_type
|= (HCI_HV2
);
558 hdev
->esco_type
|= (ESCO_HV2
);
561 if (hdev
->features
[0][1] & LMP_HV3
) {
562 hdev
->pkt_type
|= (HCI_HV3
);
563 hdev
->esco_type
|= (ESCO_HV3
);
566 if (lmp_esco_capable(hdev
))
567 hdev
->esco_type
|= (ESCO_EV3
);
569 if (hdev
->features
[0][4] & LMP_EV4
)
570 hdev
->esco_type
|= (ESCO_EV4
);
572 if (hdev
->features
[0][4] & LMP_EV5
)
573 hdev
->esco_type
|= (ESCO_EV5
);
575 if (hdev
->features
[0][5] & LMP_EDR_ESCO_2M
)
576 hdev
->esco_type
|= (ESCO_2EV3
);
578 if (hdev
->features
[0][5] & LMP_EDR_ESCO_3M
)
579 hdev
->esco_type
|= (ESCO_3EV3
);
581 if (hdev
->features
[0][5] & LMP_EDR_3S_ESCO
)
582 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
585 static void hci_cc_read_local_ext_features(struct hci_dev
*hdev
,
588 struct hci_rp_read_local_ext_features
*rp
= (void *) skb
->data
;
590 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
595 if (hdev
->max_page
< rp
->max_page
)
596 hdev
->max_page
= rp
->max_page
;
598 if (rp
->page
< HCI_MAX_PAGES
)
599 memcpy(hdev
->features
[rp
->page
], rp
->features
, 8);
602 static void hci_cc_read_flow_control_mode(struct hci_dev
*hdev
,
605 struct hci_rp_read_flow_control_mode
*rp
= (void *) skb
->data
;
607 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
612 hdev
->flow_ctl_mode
= rp
->mode
;
615 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
617 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
619 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
624 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
625 hdev
->sco_mtu
= rp
->sco_mtu
;
626 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
627 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
629 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
634 hdev
->acl_cnt
= hdev
->acl_pkts
;
635 hdev
->sco_cnt
= hdev
->sco_pkts
;
637 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
, hdev
->acl_mtu
,
638 hdev
->acl_pkts
, hdev
->sco_mtu
, hdev
->sco_pkts
);
641 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
643 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
645 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
650 if (test_bit(HCI_INIT
, &hdev
->flags
))
651 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
653 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
654 bacpy(&hdev
->setup_addr
, &rp
->bdaddr
);
657 static void hci_cc_read_page_scan_activity(struct hci_dev
*hdev
,
660 struct hci_rp_read_page_scan_activity
*rp
= (void *) skb
->data
;
662 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
667 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
668 hdev
->page_scan_interval
= __le16_to_cpu(rp
->interval
);
669 hdev
->page_scan_window
= __le16_to_cpu(rp
->window
);
673 static void hci_cc_write_page_scan_activity(struct hci_dev
*hdev
,
676 u8 status
= *((u8
*) skb
->data
);
677 struct hci_cp_write_page_scan_activity
*sent
;
679 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
684 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
);
688 hdev
->page_scan_interval
= __le16_to_cpu(sent
->interval
);
689 hdev
->page_scan_window
= __le16_to_cpu(sent
->window
);
692 static void hci_cc_read_page_scan_type(struct hci_dev
*hdev
,
695 struct hci_rp_read_page_scan_type
*rp
= (void *) skb
->data
;
697 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
702 if (test_bit(HCI_INIT
, &hdev
->flags
))
703 hdev
->page_scan_type
= rp
->type
;
706 static void hci_cc_write_page_scan_type(struct hci_dev
*hdev
,
709 u8 status
= *((u8
*) skb
->data
);
712 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
717 type
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
);
719 hdev
->page_scan_type
= *type
;
722 static void hci_cc_read_data_block_size(struct hci_dev
*hdev
,
725 struct hci_rp_read_data_block_size
*rp
= (void *) skb
->data
;
727 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
732 hdev
->block_mtu
= __le16_to_cpu(rp
->max_acl_len
);
733 hdev
->block_len
= __le16_to_cpu(rp
->block_len
);
734 hdev
->num_blocks
= __le16_to_cpu(rp
->num_blocks
);
736 hdev
->block_cnt
= hdev
->num_blocks
;
738 BT_DBG("%s blk mtu %d cnt %d len %d", hdev
->name
, hdev
->block_mtu
,
739 hdev
->block_cnt
, hdev
->block_len
);
742 static void hci_cc_read_clock(struct hci_dev
*hdev
, struct sk_buff
*skb
)
744 struct hci_rp_read_clock
*rp
= (void *) skb
->data
;
745 struct hci_cp_read_clock
*cp
;
746 struct hci_conn
*conn
;
748 BT_DBG("%s", hdev
->name
);
750 if (skb
->len
< sizeof(*rp
))
758 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
762 if (cp
->which
== 0x00) {
763 hdev
->clock
= le32_to_cpu(rp
->clock
);
767 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
769 conn
->clock
= le32_to_cpu(rp
->clock
);
770 conn
->clock_accuracy
= le16_to_cpu(rp
->accuracy
);
774 hci_dev_unlock(hdev
);
777 static void hci_cc_read_local_amp_info(struct hci_dev
*hdev
,
780 struct hci_rp_read_local_amp_info
*rp
= (void *) skb
->data
;
782 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
787 hdev
->amp_status
= rp
->amp_status
;
788 hdev
->amp_total_bw
= __le32_to_cpu(rp
->total_bw
);
789 hdev
->amp_max_bw
= __le32_to_cpu(rp
->max_bw
);
790 hdev
->amp_min_latency
= __le32_to_cpu(rp
->min_latency
);
791 hdev
->amp_max_pdu
= __le32_to_cpu(rp
->max_pdu
);
792 hdev
->amp_type
= rp
->amp_type
;
793 hdev
->amp_pal_cap
= __le16_to_cpu(rp
->pal_cap
);
794 hdev
->amp_assoc_size
= __le16_to_cpu(rp
->max_assoc_size
);
795 hdev
->amp_be_flush_to
= __le32_to_cpu(rp
->be_flush_to
);
796 hdev
->amp_max_flush_to
= __le32_to_cpu(rp
->max_flush_to
);
799 a2mp_send_getinfo_rsp(hdev
);
802 static void hci_cc_read_local_amp_assoc(struct hci_dev
*hdev
,
805 struct hci_rp_read_local_amp_assoc
*rp
= (void *) skb
->data
;
806 struct amp_assoc
*assoc
= &hdev
->loc_assoc
;
807 size_t rem_len
, frag_len
;
809 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
814 frag_len
= skb
->len
- sizeof(*rp
);
815 rem_len
= __le16_to_cpu(rp
->rem_len
);
817 if (rem_len
> frag_len
) {
818 BT_DBG("frag_len %zu rem_len %zu", frag_len
, rem_len
);
820 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, frag_len
);
821 assoc
->offset
+= frag_len
;
823 /* Read other fragments */
824 amp_read_loc_assoc_frag(hdev
, rp
->phy_handle
);
829 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, rem_len
);
830 assoc
->len
= assoc
->offset
+ rem_len
;
834 /* Send A2MP Rsp when all fragments are received */
835 a2mp_send_getampassoc_rsp(hdev
, rp
->status
);
836 a2mp_send_create_phy_link_req(hdev
, rp
->status
);
839 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
842 struct hci_rp_read_inq_rsp_tx_power
*rp
= (void *) skb
->data
;
844 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
849 hdev
->inq_tx_power
= rp
->tx_power
;
852 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
854 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
855 struct hci_cp_pin_code_reply
*cp
;
856 struct hci_conn
*conn
;
858 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
862 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
863 mgmt_pin_code_reply_complete(hdev
, &rp
->bdaddr
, rp
->status
);
868 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
872 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
874 conn
->pin_length
= cp
->pin_len
;
877 hci_dev_unlock(hdev
);
880 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
882 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
884 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
888 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
889 mgmt_pin_code_neg_reply_complete(hdev
, &rp
->bdaddr
,
892 hci_dev_unlock(hdev
);
895 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
898 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
900 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
905 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
906 hdev
->le_pkts
= rp
->le_max_pkt
;
908 hdev
->le_cnt
= hdev
->le_pkts
;
910 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
913 static void hci_cc_le_read_local_features(struct hci_dev
*hdev
,
916 struct hci_rp_le_read_local_features
*rp
= (void *) skb
->data
;
918 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
923 memcpy(hdev
->le_features
, rp
->features
, 8);
926 static void hci_cc_le_read_adv_tx_power(struct hci_dev
*hdev
,
929 struct hci_rp_le_read_adv_tx_power
*rp
= (void *) skb
->data
;
931 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
936 hdev
->adv_tx_power
= rp
->tx_power
;
939 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
941 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
943 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
947 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
948 mgmt_user_confirm_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
, 0,
951 hci_dev_unlock(hdev
);
954 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
957 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
959 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
963 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
964 mgmt_user_confirm_neg_reply_complete(hdev
, &rp
->bdaddr
,
965 ACL_LINK
, 0, rp
->status
);
967 hci_dev_unlock(hdev
);
970 static void hci_cc_user_passkey_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
972 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
974 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
978 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
979 mgmt_user_passkey_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
,
982 hci_dev_unlock(hdev
);
985 static void hci_cc_user_passkey_neg_reply(struct hci_dev
*hdev
,
988 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
990 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
994 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
995 mgmt_user_passkey_neg_reply_complete(hdev
, &rp
->bdaddr
,
996 ACL_LINK
, 0, rp
->status
);
998 hci_dev_unlock(hdev
);
1001 static void hci_cc_read_local_oob_data(struct hci_dev
*hdev
,
1002 struct sk_buff
*skb
)
1004 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
1006 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1009 mgmt_read_local_oob_data_complete(hdev
, rp
->hash
, rp
->rand
, NULL
, NULL
,
1011 hci_dev_unlock(hdev
);
1014 static void hci_cc_read_local_oob_ext_data(struct hci_dev
*hdev
,
1015 struct sk_buff
*skb
)
1017 struct hci_rp_read_local_oob_ext_data
*rp
= (void *) skb
->data
;
1019 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1022 mgmt_read_local_oob_data_complete(hdev
, rp
->hash192
, rp
->rand192
,
1023 rp
->hash256
, rp
->rand256
,
1025 hci_dev_unlock(hdev
);
1029 static void hci_cc_le_set_random_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1031 __u8 status
= *((__u8
*) skb
->data
);
1034 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1039 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_RANDOM_ADDR
);
1045 bacpy(&hdev
->random_addr
, sent
);
1047 hci_dev_unlock(hdev
);
1050 static void hci_cc_le_set_adv_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1052 __u8
*sent
, status
= *((__u8
*) skb
->data
);
1054 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1059 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_ENABLE
);
1065 /* If we're doing connection initiation as peripheral. Set a
1066 * timeout in case something goes wrong.
1069 struct hci_conn
*conn
;
1071 set_bit(HCI_LE_ADV
, &hdev
->dev_flags
);
1073 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
1075 queue_delayed_work(hdev
->workqueue
,
1076 &conn
->le_conn_timeout
,
1077 conn
->conn_timeout
);
1079 clear_bit(HCI_LE_ADV
, &hdev
->dev_flags
);
1082 hci_dev_unlock(hdev
);
1085 static void hci_cc_le_set_scan_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1087 struct hci_cp_le_set_scan_param
*cp
;
1088 __u8 status
= *((__u8
*) skb
->data
);
1090 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1095 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_PARAM
);
1101 hdev
->le_scan_type
= cp
->type
;
1103 hci_dev_unlock(hdev
);
1106 static bool has_pending_adv_report(struct hci_dev
*hdev
)
1108 struct discovery_state
*d
= &hdev
->discovery
;
1110 return bacmp(&d
->last_adv_addr
, BDADDR_ANY
);
1113 static void clear_pending_adv_report(struct hci_dev
*hdev
)
1115 struct discovery_state
*d
= &hdev
->discovery
;
1117 bacpy(&d
->last_adv_addr
, BDADDR_ANY
);
1118 d
->last_adv_data_len
= 0;
1121 static void store_pending_adv_report(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1122 u8 bdaddr_type
, s8 rssi
, u32 flags
,
1125 struct discovery_state
*d
= &hdev
->discovery
;
1127 bacpy(&d
->last_adv_addr
, bdaddr
);
1128 d
->last_adv_addr_type
= bdaddr_type
;
1129 d
->last_adv_rssi
= rssi
;
1130 d
->last_adv_flags
= flags
;
1131 memcpy(d
->last_adv_data
, data
, len
);
1132 d
->last_adv_data_len
= len
;
1135 static void hci_cc_le_set_scan_enable(struct hci_dev
*hdev
,
1136 struct sk_buff
*skb
)
1138 struct hci_cp_le_set_scan_enable
*cp
;
1139 __u8 status
= *((__u8
*) skb
->data
);
1141 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1146 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
);
1152 switch (cp
->enable
) {
1153 case LE_SCAN_ENABLE
:
1154 set_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1155 if (hdev
->le_scan_type
== LE_SCAN_ACTIVE
)
1156 clear_pending_adv_report(hdev
);
1159 case LE_SCAN_DISABLE
:
1160 /* We do this here instead of when setting DISCOVERY_STOPPED
1161 * since the latter would potentially require waiting for
1162 * inquiry to stop too.
1164 if (has_pending_adv_report(hdev
)) {
1165 struct discovery_state
*d
= &hdev
->discovery
;
1167 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
1168 d
->last_adv_addr_type
, NULL
,
1169 d
->last_adv_rssi
, d
->last_adv_flags
,
1171 d
->last_adv_data_len
, NULL
, 0);
1174 /* Cancel this timer so that we don't try to disable scanning
1175 * when it's already disabled.
1177 cancel_delayed_work(&hdev
->le_scan_disable
);
1179 clear_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1181 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1182 * interrupted scanning due to a connect request. Mark
1183 * therefore discovery as stopped. If this was not
1184 * because of a connect request advertising might have
1185 * been disabled because of active scanning, so
1186 * re-enable it again if necessary.
1188 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED
,
1190 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1191 else if (!test_bit(HCI_LE_ADV
, &hdev
->dev_flags
) &&
1192 hdev
->discovery
.state
== DISCOVERY_FINDING
)
1193 mgmt_reenable_advertising(hdev
);
1198 BT_ERR("Used reserved LE_Scan_Enable param %d", cp
->enable
);
1202 hci_dev_unlock(hdev
);
1205 static void hci_cc_le_read_white_list_size(struct hci_dev
*hdev
,
1206 struct sk_buff
*skb
)
1208 struct hci_rp_le_read_white_list_size
*rp
= (void *) skb
->data
;
1210 BT_DBG("%s status 0x%2.2x size %u", hdev
->name
, rp
->status
, rp
->size
);
1215 hdev
->le_white_list_size
= rp
->size
;
1218 static void hci_cc_le_clear_white_list(struct hci_dev
*hdev
,
1219 struct sk_buff
*skb
)
1221 __u8 status
= *((__u8
*) skb
->data
);
1223 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1228 hci_bdaddr_list_clear(&hdev
->le_white_list
);
1231 static void hci_cc_le_add_to_white_list(struct hci_dev
*hdev
,
1232 struct sk_buff
*skb
)
1234 struct hci_cp_le_add_to_white_list
*sent
;
1235 __u8 status
= *((__u8
*) skb
->data
);
1237 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1242 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_ADD_TO_WHITE_LIST
);
1246 hci_bdaddr_list_add(&hdev
->le_white_list
, &sent
->bdaddr
,
1250 static void hci_cc_le_del_from_white_list(struct hci_dev
*hdev
,
1251 struct sk_buff
*skb
)
1253 struct hci_cp_le_del_from_white_list
*sent
;
1254 __u8 status
= *((__u8
*) skb
->data
);
1256 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1261 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_DEL_FROM_WHITE_LIST
);
1265 hci_bdaddr_list_del(&hdev
->le_white_list
, &sent
->bdaddr
,
1269 static void hci_cc_le_read_supported_states(struct hci_dev
*hdev
,
1270 struct sk_buff
*skb
)
1272 struct hci_rp_le_read_supported_states
*rp
= (void *) skb
->data
;
1274 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1279 memcpy(hdev
->le_states
, rp
->le_states
, 8);
1282 static void hci_cc_write_le_host_supported(struct hci_dev
*hdev
,
1283 struct sk_buff
*skb
)
1285 struct hci_cp_write_le_host_supported
*sent
;
1286 __u8 status
= *((__u8
*) skb
->data
);
1288 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1293 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
);
1300 hdev
->features
[1][0] |= LMP_HOST_LE
;
1301 set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1303 hdev
->features
[1][0] &= ~LMP_HOST_LE
;
1304 clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1305 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
1309 hdev
->features
[1][0] |= LMP_HOST_LE_BREDR
;
1311 hdev
->features
[1][0] &= ~LMP_HOST_LE_BREDR
;
1313 hci_dev_unlock(hdev
);
1316 static void hci_cc_set_adv_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1318 struct hci_cp_le_set_adv_param
*cp
;
1319 u8 status
= *((u8
*) skb
->data
);
1321 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1326 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_PARAM
);
1331 hdev
->adv_addr_type
= cp
->own_address_type
;
1332 hci_dev_unlock(hdev
);
1335 static void hci_cc_write_remote_amp_assoc(struct hci_dev
*hdev
,
1336 struct sk_buff
*skb
)
1338 struct hci_rp_write_remote_amp_assoc
*rp
= (void *) skb
->data
;
1340 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1341 hdev
->name
, rp
->status
, rp
->phy_handle
);
1346 amp_write_rem_assoc_continue(hdev
, rp
->phy_handle
);
1349 static void hci_cc_read_rssi(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1351 struct hci_rp_read_rssi
*rp
= (void *) skb
->data
;
1352 struct hci_conn
*conn
;
1354 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1361 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1363 conn
->rssi
= rp
->rssi
;
1365 hci_dev_unlock(hdev
);
1368 static void hci_cc_read_tx_power(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1370 struct hci_cp_read_tx_power
*sent
;
1371 struct hci_rp_read_tx_power
*rp
= (void *) skb
->data
;
1372 struct hci_conn
*conn
;
1374 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1379 sent
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
1385 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1389 switch (sent
->type
) {
1391 conn
->tx_power
= rp
->tx_power
;
1394 conn
->max_tx_power
= rp
->tx_power
;
1399 hci_dev_unlock(hdev
);
1402 static void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
1404 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1407 hci_conn_check_pending(hdev
);
1411 set_bit(HCI_INQUIRY
, &hdev
->flags
);
1414 static void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
1416 struct hci_cp_create_conn
*cp
;
1417 struct hci_conn
*conn
;
1419 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1421 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
1427 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1429 BT_DBG("%s bdaddr %pMR hcon %p", hdev
->name
, &cp
->bdaddr
, conn
);
1432 if (conn
&& conn
->state
== BT_CONNECT
) {
1433 if (status
!= 0x0c || conn
->attempt
> 2) {
1434 conn
->state
= BT_CLOSED
;
1435 hci_proto_connect_cfm(conn
, status
);
1438 conn
->state
= BT_CONNECT2
;
1442 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
,
1445 BT_ERR("No memory for new connection");
1449 hci_dev_unlock(hdev
);
1452 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
1454 struct hci_cp_add_sco
*cp
;
1455 struct hci_conn
*acl
, *sco
;
1458 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1463 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
1467 handle
= __le16_to_cpu(cp
->handle
);
1469 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1473 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1477 sco
->state
= BT_CLOSED
;
1479 hci_proto_connect_cfm(sco
, status
);
1484 hci_dev_unlock(hdev
);
1487 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
1489 struct hci_cp_auth_requested
*cp
;
1490 struct hci_conn
*conn
;
1492 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1497 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
1503 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1505 if (conn
->state
== BT_CONFIG
) {
1506 hci_proto_connect_cfm(conn
, status
);
1507 hci_conn_drop(conn
);
1511 hci_dev_unlock(hdev
);
1514 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
1516 struct hci_cp_set_conn_encrypt
*cp
;
1517 struct hci_conn
*conn
;
1519 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1524 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
1530 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1532 if (conn
->state
== BT_CONFIG
) {
1533 hci_proto_connect_cfm(conn
, status
);
1534 hci_conn_drop(conn
);
1538 hci_dev_unlock(hdev
);
1541 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
1542 struct hci_conn
*conn
)
1544 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
1547 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
1550 /* Only request authentication for SSP connections or non-SSP
1551 * devices with sec_level MEDIUM or HIGH or if MITM protection
1554 if (!hci_conn_ssp_enabled(conn
) && !(conn
->auth_type
& 0x01) &&
1555 conn
->pending_sec_level
!= BT_SECURITY_FIPS
&&
1556 conn
->pending_sec_level
!= BT_SECURITY_HIGH
&&
1557 conn
->pending_sec_level
!= BT_SECURITY_MEDIUM
)
1563 static int hci_resolve_name(struct hci_dev
*hdev
,
1564 struct inquiry_entry
*e
)
1566 struct hci_cp_remote_name_req cp
;
1568 memset(&cp
, 0, sizeof(cp
));
1570 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1571 cp
.pscan_rep_mode
= e
->data
.pscan_rep_mode
;
1572 cp
.pscan_mode
= e
->data
.pscan_mode
;
1573 cp
.clock_offset
= e
->data
.clock_offset
;
1575 return hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1578 static bool hci_resolve_next_name(struct hci_dev
*hdev
)
1580 struct discovery_state
*discov
= &hdev
->discovery
;
1581 struct inquiry_entry
*e
;
1583 if (list_empty(&discov
->resolve
))
1586 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1590 if (hci_resolve_name(hdev
, e
) == 0) {
1591 e
->name_state
= NAME_PENDING
;
1598 static void hci_check_pending_name(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1599 bdaddr_t
*bdaddr
, u8
*name
, u8 name_len
)
1601 struct discovery_state
*discov
= &hdev
->discovery
;
1602 struct inquiry_entry
*e
;
1604 /* Update the mgmt connected state if necessary. Be careful with
1605 * conn objects that exist but are not (yet) connected however.
1606 * Only those in BT_CONFIG or BT_CONNECTED states can be
1607 * considered connected.
1610 (conn
->state
== BT_CONFIG
|| conn
->state
== BT_CONNECTED
) &&
1611 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
1612 mgmt_device_connected(hdev
, conn
, 0, name
, name_len
);
1614 if (discov
->state
== DISCOVERY_STOPPED
)
1617 if (discov
->state
== DISCOVERY_STOPPING
)
1618 goto discov_complete
;
1620 if (discov
->state
!= DISCOVERY_RESOLVING
)
1623 e
= hci_inquiry_cache_lookup_resolve(hdev
, bdaddr
, NAME_PENDING
);
1624 /* If the device was not found in a list of found devices names of which
1625 * are pending. there is no need to continue resolving a next name as it
1626 * will be done upon receiving another Remote Name Request Complete
1633 e
->name_state
= NAME_KNOWN
;
1634 mgmt_remote_name(hdev
, bdaddr
, ACL_LINK
, 0x00,
1635 e
->data
.rssi
, name
, name_len
);
1637 e
->name_state
= NAME_NOT_KNOWN
;
1640 if (hci_resolve_next_name(hdev
))
1644 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1647 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1649 struct hci_cp_remote_name_req
*cp
;
1650 struct hci_conn
*conn
;
1652 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1654 /* If successful wait for the name req complete event before
1655 * checking for the need to do authentication */
1659 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1665 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1667 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1668 hci_check_pending_name(hdev
, conn
, &cp
->bdaddr
, NULL
, 0);
1673 if (!hci_outgoing_auth_needed(hdev
, conn
))
1676 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
1677 struct hci_cp_auth_requested auth_cp
;
1679 set_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
);
1681 auth_cp
.handle
= __cpu_to_le16(conn
->handle
);
1682 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
,
1683 sizeof(auth_cp
), &auth_cp
);
1687 hci_dev_unlock(hdev
);
1690 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1692 struct hci_cp_read_remote_features
*cp
;
1693 struct hci_conn
*conn
;
1695 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1700 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1706 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1708 if (conn
->state
== BT_CONFIG
) {
1709 hci_proto_connect_cfm(conn
, status
);
1710 hci_conn_drop(conn
);
1714 hci_dev_unlock(hdev
);
1717 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1719 struct hci_cp_read_remote_ext_features
*cp
;
1720 struct hci_conn
*conn
;
1722 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1727 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1733 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1735 if (conn
->state
== BT_CONFIG
) {
1736 hci_proto_connect_cfm(conn
, status
);
1737 hci_conn_drop(conn
);
1741 hci_dev_unlock(hdev
);
1744 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1746 struct hci_cp_setup_sync_conn
*cp
;
1747 struct hci_conn
*acl
, *sco
;
1750 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1755 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1759 handle
= __le16_to_cpu(cp
->handle
);
1761 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1765 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1769 sco
->state
= BT_CLOSED
;
1771 hci_proto_connect_cfm(sco
, status
);
1776 hci_dev_unlock(hdev
);
1779 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1781 struct hci_cp_sniff_mode
*cp
;
1782 struct hci_conn
*conn
;
1784 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1789 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1795 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1797 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1799 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1800 hci_sco_setup(conn
, status
);
1803 hci_dev_unlock(hdev
);
1806 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1808 struct hci_cp_exit_sniff_mode
*cp
;
1809 struct hci_conn
*conn
;
1811 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1816 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1822 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1824 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1826 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1827 hci_sco_setup(conn
, status
);
1830 hci_dev_unlock(hdev
);
1833 static void hci_cs_disconnect(struct hci_dev
*hdev
, u8 status
)
1835 struct hci_cp_disconnect
*cp
;
1836 struct hci_conn
*conn
;
1841 cp
= hci_sent_cmd_data(hdev
, HCI_OP_DISCONNECT
);
1847 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1849 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
1850 conn
->dst_type
, status
);
1852 hci_dev_unlock(hdev
);
1855 static void hci_cs_create_phylink(struct hci_dev
*hdev
, u8 status
)
1857 struct hci_cp_create_phy_link
*cp
;
1859 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1861 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_PHY_LINK
);
1868 struct hci_conn
*hcon
;
1870 hcon
= hci_conn_hash_lookup_handle(hdev
, cp
->phy_handle
);
1874 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1877 hci_dev_unlock(hdev
);
1880 static void hci_cs_accept_phylink(struct hci_dev
*hdev
, u8 status
)
1882 struct hci_cp_accept_phy_link
*cp
;
1884 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1889 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ACCEPT_PHY_LINK
);
1893 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1896 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, u8 status
)
1898 struct hci_cp_le_create_conn
*cp
;
1899 struct hci_conn
*conn
;
1901 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1903 /* All connection failure handling is taken care of by the
1904 * hci_le_conn_failed function which is triggered by the HCI
1905 * request completion callbacks used for connecting.
1910 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1916 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1920 /* Store the initiator and responder address information which
1921 * is needed for SMP. These values will not change during the
1922 * lifetime of the connection.
1924 conn
->init_addr_type
= cp
->own_address_type
;
1925 if (cp
->own_address_type
== ADDR_LE_DEV_RANDOM
)
1926 bacpy(&conn
->init_addr
, &hdev
->random_addr
);
1928 bacpy(&conn
->init_addr
, &hdev
->bdaddr
);
1930 conn
->resp_addr_type
= cp
->peer_addr_type
;
1931 bacpy(&conn
->resp_addr
, &cp
->peer_addr
);
1933 /* We don't want the connection attempt to stick around
1934 * indefinitely since LE doesn't have a page timeout concept
1935 * like BR/EDR. Set a timer for any connection that doesn't use
1936 * the white list for connecting.
1938 if (cp
->filter_policy
== HCI_LE_USE_PEER_ADDR
)
1939 queue_delayed_work(conn
->hdev
->workqueue
,
1940 &conn
->le_conn_timeout
,
1941 conn
->conn_timeout
);
1944 hci_dev_unlock(hdev
);
1947 static void hci_cs_le_start_enc(struct hci_dev
*hdev
, u8 status
)
1949 struct hci_cp_le_start_enc
*cp
;
1950 struct hci_conn
*conn
;
1952 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1959 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_START_ENC
);
1963 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1967 if (conn
->state
!= BT_CONNECTED
)
1970 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
1971 hci_conn_drop(conn
);
1974 hci_dev_unlock(hdev
);
1977 static void hci_cs_switch_role(struct hci_dev
*hdev
, u8 status
)
1979 struct hci_cp_switch_role
*cp
;
1980 struct hci_conn
*conn
;
1982 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1987 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SWITCH_ROLE
);
1993 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1995 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
1997 hci_dev_unlock(hdev
);
2000 static void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2002 __u8 status
= *((__u8
*) skb
->data
);
2003 struct discovery_state
*discov
= &hdev
->discovery
;
2004 struct inquiry_entry
*e
;
2006 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2008 hci_conn_check_pending(hdev
);
2010 if (!test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
2013 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2014 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
2016 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2021 if (discov
->state
!= DISCOVERY_FINDING
)
2024 if (list_empty(&discov
->resolve
)) {
2025 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2029 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
2030 if (e
&& hci_resolve_name(hdev
, e
) == 0) {
2031 e
->name_state
= NAME_PENDING
;
2032 hci_discovery_set_state(hdev
, DISCOVERY_RESOLVING
);
2034 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2038 hci_dev_unlock(hdev
);
2041 static void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2043 struct inquiry_data data
;
2044 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
2045 int num_rsp
= *((__u8
*) skb
->data
);
2047 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2052 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
2057 for (; num_rsp
; num_rsp
--, info
++) {
2060 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2061 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2062 data
.pscan_period_mode
= info
->pscan_period_mode
;
2063 data
.pscan_mode
= info
->pscan_mode
;
2064 memcpy(data
.dev_class
, info
->dev_class
, 3);
2065 data
.clock_offset
= info
->clock_offset
;
2066 data
.rssi
= HCI_RSSI_INVALID
;
2067 data
.ssp_mode
= 0x00;
2069 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
2071 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2072 info
->dev_class
, HCI_RSSI_INVALID
,
2073 flags
, NULL
, 0, NULL
, 0);
2076 hci_dev_unlock(hdev
);
2079 static void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2081 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
2082 struct hci_conn
*conn
;
2084 BT_DBG("%s", hdev
->name
);
2088 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2090 if (ev
->link_type
!= SCO_LINK
)
2093 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2097 conn
->type
= SCO_LINK
;
2101 conn
->handle
= __le16_to_cpu(ev
->handle
);
2103 if (conn
->type
== ACL_LINK
) {
2104 conn
->state
= BT_CONFIG
;
2105 hci_conn_hold(conn
);
2107 if (!conn
->out
&& !hci_conn_ssp_enabled(conn
) &&
2108 !hci_find_link_key(hdev
, &ev
->bdaddr
))
2109 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2111 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2113 conn
->state
= BT_CONNECTED
;
2115 hci_conn_add_sysfs(conn
);
2117 if (test_bit(HCI_AUTH
, &hdev
->flags
))
2118 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2120 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
2121 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2123 /* Get remote features */
2124 if (conn
->type
== ACL_LINK
) {
2125 struct hci_cp_read_remote_features cp
;
2126 cp
.handle
= ev
->handle
;
2127 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
2130 hci_update_page_scan(hdev
, NULL
);
2133 /* Set packet type for incoming connection */
2134 if (!conn
->out
&& hdev
->hci_ver
< BLUETOOTH_VER_2_0
) {
2135 struct hci_cp_change_conn_ptype cp
;
2136 cp
.handle
= ev
->handle
;
2137 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2138 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
, sizeof(cp
),
2142 conn
->state
= BT_CLOSED
;
2143 if (conn
->type
== ACL_LINK
)
2144 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
,
2145 conn
->dst_type
, ev
->status
);
2148 if (conn
->type
== ACL_LINK
)
2149 hci_sco_setup(conn
, ev
->status
);
2152 hci_proto_connect_cfm(conn
, ev
->status
);
2154 } else if (ev
->link_type
!= ACL_LINK
)
2155 hci_proto_connect_cfm(conn
, ev
->status
);
2158 hci_dev_unlock(hdev
);
2160 hci_conn_check_pending(hdev
);
2163 static void hci_reject_conn(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
2165 struct hci_cp_reject_conn_req cp
;
2167 bacpy(&cp
.bdaddr
, bdaddr
);
2168 cp
.reason
= HCI_ERROR_REJ_BAD_ADDR
;
2169 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
2172 static void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2174 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
2175 int mask
= hdev
->link_mode
;
2176 struct inquiry_entry
*ie
;
2177 struct hci_conn
*conn
;
2180 BT_DBG("%s bdaddr %pMR type 0x%x", hdev
->name
, &ev
->bdaddr
,
2183 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
,
2186 if (!(mask
& HCI_LM_ACCEPT
)) {
2187 hci_reject_conn(hdev
, &ev
->bdaddr
);
2191 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, &ev
->bdaddr
,
2193 hci_reject_conn(hdev
, &ev
->bdaddr
);
2197 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
) &&
2198 !hci_bdaddr_list_lookup(&hdev
->whitelist
, &ev
->bdaddr
,
2200 hci_reject_conn(hdev
, &ev
->bdaddr
);
2204 /* Connection accepted */
2208 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2210 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
2212 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
,
2215 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
,
2218 BT_ERR("No memory for new connection");
2219 hci_dev_unlock(hdev
);
2224 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
2226 hci_dev_unlock(hdev
);
2228 if (ev
->link_type
== ACL_LINK
||
2229 (!(flags
& HCI_PROTO_DEFER
) && !lmp_esco_capable(hdev
))) {
2230 struct hci_cp_accept_conn_req cp
;
2231 conn
->state
= BT_CONNECT
;
2233 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2235 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
2236 cp
.role
= 0x00; /* Become master */
2238 cp
.role
= 0x01; /* Remain slave */
2240 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
, sizeof(cp
), &cp
);
2241 } else if (!(flags
& HCI_PROTO_DEFER
)) {
2242 struct hci_cp_accept_sync_conn_req cp
;
2243 conn
->state
= BT_CONNECT
;
2245 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2246 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2248 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
2249 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
2250 cp
.max_latency
= cpu_to_le16(0xffff);
2251 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
2252 cp
.retrans_effort
= 0xff;
2254 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
, sizeof(cp
),
2257 conn
->state
= BT_CONNECT2
;
2258 hci_proto_connect_cfm(conn
, 0);
2262 static u8
hci_to_mgmt_reason(u8 err
)
2265 case HCI_ERROR_CONNECTION_TIMEOUT
:
2266 return MGMT_DEV_DISCONN_TIMEOUT
;
2267 case HCI_ERROR_REMOTE_USER_TERM
:
2268 case HCI_ERROR_REMOTE_LOW_RESOURCES
:
2269 case HCI_ERROR_REMOTE_POWER_OFF
:
2270 return MGMT_DEV_DISCONN_REMOTE
;
2271 case HCI_ERROR_LOCAL_HOST_TERM
:
2272 return MGMT_DEV_DISCONN_LOCAL_HOST
;
2274 return MGMT_DEV_DISCONN_UNKNOWN
;
2278 static void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2280 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
2281 u8 reason
= hci_to_mgmt_reason(ev
->reason
);
2282 struct hci_conn_params
*params
;
2283 struct hci_conn
*conn
;
2284 bool mgmt_connected
;
2287 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2291 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2296 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
2297 conn
->dst_type
, ev
->status
);
2301 conn
->state
= BT_CLOSED
;
2303 mgmt_connected
= test_and_clear_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
);
2304 mgmt_device_disconnected(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
2305 reason
, mgmt_connected
);
2307 if (conn
->type
== ACL_LINK
) {
2308 if (test_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
))
2309 hci_remove_link_key(hdev
, &conn
->dst
);
2311 hci_update_page_scan(hdev
, NULL
);
2314 params
= hci_conn_params_lookup(hdev
, &conn
->dst
, conn
->dst_type
);
2316 switch (params
->auto_connect
) {
2317 case HCI_AUTO_CONN_LINK_LOSS
:
2318 if (ev
->reason
!= HCI_ERROR_CONNECTION_TIMEOUT
)
2322 case HCI_AUTO_CONN_DIRECT
:
2323 case HCI_AUTO_CONN_ALWAYS
:
2324 list_del_init(¶ms
->action
);
2325 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
2326 hci_update_background_scan(hdev
);
2336 hci_proto_disconn_cfm(conn
, ev
->reason
);
2339 /* Re-enable advertising if necessary, since it might
2340 * have been disabled by the connection. From the
2341 * HCI_LE_Set_Advertise_Enable command description in
2342 * the core specification (v4.0):
2343 * "The Controller shall continue advertising until the Host
2344 * issues an LE_Set_Advertise_Enable command with
2345 * Advertising_Enable set to 0x00 (Advertising is disabled)
2346 * or until a connection is created or until the Advertising
2347 * is timed out due to Directed Advertising."
2349 if (type
== LE_LINK
)
2350 mgmt_reenable_advertising(hdev
);
2353 hci_dev_unlock(hdev
);
2356 static void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2358 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
2359 struct hci_conn
*conn
;
2361 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2365 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2370 if (!hci_conn_ssp_enabled(conn
) &&
2371 test_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
)) {
2372 BT_INFO("re-auth of legacy device is not possible.");
2374 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2375 conn
->sec_level
= conn
->pending_sec_level
;
2378 mgmt_auth_failed(conn
, ev
->status
);
2381 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2382 clear_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
2384 if (conn
->state
== BT_CONFIG
) {
2385 if (!ev
->status
&& hci_conn_ssp_enabled(conn
)) {
2386 struct hci_cp_set_conn_encrypt cp
;
2387 cp
.handle
= ev
->handle
;
2389 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2392 conn
->state
= BT_CONNECTED
;
2393 hci_proto_connect_cfm(conn
, ev
->status
);
2394 hci_conn_drop(conn
);
2397 hci_auth_cfm(conn
, ev
->status
);
2399 hci_conn_hold(conn
);
2400 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2401 hci_conn_drop(conn
);
2404 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
2406 struct hci_cp_set_conn_encrypt cp
;
2407 cp
.handle
= ev
->handle
;
2409 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2412 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2413 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
2418 hci_dev_unlock(hdev
);
2421 static void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2423 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
2424 struct hci_conn
*conn
;
2426 BT_DBG("%s", hdev
->name
);
2428 hci_conn_check_pending(hdev
);
2432 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2434 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2437 if (ev
->status
== 0)
2438 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, ev
->name
,
2439 strnlen(ev
->name
, HCI_MAX_NAME_LENGTH
));
2441 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, NULL
, 0);
2447 if (!hci_outgoing_auth_needed(hdev
, conn
))
2450 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
2451 struct hci_cp_auth_requested cp
;
2453 set_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
);
2455 cp
.handle
= __cpu_to_le16(conn
->handle
);
2456 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
2460 hci_dev_unlock(hdev
);
2463 static void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2465 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
2466 struct hci_conn
*conn
;
2468 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2472 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2478 /* Encryption implies authentication */
2479 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2480 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2481 conn
->sec_level
= conn
->pending_sec_level
;
2483 /* P-256 authentication key implies FIPS */
2484 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION_P256
)
2485 set_bit(HCI_CONN_FIPS
, &conn
->flags
);
2487 if ((conn
->type
== ACL_LINK
&& ev
->encrypt
== 0x02) ||
2488 conn
->type
== LE_LINK
)
2489 set_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2491 clear_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2492 clear_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2496 /* We should disregard the current RPA and generate a new one
2497 * whenever the encryption procedure fails.
2499 if (ev
->status
&& conn
->type
== LE_LINK
)
2500 set_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
2502 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2504 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
2505 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
2506 hci_conn_drop(conn
);
2510 if (conn
->state
== BT_CONFIG
) {
2512 conn
->state
= BT_CONNECTED
;
2514 /* In Secure Connections Only mode, do not allow any
2515 * connections that are not encrypted with AES-CCM
2516 * using a P-256 authenticated combination key.
2518 if (test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
) &&
2519 (!test_bit(HCI_CONN_AES_CCM
, &conn
->flags
) ||
2520 conn
->key_type
!= HCI_LK_AUTH_COMBINATION_P256
)) {
2521 hci_proto_connect_cfm(conn
, HCI_ERROR_AUTH_FAILURE
);
2522 hci_conn_drop(conn
);
2526 hci_proto_connect_cfm(conn
, ev
->status
);
2527 hci_conn_drop(conn
);
2529 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
2532 hci_dev_unlock(hdev
);
2535 static void hci_change_link_key_complete_evt(struct hci_dev
*hdev
,
2536 struct sk_buff
*skb
)
2538 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
2539 struct hci_conn
*conn
;
2541 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2545 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2548 set_bit(HCI_CONN_SECURE
, &conn
->flags
);
2550 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2552 hci_key_change_cfm(conn
, ev
->status
);
2555 hci_dev_unlock(hdev
);
2558 static void hci_remote_features_evt(struct hci_dev
*hdev
,
2559 struct sk_buff
*skb
)
2561 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
2562 struct hci_conn
*conn
;
2564 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2568 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2573 memcpy(conn
->features
[0], ev
->features
, 8);
2575 if (conn
->state
!= BT_CONFIG
)
2578 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
2579 struct hci_cp_read_remote_ext_features cp
;
2580 cp
.handle
= ev
->handle
;
2582 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
2587 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
2588 struct hci_cp_remote_name_req cp
;
2589 memset(&cp
, 0, sizeof(cp
));
2590 bacpy(&cp
.bdaddr
, &conn
->dst
);
2591 cp
.pscan_rep_mode
= 0x02;
2592 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2593 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
2594 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
2596 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2597 conn
->state
= BT_CONNECTED
;
2598 hci_proto_connect_cfm(conn
, ev
->status
);
2599 hci_conn_drop(conn
);
2603 hci_dev_unlock(hdev
);
2606 static void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2608 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
2609 u8 status
= skb
->data
[sizeof(*ev
)];
2612 skb_pull(skb
, sizeof(*ev
));
2614 opcode
= __le16_to_cpu(ev
->opcode
);
2617 case HCI_OP_INQUIRY_CANCEL
:
2618 hci_cc_inquiry_cancel(hdev
, skb
);
2621 case HCI_OP_PERIODIC_INQ
:
2622 hci_cc_periodic_inq(hdev
, skb
);
2625 case HCI_OP_EXIT_PERIODIC_INQ
:
2626 hci_cc_exit_periodic_inq(hdev
, skb
);
2629 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
2630 hci_cc_remote_name_req_cancel(hdev
, skb
);
2633 case HCI_OP_ROLE_DISCOVERY
:
2634 hci_cc_role_discovery(hdev
, skb
);
2637 case HCI_OP_READ_LINK_POLICY
:
2638 hci_cc_read_link_policy(hdev
, skb
);
2641 case HCI_OP_WRITE_LINK_POLICY
:
2642 hci_cc_write_link_policy(hdev
, skb
);
2645 case HCI_OP_READ_DEF_LINK_POLICY
:
2646 hci_cc_read_def_link_policy(hdev
, skb
);
2649 case HCI_OP_WRITE_DEF_LINK_POLICY
:
2650 hci_cc_write_def_link_policy(hdev
, skb
);
2654 hci_cc_reset(hdev
, skb
);
2657 case HCI_OP_WRITE_LOCAL_NAME
:
2658 hci_cc_write_local_name(hdev
, skb
);
2661 case HCI_OP_READ_LOCAL_NAME
:
2662 hci_cc_read_local_name(hdev
, skb
);
2665 case HCI_OP_WRITE_AUTH_ENABLE
:
2666 hci_cc_write_auth_enable(hdev
, skb
);
2669 case HCI_OP_WRITE_ENCRYPT_MODE
:
2670 hci_cc_write_encrypt_mode(hdev
, skb
);
2673 case HCI_OP_WRITE_SCAN_ENABLE
:
2674 hci_cc_write_scan_enable(hdev
, skb
);
2677 case HCI_OP_READ_CLASS_OF_DEV
:
2678 hci_cc_read_class_of_dev(hdev
, skb
);
2681 case HCI_OP_WRITE_CLASS_OF_DEV
:
2682 hci_cc_write_class_of_dev(hdev
, skb
);
2685 case HCI_OP_READ_VOICE_SETTING
:
2686 hci_cc_read_voice_setting(hdev
, skb
);
2689 case HCI_OP_WRITE_VOICE_SETTING
:
2690 hci_cc_write_voice_setting(hdev
, skb
);
2693 case HCI_OP_READ_NUM_SUPPORTED_IAC
:
2694 hci_cc_read_num_supported_iac(hdev
, skb
);
2697 case HCI_OP_WRITE_SSP_MODE
:
2698 hci_cc_write_ssp_mode(hdev
, skb
);
2701 case HCI_OP_WRITE_SC_SUPPORT
:
2702 hci_cc_write_sc_support(hdev
, skb
);
2705 case HCI_OP_READ_LOCAL_VERSION
:
2706 hci_cc_read_local_version(hdev
, skb
);
2709 case HCI_OP_READ_LOCAL_COMMANDS
:
2710 hci_cc_read_local_commands(hdev
, skb
);
2713 case HCI_OP_READ_LOCAL_FEATURES
:
2714 hci_cc_read_local_features(hdev
, skb
);
2717 case HCI_OP_READ_LOCAL_EXT_FEATURES
:
2718 hci_cc_read_local_ext_features(hdev
, skb
);
2721 case HCI_OP_READ_BUFFER_SIZE
:
2722 hci_cc_read_buffer_size(hdev
, skb
);
2725 case HCI_OP_READ_BD_ADDR
:
2726 hci_cc_read_bd_addr(hdev
, skb
);
2729 case HCI_OP_READ_PAGE_SCAN_ACTIVITY
:
2730 hci_cc_read_page_scan_activity(hdev
, skb
);
2733 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
:
2734 hci_cc_write_page_scan_activity(hdev
, skb
);
2737 case HCI_OP_READ_PAGE_SCAN_TYPE
:
2738 hci_cc_read_page_scan_type(hdev
, skb
);
2741 case HCI_OP_WRITE_PAGE_SCAN_TYPE
:
2742 hci_cc_write_page_scan_type(hdev
, skb
);
2745 case HCI_OP_READ_DATA_BLOCK_SIZE
:
2746 hci_cc_read_data_block_size(hdev
, skb
);
2749 case HCI_OP_READ_FLOW_CONTROL_MODE
:
2750 hci_cc_read_flow_control_mode(hdev
, skb
);
2753 case HCI_OP_READ_LOCAL_AMP_INFO
:
2754 hci_cc_read_local_amp_info(hdev
, skb
);
2757 case HCI_OP_READ_CLOCK
:
2758 hci_cc_read_clock(hdev
, skb
);
2761 case HCI_OP_READ_LOCAL_AMP_ASSOC
:
2762 hci_cc_read_local_amp_assoc(hdev
, skb
);
2765 case HCI_OP_READ_INQ_RSP_TX_POWER
:
2766 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
2769 case HCI_OP_PIN_CODE_REPLY
:
2770 hci_cc_pin_code_reply(hdev
, skb
);
2773 case HCI_OP_PIN_CODE_NEG_REPLY
:
2774 hci_cc_pin_code_neg_reply(hdev
, skb
);
2777 case HCI_OP_READ_LOCAL_OOB_DATA
:
2778 hci_cc_read_local_oob_data(hdev
, skb
);
2781 case HCI_OP_READ_LOCAL_OOB_EXT_DATA
:
2782 hci_cc_read_local_oob_ext_data(hdev
, skb
);
2785 case HCI_OP_LE_READ_BUFFER_SIZE
:
2786 hci_cc_le_read_buffer_size(hdev
, skb
);
2789 case HCI_OP_LE_READ_LOCAL_FEATURES
:
2790 hci_cc_le_read_local_features(hdev
, skb
);
2793 case HCI_OP_LE_READ_ADV_TX_POWER
:
2794 hci_cc_le_read_adv_tx_power(hdev
, skb
);
2797 case HCI_OP_USER_CONFIRM_REPLY
:
2798 hci_cc_user_confirm_reply(hdev
, skb
);
2801 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
2802 hci_cc_user_confirm_neg_reply(hdev
, skb
);
2805 case HCI_OP_USER_PASSKEY_REPLY
:
2806 hci_cc_user_passkey_reply(hdev
, skb
);
2809 case HCI_OP_USER_PASSKEY_NEG_REPLY
:
2810 hci_cc_user_passkey_neg_reply(hdev
, skb
);
2813 case HCI_OP_LE_SET_RANDOM_ADDR
:
2814 hci_cc_le_set_random_addr(hdev
, skb
);
2817 case HCI_OP_LE_SET_ADV_ENABLE
:
2818 hci_cc_le_set_adv_enable(hdev
, skb
);
2821 case HCI_OP_LE_SET_SCAN_PARAM
:
2822 hci_cc_le_set_scan_param(hdev
, skb
);
2825 case HCI_OP_LE_SET_SCAN_ENABLE
:
2826 hci_cc_le_set_scan_enable(hdev
, skb
);
2829 case HCI_OP_LE_READ_WHITE_LIST_SIZE
:
2830 hci_cc_le_read_white_list_size(hdev
, skb
);
2833 case HCI_OP_LE_CLEAR_WHITE_LIST
:
2834 hci_cc_le_clear_white_list(hdev
, skb
);
2837 case HCI_OP_LE_ADD_TO_WHITE_LIST
:
2838 hci_cc_le_add_to_white_list(hdev
, skb
);
2841 case HCI_OP_LE_DEL_FROM_WHITE_LIST
:
2842 hci_cc_le_del_from_white_list(hdev
, skb
);
2845 case HCI_OP_LE_READ_SUPPORTED_STATES
:
2846 hci_cc_le_read_supported_states(hdev
, skb
);
2849 case HCI_OP_WRITE_LE_HOST_SUPPORTED
:
2850 hci_cc_write_le_host_supported(hdev
, skb
);
2853 case HCI_OP_LE_SET_ADV_PARAM
:
2854 hci_cc_set_adv_param(hdev
, skb
);
2857 case HCI_OP_WRITE_REMOTE_AMP_ASSOC
:
2858 hci_cc_write_remote_amp_assoc(hdev
, skb
);
2861 case HCI_OP_READ_RSSI
:
2862 hci_cc_read_rssi(hdev
, skb
);
2865 case HCI_OP_READ_TX_POWER
:
2866 hci_cc_read_tx_power(hdev
, skb
);
2870 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2874 if (opcode
!= HCI_OP_NOP
)
2875 cancel_delayed_work(&hdev
->cmd_timer
);
2877 hci_req_cmd_complete(hdev
, opcode
, status
);
2879 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2880 atomic_set(&hdev
->cmd_cnt
, 1);
2881 if (!skb_queue_empty(&hdev
->cmd_q
))
2882 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2886 static void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2888 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
2891 skb_pull(skb
, sizeof(*ev
));
2893 opcode
= __le16_to_cpu(ev
->opcode
);
2896 case HCI_OP_INQUIRY
:
2897 hci_cs_inquiry(hdev
, ev
->status
);
2900 case HCI_OP_CREATE_CONN
:
2901 hci_cs_create_conn(hdev
, ev
->status
);
2904 case HCI_OP_DISCONNECT
:
2905 hci_cs_disconnect(hdev
, ev
->status
);
2908 case HCI_OP_ADD_SCO
:
2909 hci_cs_add_sco(hdev
, ev
->status
);
2912 case HCI_OP_AUTH_REQUESTED
:
2913 hci_cs_auth_requested(hdev
, ev
->status
);
2916 case HCI_OP_SET_CONN_ENCRYPT
:
2917 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
2920 case HCI_OP_REMOTE_NAME_REQ
:
2921 hci_cs_remote_name_req(hdev
, ev
->status
);
2924 case HCI_OP_READ_REMOTE_FEATURES
:
2925 hci_cs_read_remote_features(hdev
, ev
->status
);
2928 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
2929 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
2932 case HCI_OP_SETUP_SYNC_CONN
:
2933 hci_cs_setup_sync_conn(hdev
, ev
->status
);
2936 case HCI_OP_CREATE_PHY_LINK
:
2937 hci_cs_create_phylink(hdev
, ev
->status
);
2940 case HCI_OP_ACCEPT_PHY_LINK
:
2941 hci_cs_accept_phylink(hdev
, ev
->status
);
2944 case HCI_OP_SNIFF_MODE
:
2945 hci_cs_sniff_mode(hdev
, ev
->status
);
2948 case HCI_OP_EXIT_SNIFF_MODE
:
2949 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
2952 case HCI_OP_SWITCH_ROLE
:
2953 hci_cs_switch_role(hdev
, ev
->status
);
2956 case HCI_OP_LE_CREATE_CONN
:
2957 hci_cs_le_create_conn(hdev
, ev
->status
);
2960 case HCI_OP_LE_START_ENC
:
2961 hci_cs_le_start_enc(hdev
, ev
->status
);
2965 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2969 if (opcode
!= HCI_OP_NOP
)
2970 cancel_delayed_work(&hdev
->cmd_timer
);
2973 (hdev
->sent_cmd
&& !bt_cb(hdev
->sent_cmd
)->req
.event
))
2974 hci_req_cmd_complete(hdev
, opcode
, ev
->status
);
2976 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2977 atomic_set(&hdev
->cmd_cnt
, 1);
2978 if (!skb_queue_empty(&hdev
->cmd_q
))
2979 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2983 static void hci_hardware_error_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2985 struct hci_ev_hardware_error
*ev
= (void *) skb
->data
;
2987 BT_ERR("%s hardware error 0x%2.2x", hdev
->name
, ev
->code
);
2990 static void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2992 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
2993 struct hci_conn
*conn
;
2995 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2999 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3002 conn
->role
= ev
->role
;
3004 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
3006 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
3009 hci_dev_unlock(hdev
);
3012 static void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3014 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
3017 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_PACKET_BASED
) {
3018 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
3022 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
3023 ev
->num_hndl
* sizeof(struct hci_comp_pkts_info
)) {
3024 BT_DBG("%s bad parameters", hdev
->name
);
3028 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
3030 for (i
= 0; i
< ev
->num_hndl
; i
++) {
3031 struct hci_comp_pkts_info
*info
= &ev
->handles
[i
];
3032 struct hci_conn
*conn
;
3033 __u16 handle
, count
;
3035 handle
= __le16_to_cpu(info
->handle
);
3036 count
= __le16_to_cpu(info
->count
);
3038 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
3042 conn
->sent
-= count
;
3044 switch (conn
->type
) {
3046 hdev
->acl_cnt
+= count
;
3047 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
3048 hdev
->acl_cnt
= hdev
->acl_pkts
;
3052 if (hdev
->le_pkts
) {
3053 hdev
->le_cnt
+= count
;
3054 if (hdev
->le_cnt
> hdev
->le_pkts
)
3055 hdev
->le_cnt
= hdev
->le_pkts
;
3057 hdev
->acl_cnt
+= count
;
3058 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
3059 hdev
->acl_cnt
= hdev
->acl_pkts
;
3064 hdev
->sco_cnt
+= count
;
3065 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
3066 hdev
->sco_cnt
= hdev
->sco_pkts
;
3070 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
3075 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
3078 static struct hci_conn
*__hci_conn_lookup_handle(struct hci_dev
*hdev
,
3081 struct hci_chan
*chan
;
3083 switch (hdev
->dev_type
) {
3085 return hci_conn_hash_lookup_handle(hdev
, handle
);
3087 chan
= hci_chan_lookup_handle(hdev
, handle
);
3092 BT_ERR("%s unknown dev_type %d", hdev
->name
, hdev
->dev_type
);
3099 static void hci_num_comp_blocks_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3101 struct hci_ev_num_comp_blocks
*ev
= (void *) skb
->data
;
3104 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_BLOCK_BASED
) {
3105 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
3109 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
3110 ev
->num_hndl
* sizeof(struct hci_comp_blocks_info
)) {
3111 BT_DBG("%s bad parameters", hdev
->name
);
3115 BT_DBG("%s num_blocks %d num_hndl %d", hdev
->name
, ev
->num_blocks
,
3118 for (i
= 0; i
< ev
->num_hndl
; i
++) {
3119 struct hci_comp_blocks_info
*info
= &ev
->handles
[i
];
3120 struct hci_conn
*conn
= NULL
;
3121 __u16 handle
, block_count
;
3123 handle
= __le16_to_cpu(info
->handle
);
3124 block_count
= __le16_to_cpu(info
->blocks
);
3126 conn
= __hci_conn_lookup_handle(hdev
, handle
);
3130 conn
->sent
-= block_count
;
3132 switch (conn
->type
) {
3135 hdev
->block_cnt
+= block_count
;
3136 if (hdev
->block_cnt
> hdev
->num_blocks
)
3137 hdev
->block_cnt
= hdev
->num_blocks
;
3141 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
3146 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
3149 static void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3151 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
3152 struct hci_conn
*conn
;
3154 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3158 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3160 conn
->mode
= ev
->mode
;
3162 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
,
3164 if (conn
->mode
== HCI_CM_ACTIVE
)
3165 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3167 clear_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3170 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
3171 hci_sco_setup(conn
, ev
->status
);
3174 hci_dev_unlock(hdev
);
3177 static void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3179 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
3180 struct hci_conn
*conn
;
3182 BT_DBG("%s", hdev
->name
);
3186 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3190 if (conn
->state
== BT_CONNECTED
) {
3191 hci_conn_hold(conn
);
3192 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
3193 hci_conn_drop(conn
);
3196 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) &&
3197 !test_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
)) {
3198 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
3199 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3200 } else if (test_bit(HCI_MGMT
, &hdev
->dev_flags
)) {
3203 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
3208 mgmt_pin_code_request(hdev
, &ev
->bdaddr
, secure
);
3212 hci_dev_unlock(hdev
);
3215 static void conn_set_key(struct hci_conn
*conn
, u8 key_type
, u8 pin_len
)
3217 if (key_type
== HCI_LK_CHANGED_COMBINATION
)
3220 conn
->pin_length
= pin_len
;
3221 conn
->key_type
= key_type
;
3224 case HCI_LK_LOCAL_UNIT
:
3225 case HCI_LK_REMOTE_UNIT
:
3226 case HCI_LK_DEBUG_COMBINATION
:
3228 case HCI_LK_COMBINATION
:
3230 conn
->pending_sec_level
= BT_SECURITY_HIGH
;
3232 conn
->pending_sec_level
= BT_SECURITY_MEDIUM
;
3234 case HCI_LK_UNAUTH_COMBINATION_P192
:
3235 case HCI_LK_UNAUTH_COMBINATION_P256
:
3236 conn
->pending_sec_level
= BT_SECURITY_MEDIUM
;
3238 case HCI_LK_AUTH_COMBINATION_P192
:
3239 conn
->pending_sec_level
= BT_SECURITY_HIGH
;
3241 case HCI_LK_AUTH_COMBINATION_P256
:
3242 conn
->pending_sec_level
= BT_SECURITY_FIPS
;
3247 static void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3249 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
3250 struct hci_cp_link_key_reply cp
;
3251 struct hci_conn
*conn
;
3252 struct link_key
*key
;
3254 BT_DBG("%s", hdev
->name
);
3256 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3261 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
3263 BT_DBG("%s link key not found for %pMR", hdev
->name
,
3268 BT_DBG("%s found key type %u for %pMR", hdev
->name
, key
->type
,
3271 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3273 clear_bit(HCI_CONN_NEW_LINK_KEY
, &conn
->flags
);
3275 if ((key
->type
== HCI_LK_UNAUTH_COMBINATION_P192
||
3276 key
->type
== HCI_LK_UNAUTH_COMBINATION_P256
) &&
3277 conn
->auth_type
!= 0xff && (conn
->auth_type
& 0x01)) {
3278 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
3282 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
3283 (conn
->pending_sec_level
== BT_SECURITY_HIGH
||
3284 conn
->pending_sec_level
== BT_SECURITY_FIPS
)) {
3285 BT_DBG("%s ignoring key unauthenticated for high security",
3290 conn_set_key(conn
, key
->type
, key
->pin_len
);
3293 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3294 memcpy(cp
.link_key
, key
->val
, HCI_LINK_KEY_SIZE
);
3296 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
3298 hci_dev_unlock(hdev
);
3303 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
3304 hci_dev_unlock(hdev
);
3307 static void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3309 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
3310 struct hci_conn
*conn
;
3311 struct link_key
*key
;
3315 BT_DBG("%s", hdev
->name
);
3319 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3323 hci_conn_hold(conn
);
3324 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3325 hci_conn_drop(conn
);
3327 set_bit(HCI_CONN_NEW_LINK_KEY
, &conn
->flags
);
3328 conn_set_key(conn
, ev
->key_type
, conn
->pin_length
);
3330 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3333 key
= hci_add_link_key(hdev
, conn
, &ev
->bdaddr
, ev
->link_key
,
3334 ev
->key_type
, pin_len
, &persistent
);
3338 /* Update connection information since adding the key will have
3339 * fixed up the type in the case of changed combination keys.
3341 if (ev
->key_type
== HCI_LK_CHANGED_COMBINATION
)
3342 conn_set_key(conn
, key
->type
, key
->pin_len
);
3344 mgmt_new_link_key(hdev
, key
, persistent
);
3346 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3347 * is set. If it's not set simply remove the key from the kernel
3348 * list (we've still notified user space about it but with
3349 * store_hint being 0).
3351 if (key
->type
== HCI_LK_DEBUG_COMBINATION
&&
3352 !test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
)) {
3353 list_del_rcu(&key
->list
);
3354 kfree_rcu(key
, rcu
);
3359 clear_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3361 set_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3364 hci_dev_unlock(hdev
);
3367 static void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3369 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
3370 struct hci_conn
*conn
;
3372 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3376 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3377 if (conn
&& !ev
->status
) {
3378 struct inquiry_entry
*ie
;
3380 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3382 ie
->data
.clock_offset
= ev
->clock_offset
;
3383 ie
->timestamp
= jiffies
;
3387 hci_dev_unlock(hdev
);
3390 static void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3392 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
3393 struct hci_conn
*conn
;
3395 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3399 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3400 if (conn
&& !ev
->status
)
3401 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
3403 hci_dev_unlock(hdev
);
3406 static void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3408 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
3409 struct inquiry_entry
*ie
;
3411 BT_DBG("%s", hdev
->name
);
3415 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3417 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
3418 ie
->timestamp
= jiffies
;
3421 hci_dev_unlock(hdev
);
3424 static void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
,
3425 struct sk_buff
*skb
)
3427 struct inquiry_data data
;
3428 int num_rsp
= *((__u8
*) skb
->data
);
3430 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3435 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3440 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
3441 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
3442 info
= (void *) (skb
->data
+ 1);
3444 for (; num_rsp
; num_rsp
--, info
++) {
3447 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3448 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3449 data
.pscan_period_mode
= info
->pscan_period_mode
;
3450 data
.pscan_mode
= info
->pscan_mode
;
3451 memcpy(data
.dev_class
, info
->dev_class
, 3);
3452 data
.clock_offset
= info
->clock_offset
;
3453 data
.rssi
= info
->rssi
;
3454 data
.ssp_mode
= 0x00;
3456 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3458 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3459 info
->dev_class
, info
->rssi
,
3460 flags
, NULL
, 0, NULL
, 0);
3463 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
3465 for (; num_rsp
; num_rsp
--, info
++) {
3468 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3469 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3470 data
.pscan_period_mode
= info
->pscan_period_mode
;
3471 data
.pscan_mode
= 0x00;
3472 memcpy(data
.dev_class
, info
->dev_class
, 3);
3473 data
.clock_offset
= info
->clock_offset
;
3474 data
.rssi
= info
->rssi
;
3475 data
.ssp_mode
= 0x00;
3477 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3479 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3480 info
->dev_class
, info
->rssi
,
3481 flags
, NULL
, 0, NULL
, 0);
3485 hci_dev_unlock(hdev
);
3488 static void hci_remote_ext_features_evt(struct hci_dev
*hdev
,
3489 struct sk_buff
*skb
)
3491 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
3492 struct hci_conn
*conn
;
3494 BT_DBG("%s", hdev
->name
);
3498 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3502 if (ev
->page
< HCI_MAX_PAGES
)
3503 memcpy(conn
->features
[ev
->page
], ev
->features
, 8);
3505 if (!ev
->status
&& ev
->page
== 0x01) {
3506 struct inquiry_entry
*ie
;
3508 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3510 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3512 if (ev
->features
[0] & LMP_HOST_SSP
) {
3513 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3515 /* It is mandatory by the Bluetooth specification that
3516 * Extended Inquiry Results are only used when Secure
3517 * Simple Pairing is enabled, but some devices violate
3520 * To make these devices work, the internal SSP
3521 * enabled flag needs to be cleared if the remote host
3522 * features do not indicate SSP support */
3523 clear_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3526 if (ev
->features
[0] & LMP_HOST_SC
)
3527 set_bit(HCI_CONN_SC_ENABLED
, &conn
->flags
);
3530 if (conn
->state
!= BT_CONFIG
)
3533 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
3534 struct hci_cp_remote_name_req cp
;
3535 memset(&cp
, 0, sizeof(cp
));
3536 bacpy(&cp
.bdaddr
, &conn
->dst
);
3537 cp
.pscan_rep_mode
= 0x02;
3538 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
3539 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
3540 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
3542 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
3543 conn
->state
= BT_CONNECTED
;
3544 hci_proto_connect_cfm(conn
, ev
->status
);
3545 hci_conn_drop(conn
);
3549 hci_dev_unlock(hdev
);
3552 static void hci_sync_conn_complete_evt(struct hci_dev
*hdev
,
3553 struct sk_buff
*skb
)
3555 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
3556 struct hci_conn
*conn
;
3558 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3562 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
3564 if (ev
->link_type
== ESCO_LINK
)
3567 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
3571 conn
->type
= SCO_LINK
;
3574 switch (ev
->status
) {
3576 conn
->handle
= __le16_to_cpu(ev
->handle
);
3577 conn
->state
= BT_CONNECTED
;
3579 hci_conn_add_sysfs(conn
);
3582 case 0x10: /* Connection Accept Timeout */
3583 case 0x0d: /* Connection Rejected due to Limited Resources */
3584 case 0x11: /* Unsupported Feature or Parameter Value */
3585 case 0x1c: /* SCO interval rejected */
3586 case 0x1a: /* Unsupported Remote Feature */
3587 case 0x1f: /* Unspecified error */
3588 case 0x20: /* Unsupported LMP Parameter value */
3590 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
3591 (hdev
->esco_type
& EDR_ESCO_MASK
);
3592 if (hci_setup_sync(conn
, conn
->link
->handle
))
3598 conn
->state
= BT_CLOSED
;
3602 hci_proto_connect_cfm(conn
, ev
->status
);
3607 hci_dev_unlock(hdev
);
3610 static inline size_t eir_get_length(u8
*eir
, size_t eir_len
)
3614 while (parsed
< eir_len
) {
3615 u8 field_len
= eir
[0];
3620 parsed
+= field_len
+ 1;
3621 eir
+= field_len
+ 1;
3627 static void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
,
3628 struct sk_buff
*skb
)
3630 struct inquiry_data data
;
3631 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
3632 int num_rsp
= *((__u8
*) skb
->data
);
3635 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3640 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3645 for (; num_rsp
; num_rsp
--, info
++) {
3649 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3650 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3651 data
.pscan_period_mode
= info
->pscan_period_mode
;
3652 data
.pscan_mode
= 0x00;
3653 memcpy(data
.dev_class
, info
->dev_class
, 3);
3654 data
.clock_offset
= info
->clock_offset
;
3655 data
.rssi
= info
->rssi
;
3656 data
.ssp_mode
= 0x01;
3658 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3659 name_known
= eir_has_data_type(info
->data
,
3665 flags
= hci_inquiry_cache_update(hdev
, &data
, name_known
);
3667 eir_len
= eir_get_length(info
->data
, sizeof(info
->data
));
3669 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3670 info
->dev_class
, info
->rssi
,
3671 flags
, info
->data
, eir_len
, NULL
, 0);
3674 hci_dev_unlock(hdev
);
3677 static void hci_key_refresh_complete_evt(struct hci_dev
*hdev
,
3678 struct sk_buff
*skb
)
3680 struct hci_ev_key_refresh_complete
*ev
= (void *) skb
->data
;
3681 struct hci_conn
*conn
;
3683 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev
->name
, ev
->status
,
3684 __le16_to_cpu(ev
->handle
));
3688 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3692 /* For BR/EDR the necessary steps are taken through the
3693 * auth_complete event.
3695 if (conn
->type
!= LE_LINK
)
3699 conn
->sec_level
= conn
->pending_sec_level
;
3701 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
3703 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
3704 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
3705 hci_conn_drop(conn
);
3709 if (conn
->state
== BT_CONFIG
) {
3711 conn
->state
= BT_CONNECTED
;
3713 hci_proto_connect_cfm(conn
, ev
->status
);
3714 hci_conn_drop(conn
);
3716 hci_auth_cfm(conn
, ev
->status
);
3718 hci_conn_hold(conn
);
3719 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3720 hci_conn_drop(conn
);
3724 hci_dev_unlock(hdev
);
3727 static u8
hci_get_auth_req(struct hci_conn
*conn
)
3729 /* If remote requests no-bonding follow that lead */
3730 if (conn
->remote_auth
== HCI_AT_NO_BONDING
||
3731 conn
->remote_auth
== HCI_AT_NO_BONDING_MITM
)
3732 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
3734 /* If both remote and local have enough IO capabilities, require
3737 if (conn
->remote_cap
!= HCI_IO_NO_INPUT_OUTPUT
&&
3738 conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
)
3739 return conn
->remote_auth
| 0x01;
3741 /* No MITM protection possible so ignore remote requirement */
3742 return (conn
->remote_auth
& ~0x01) | (conn
->auth_type
& 0x01);
3745 static void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3747 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
3748 struct hci_conn
*conn
;
3750 BT_DBG("%s", hdev
->name
);
3754 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3758 hci_conn_hold(conn
);
3760 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3763 /* Allow pairing if we're pairable, the initiators of the
3764 * pairing or if the remote is not requesting bonding.
3766 if (test_bit(HCI_BONDABLE
, &hdev
->dev_flags
) ||
3767 test_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
) ||
3768 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
3769 struct hci_cp_io_capability_reply cp
;
3771 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3772 /* Change the IO capability from KeyboardDisplay
3773 * to DisplayYesNo as it is not supported by BT spec. */
3774 cp
.capability
= (conn
->io_capability
== 0x04) ?
3775 HCI_IO_DISPLAY_YESNO
: conn
->io_capability
;
3777 /* If we are initiators, there is no remote information yet */
3778 if (conn
->remote_auth
== 0xff) {
3779 /* Request MITM protection if our IO caps allow it
3780 * except for the no-bonding case.
3782 if (conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
&&
3783 conn
->auth_type
!= HCI_AT_NO_BONDING
)
3784 conn
->auth_type
|= 0x01;
3786 conn
->auth_type
= hci_get_auth_req(conn
);
3789 /* If we're not bondable, force one of the non-bondable
3790 * authentication requirement values.
3792 if (!test_bit(HCI_BONDABLE
, &hdev
->dev_flags
))
3793 conn
->auth_type
&= HCI_AT_NO_BONDING_MITM
;
3795 cp
.authentication
= conn
->auth_type
;
3797 if (hci_find_remote_oob_data(hdev
, &conn
->dst
, BDADDR_BREDR
) &&
3798 (conn
->out
|| test_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
)))
3803 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
3806 struct hci_cp_io_capability_neg_reply cp
;
3808 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3809 cp
.reason
= HCI_ERROR_PAIRING_NOT_ALLOWED
;
3811 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
3816 hci_dev_unlock(hdev
);
3819 static void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3821 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
3822 struct hci_conn
*conn
;
3824 BT_DBG("%s", hdev
->name
);
3828 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3832 conn
->remote_cap
= ev
->capability
;
3833 conn
->remote_auth
= ev
->authentication
;
3835 set_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
);
3838 hci_dev_unlock(hdev
);
3841 static void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
3842 struct sk_buff
*skb
)
3844 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
3845 int loc_mitm
, rem_mitm
, confirm_hint
= 0;
3846 struct hci_conn
*conn
;
3848 BT_DBG("%s", hdev
->name
);
3852 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3855 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3859 loc_mitm
= (conn
->auth_type
& 0x01);
3860 rem_mitm
= (conn
->remote_auth
& 0x01);
3862 /* If we require MITM but the remote device can't provide that
3863 * (it has NoInputNoOutput) then reject the confirmation
3864 * request. We check the security level here since it doesn't
3865 * necessarily match conn->auth_type.
3867 if (conn
->pending_sec_level
> BT_SECURITY_MEDIUM
&&
3868 conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) {
3869 BT_DBG("Rejecting request: remote device can't provide MITM");
3870 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
3871 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3875 /* If no side requires MITM protection; auto-accept */
3876 if ((!loc_mitm
|| conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) &&
3877 (!rem_mitm
|| conn
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)) {
3879 /* If we're not the initiators request authorization to
3880 * proceed from user space (mgmt_user_confirm with
3881 * confirm_hint set to 1). The exception is if neither
3882 * side had MITM or if the local IO capability is
3883 * NoInputNoOutput, in which case we do auto-accept
3885 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) &&
3886 conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
&&
3887 (loc_mitm
|| rem_mitm
)) {
3888 BT_DBG("Confirming auto-accept as acceptor");
3893 BT_DBG("Auto-accept of user confirmation with %ums delay",
3894 hdev
->auto_accept_delay
);
3896 if (hdev
->auto_accept_delay
> 0) {
3897 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
3898 queue_delayed_work(conn
->hdev
->workqueue
,
3899 &conn
->auto_accept_work
, delay
);
3903 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
3904 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3909 mgmt_user_confirm_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0,
3910 le32_to_cpu(ev
->passkey
), confirm_hint
);
3913 hci_dev_unlock(hdev
);
3916 static void hci_user_passkey_request_evt(struct hci_dev
*hdev
,
3917 struct sk_buff
*skb
)
3919 struct hci_ev_user_passkey_req
*ev
= (void *) skb
->data
;
3921 BT_DBG("%s", hdev
->name
);
3923 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3924 mgmt_user_passkey_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0);
3927 static void hci_user_passkey_notify_evt(struct hci_dev
*hdev
,
3928 struct sk_buff
*skb
)
3930 struct hci_ev_user_passkey_notify
*ev
= (void *) skb
->data
;
3931 struct hci_conn
*conn
;
3933 BT_DBG("%s", hdev
->name
);
3935 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3939 conn
->passkey_notify
= __le32_to_cpu(ev
->passkey
);
3940 conn
->passkey_entered
= 0;
3942 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3943 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3944 conn
->dst_type
, conn
->passkey_notify
,
3945 conn
->passkey_entered
);
3948 static void hci_keypress_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3950 struct hci_ev_keypress_notify
*ev
= (void *) skb
->data
;
3951 struct hci_conn
*conn
;
3953 BT_DBG("%s", hdev
->name
);
3955 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3960 case HCI_KEYPRESS_STARTED
:
3961 conn
->passkey_entered
= 0;
3964 case HCI_KEYPRESS_ENTERED
:
3965 conn
->passkey_entered
++;
3968 case HCI_KEYPRESS_ERASED
:
3969 conn
->passkey_entered
--;
3972 case HCI_KEYPRESS_CLEARED
:
3973 conn
->passkey_entered
= 0;
3976 case HCI_KEYPRESS_COMPLETED
:
3980 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3981 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3982 conn
->dst_type
, conn
->passkey_notify
,
3983 conn
->passkey_entered
);
3986 static void hci_simple_pair_complete_evt(struct hci_dev
*hdev
,
3987 struct sk_buff
*skb
)
3989 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
3990 struct hci_conn
*conn
;
3992 BT_DBG("%s", hdev
->name
);
3996 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4000 /* Reset the authentication requirement to unknown */
4001 conn
->remote_auth
= 0xff;
4003 /* To avoid duplicate auth_failed events to user space we check
4004 * the HCI_CONN_AUTH_PEND flag which will be set if we
4005 * initiated the authentication. A traditional auth_complete
4006 * event gets always produced as initiator and is also mapped to
4007 * the mgmt_auth_failed event */
4008 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) && ev
->status
)
4009 mgmt_auth_failed(conn
, ev
->status
);
4011 hci_conn_drop(conn
);
4014 hci_dev_unlock(hdev
);
4017 static void hci_remote_host_features_evt(struct hci_dev
*hdev
,
4018 struct sk_buff
*skb
)
4020 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
4021 struct inquiry_entry
*ie
;
4022 struct hci_conn
*conn
;
4024 BT_DBG("%s", hdev
->name
);
4028 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4030 memcpy(conn
->features
[1], ev
->features
, 8);
4032 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
4034 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
4036 hci_dev_unlock(hdev
);
4039 static void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
4040 struct sk_buff
*skb
)
4042 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
4043 struct oob_data
*data
;
4045 BT_DBG("%s", hdev
->name
);
4049 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
4052 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
, BDADDR_BREDR
);
4054 if (bredr_sc_enabled(hdev
)) {
4055 struct hci_cp_remote_oob_ext_data_reply cp
;
4057 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4058 memcpy(cp
.hash192
, data
->hash192
, sizeof(cp
.hash192
));
4059 memcpy(cp
.rand192
, data
->rand192
, sizeof(cp
.rand192
));
4060 memcpy(cp
.hash256
, data
->hash256
, sizeof(cp
.hash256
));
4061 memcpy(cp
.rand256
, data
->rand256
, sizeof(cp
.rand256
));
4063 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY
,
4066 struct hci_cp_remote_oob_data_reply cp
;
4068 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4069 memcpy(cp
.hash
, data
->hash192
, sizeof(cp
.hash
));
4070 memcpy(cp
.rand
, data
->rand192
, sizeof(cp
.rand
));
4072 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
,
4076 struct hci_cp_remote_oob_data_neg_reply cp
;
4078 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4079 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
,
4084 hci_dev_unlock(hdev
);
4087 static void hci_phy_link_complete_evt(struct hci_dev
*hdev
,
4088 struct sk_buff
*skb
)
4090 struct hci_ev_phy_link_complete
*ev
= (void *) skb
->data
;
4091 struct hci_conn
*hcon
, *bredr_hcon
;
4093 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev
->name
, ev
->phy_handle
,
4098 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4100 hci_dev_unlock(hdev
);
4106 hci_dev_unlock(hdev
);
4110 bredr_hcon
= hcon
->amp_mgr
->l2cap_conn
->hcon
;
4112 hcon
->state
= BT_CONNECTED
;
4113 bacpy(&hcon
->dst
, &bredr_hcon
->dst
);
4115 hci_conn_hold(hcon
);
4116 hcon
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
4117 hci_conn_drop(hcon
);
4119 hci_conn_add_sysfs(hcon
);
4121 amp_physical_cfm(bredr_hcon
, hcon
);
4123 hci_dev_unlock(hdev
);
4126 static void hci_loglink_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4128 struct hci_ev_logical_link_complete
*ev
= (void *) skb
->data
;
4129 struct hci_conn
*hcon
;
4130 struct hci_chan
*hchan
;
4131 struct amp_mgr
*mgr
;
4133 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4134 hdev
->name
, le16_to_cpu(ev
->handle
), ev
->phy_handle
,
4137 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4141 /* Create AMP hchan */
4142 hchan
= hci_chan_create(hcon
);
4146 hchan
->handle
= le16_to_cpu(ev
->handle
);
4148 BT_DBG("hcon %p mgr %p hchan %p", hcon
, hcon
->amp_mgr
, hchan
);
4150 mgr
= hcon
->amp_mgr
;
4151 if (mgr
&& mgr
->bredr_chan
) {
4152 struct l2cap_chan
*bredr_chan
= mgr
->bredr_chan
;
4154 l2cap_chan_lock(bredr_chan
);
4156 bredr_chan
->conn
->mtu
= hdev
->block_mtu
;
4157 l2cap_logical_cfm(bredr_chan
, hchan
, 0);
4158 hci_conn_hold(hcon
);
4160 l2cap_chan_unlock(bredr_chan
);
4164 static void hci_disconn_loglink_complete_evt(struct hci_dev
*hdev
,
4165 struct sk_buff
*skb
)
4167 struct hci_ev_disconn_logical_link_complete
*ev
= (void *) skb
->data
;
4168 struct hci_chan
*hchan
;
4170 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev
->name
,
4171 le16_to_cpu(ev
->handle
), ev
->status
);
4178 hchan
= hci_chan_lookup_handle(hdev
, le16_to_cpu(ev
->handle
));
4182 amp_destroy_logical_link(hchan
, ev
->reason
);
4185 hci_dev_unlock(hdev
);
4188 static void hci_disconn_phylink_complete_evt(struct hci_dev
*hdev
,
4189 struct sk_buff
*skb
)
4191 struct hci_ev_disconn_phy_link_complete
*ev
= (void *) skb
->data
;
4192 struct hci_conn
*hcon
;
4194 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4201 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4203 hcon
->state
= BT_CLOSED
;
4207 hci_dev_unlock(hdev
);
4210 static void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4212 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
4213 struct hci_conn_params
*params
;
4214 struct hci_conn
*conn
;
4215 struct smp_irk
*irk
;
4218 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4222 /* All controllers implicitly stop advertising in the event of a
4223 * connection, so ensure that the state bit is cleared.
4225 clear_bit(HCI_LE_ADV
, &hdev
->dev_flags
);
4227 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
4229 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
, ev
->role
);
4231 BT_ERR("No memory for new connection");
4235 conn
->dst_type
= ev
->bdaddr_type
;
4237 /* If we didn't have a hci_conn object previously
4238 * but we're in master role this must be something
4239 * initiated using a white list. Since white list based
4240 * connections are not "first class citizens" we don't
4241 * have full tracking of them. Therefore, we go ahead
4242 * with a "best effort" approach of determining the
4243 * initiator address based on the HCI_PRIVACY flag.
4246 conn
->resp_addr_type
= ev
->bdaddr_type
;
4247 bacpy(&conn
->resp_addr
, &ev
->bdaddr
);
4248 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
)) {
4249 conn
->init_addr_type
= ADDR_LE_DEV_RANDOM
;
4250 bacpy(&conn
->init_addr
, &hdev
->rpa
);
4252 hci_copy_identity_address(hdev
,
4254 &conn
->init_addr_type
);
4258 cancel_delayed_work(&conn
->le_conn_timeout
);
4262 /* Set the responder (our side) address type based on
4263 * the advertising address type.
4265 conn
->resp_addr_type
= hdev
->adv_addr_type
;
4266 if (hdev
->adv_addr_type
== ADDR_LE_DEV_RANDOM
)
4267 bacpy(&conn
->resp_addr
, &hdev
->random_addr
);
4269 bacpy(&conn
->resp_addr
, &hdev
->bdaddr
);
4271 conn
->init_addr_type
= ev
->bdaddr_type
;
4272 bacpy(&conn
->init_addr
, &ev
->bdaddr
);
4274 /* For incoming connections, set the default minimum
4275 * and maximum connection interval. They will be used
4276 * to check if the parameters are in range and if not
4277 * trigger the connection update procedure.
4279 conn
->le_conn_min_interval
= hdev
->le_conn_min_interval
;
4280 conn
->le_conn_max_interval
= hdev
->le_conn_max_interval
;
4283 /* Lookup the identity address from the stored connection
4284 * address and address type.
4286 * When establishing connections to an identity address, the
4287 * connection procedure will store the resolvable random
4288 * address first. Now if it can be converted back into the
4289 * identity address, start using the identity address from
4292 irk
= hci_get_irk(hdev
, &conn
->dst
, conn
->dst_type
);
4294 bacpy(&conn
->dst
, &irk
->bdaddr
);
4295 conn
->dst_type
= irk
->addr_type
;
4299 hci_le_conn_failed(conn
, ev
->status
);
4303 if (conn
->dst_type
== ADDR_LE_DEV_PUBLIC
)
4304 addr_type
= BDADDR_LE_PUBLIC
;
4306 addr_type
= BDADDR_LE_RANDOM
;
4308 /* Drop the connection if the device is blocked */
4309 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, &conn
->dst
, addr_type
)) {
4310 hci_conn_drop(conn
);
4314 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
4315 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
4317 conn
->sec_level
= BT_SECURITY_LOW
;
4318 conn
->handle
= __le16_to_cpu(ev
->handle
);
4319 conn
->state
= BT_CONNECTED
;
4321 conn
->le_conn_interval
= le16_to_cpu(ev
->interval
);
4322 conn
->le_conn_latency
= le16_to_cpu(ev
->latency
);
4323 conn
->le_supv_timeout
= le16_to_cpu(ev
->supervision_timeout
);
4325 hci_conn_add_sysfs(conn
);
4327 hci_proto_connect_cfm(conn
, ev
->status
);
4329 params
= hci_pend_le_action_lookup(&hdev
->pend_le_conns
, &conn
->dst
,
4332 list_del_init(¶ms
->action
);
4334 hci_conn_drop(params
->conn
);
4335 hci_conn_put(params
->conn
);
4336 params
->conn
= NULL
;
4341 hci_update_background_scan(hdev
);
4342 hci_dev_unlock(hdev
);
4345 static void hci_le_conn_update_complete_evt(struct hci_dev
*hdev
,
4346 struct sk_buff
*skb
)
4348 struct hci_ev_le_conn_update_complete
*ev
= (void *) skb
->data
;
4349 struct hci_conn
*conn
;
4351 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4358 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4360 conn
->le_conn_interval
= le16_to_cpu(ev
->interval
);
4361 conn
->le_conn_latency
= le16_to_cpu(ev
->latency
);
4362 conn
->le_supv_timeout
= le16_to_cpu(ev
->supervision_timeout
);
4365 hci_dev_unlock(hdev
);
4368 /* This function requires the caller holds hdev->lock */
4369 static struct hci_conn
*check_pending_le_conn(struct hci_dev
*hdev
,
4371 u8 addr_type
, u8 adv_type
)
4373 struct hci_conn
*conn
;
4374 struct hci_conn_params
*params
;
4376 /* If the event is not connectable don't proceed further */
4377 if (adv_type
!= LE_ADV_IND
&& adv_type
!= LE_ADV_DIRECT_IND
)
4380 /* Ignore if the device is blocked */
4381 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, addr
, addr_type
))
4384 /* Most controller will fail if we try to create new connections
4385 * while we have an existing one in slave role.
4387 if (hdev
->conn_hash
.le_num_slave
> 0)
4390 /* If we're not connectable only connect devices that we have in
4391 * our pend_le_conns list.
4393 params
= hci_pend_le_action_lookup(&hdev
->pend_le_conns
,
4398 switch (params
->auto_connect
) {
4399 case HCI_AUTO_CONN_DIRECT
:
4400 /* Only devices advertising with ADV_DIRECT_IND are
4401 * triggering a connection attempt. This is allowing
4402 * incoming connections from slave devices.
4404 if (adv_type
!= LE_ADV_DIRECT_IND
)
4407 case HCI_AUTO_CONN_ALWAYS
:
4408 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4409 * are triggering a connection attempt. This means
4410 * that incoming connectioms from slave device are
4411 * accepted and also outgoing connections to slave
4412 * devices are established when found.
4419 conn
= hci_connect_le(hdev
, addr
, addr_type
, BT_SECURITY_LOW
,
4420 HCI_LE_AUTOCONN_TIMEOUT
, HCI_ROLE_MASTER
);
4421 if (!IS_ERR(conn
)) {
4422 /* Store the pointer since we don't really have any
4423 * other owner of the object besides the params that
4424 * triggered it. This way we can abort the connection if
4425 * the parameters get removed and keep the reference
4426 * count consistent once the connection is established.
4428 params
->conn
= hci_conn_get(conn
);
4432 switch (PTR_ERR(conn
)) {
4434 /* If hci_connect() returns -EBUSY it means there is already
4435 * an LE connection attempt going on. Since controllers don't
4436 * support more than one connection attempt at the time, we
4437 * don't consider this an error case.
4441 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn
));
4448 static void process_adv_report(struct hci_dev
*hdev
, u8 type
, bdaddr_t
*bdaddr
,
4449 u8 bdaddr_type
, bdaddr_t
*direct_addr
,
4450 u8 direct_addr_type
, s8 rssi
, u8
*data
, u8 len
)
4452 struct discovery_state
*d
= &hdev
->discovery
;
4453 struct smp_irk
*irk
;
4454 struct hci_conn
*conn
;
4458 /* If the direct address is present, then this report is from
4459 * a LE Direct Advertising Report event. In that case it is
4460 * important to see if the address is matching the local
4461 * controller address.
4464 /* Only resolvable random addresses are valid for these
4465 * kind of reports and others can be ignored.
4467 if (!hci_bdaddr_is_rpa(direct_addr
, direct_addr_type
))
4470 /* If the controller is not using resolvable random
4471 * addresses, then this report can be ignored.
4473 if (!test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
4476 /* If the local IRK of the controller does not match
4477 * with the resolvable random address provided, then
4478 * this report can be ignored.
4480 if (!smp_irk_matches(hdev
, hdev
->irk
, direct_addr
))
4484 /* Check if we need to convert to identity address */
4485 irk
= hci_get_irk(hdev
, bdaddr
, bdaddr_type
);
4487 bdaddr
= &irk
->bdaddr
;
4488 bdaddr_type
= irk
->addr_type
;
4491 /* Check if we have been requested to connect to this device */
4492 conn
= check_pending_le_conn(hdev
, bdaddr
, bdaddr_type
, type
);
4493 if (conn
&& type
== LE_ADV_IND
) {
4494 /* Store report for later inclusion by
4495 * mgmt_device_connected
4497 memcpy(conn
->le_adv_data
, data
, len
);
4498 conn
->le_adv_data_len
= len
;
4501 /* Passive scanning shouldn't trigger any device found events,
4502 * except for devices marked as CONN_REPORT for which we do send
4503 * device found events.
4505 if (hdev
->le_scan_type
== LE_SCAN_PASSIVE
) {
4506 if (type
== LE_ADV_DIRECT_IND
)
4509 if (!hci_pend_le_action_lookup(&hdev
->pend_le_reports
,
4510 bdaddr
, bdaddr_type
))
4513 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
)
4514 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
4517 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4518 rssi
, flags
, data
, len
, NULL
, 0);
4522 /* When receiving non-connectable or scannable undirected
4523 * advertising reports, this means that the remote device is
4524 * not connectable and then clearly indicate this in the
4525 * device found event.
4527 * When receiving a scan response, then there is no way to
4528 * know if the remote device is connectable or not. However
4529 * since scan responses are merged with a previously seen
4530 * advertising report, the flags field from that report
4533 * In the really unlikely case that a controller get confused
4534 * and just sends a scan response event, then it is marked as
4535 * not connectable as well.
4537 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
||
4538 type
== LE_ADV_SCAN_RSP
)
4539 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
4543 /* If there's nothing pending either store the data from this
4544 * event or send an immediate device found event if the data
4545 * should not be stored for later.
4547 if (!has_pending_adv_report(hdev
)) {
4548 /* If the report will trigger a SCAN_REQ store it for
4551 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
4552 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
4553 rssi
, flags
, data
, len
);
4557 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4558 rssi
, flags
, data
, len
, NULL
, 0);
4562 /* Check if the pending report is for the same device as the new one */
4563 match
= (!bacmp(bdaddr
, &d
->last_adv_addr
) &&
4564 bdaddr_type
== d
->last_adv_addr_type
);
4566 /* If the pending data doesn't match this report or this isn't a
4567 * scan response (e.g. we got a duplicate ADV_IND) then force
4568 * sending of the pending data.
4570 if (type
!= LE_ADV_SCAN_RSP
|| !match
) {
4571 /* Send out whatever is in the cache, but skip duplicates */
4573 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
4574 d
->last_adv_addr_type
, NULL
,
4575 d
->last_adv_rssi
, d
->last_adv_flags
,
4577 d
->last_adv_data_len
, NULL
, 0);
4579 /* If the new report will trigger a SCAN_REQ store it for
4582 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
4583 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
4584 rssi
, flags
, data
, len
);
4588 /* The advertising reports cannot be merged, so clear
4589 * the pending report and send out a device found event.
4591 clear_pending_adv_report(hdev
);
4592 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
4593 rssi
, flags
, data
, len
, NULL
, 0);
4597 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4598 * the new event is a SCAN_RSP. We can therefore proceed with
4599 * sending a merged device found event.
4601 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
4602 d
->last_adv_addr_type
, NULL
, rssi
, d
->last_adv_flags
,
4603 d
->last_adv_data
, d
->last_adv_data_len
, data
, len
);
4604 clear_pending_adv_report(hdev
);
4607 static void hci_le_adv_report_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4609 u8 num_reports
= skb
->data
[0];
4610 void *ptr
= &skb
->data
[1];
4614 while (num_reports
--) {
4615 struct hci_ev_le_advertising_info
*ev
= ptr
;
4618 rssi
= ev
->data
[ev
->length
];
4619 process_adv_report(hdev
, ev
->evt_type
, &ev
->bdaddr
,
4620 ev
->bdaddr_type
, NULL
, 0, rssi
,
4621 ev
->data
, ev
->length
);
4623 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
4626 hci_dev_unlock(hdev
);
4629 static void hci_le_ltk_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4631 struct hci_ev_le_ltk_req
*ev
= (void *) skb
->data
;
4632 struct hci_cp_le_ltk_reply cp
;
4633 struct hci_cp_le_ltk_neg_reply neg
;
4634 struct hci_conn
*conn
;
4635 struct smp_ltk
*ltk
;
4637 BT_DBG("%s handle 0x%4.4x", hdev
->name
, __le16_to_cpu(ev
->handle
));
4641 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4645 ltk
= hci_find_ltk(hdev
, &conn
->dst
, conn
->dst_type
, conn
->role
);
4649 if (smp_ltk_is_sc(ltk
)) {
4650 /* With SC both EDiv and Rand are set to zero */
4651 if (ev
->ediv
|| ev
->rand
)
4654 /* For non-SC keys check that EDiv and Rand match */
4655 if (ev
->ediv
!= ltk
->ediv
|| ev
->rand
!= ltk
->rand
)
4659 memcpy(cp
.ltk
, ltk
->val
, sizeof(ltk
->val
));
4660 cp
.handle
= cpu_to_le16(conn
->handle
);
4662 conn
->pending_sec_level
= smp_ltk_sec_level(ltk
);
4664 conn
->enc_key_size
= ltk
->enc_size
;
4666 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
4668 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4669 * temporary key used to encrypt a connection following
4670 * pairing. It is used during the Encrypted Session Setup to
4671 * distribute the keys. Later, security can be re-established
4672 * using a distributed LTK.
4674 if (ltk
->type
== SMP_STK
) {
4675 set_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
4676 list_del_rcu(<k
->list
);
4677 kfree_rcu(ltk
, rcu
);
4679 clear_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
4682 hci_dev_unlock(hdev
);
4687 neg
.handle
= ev
->handle
;
4688 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(neg
), &neg
);
4689 hci_dev_unlock(hdev
);
4692 static void send_conn_param_neg_reply(struct hci_dev
*hdev
, u16 handle
,
4695 struct hci_cp_le_conn_param_req_neg_reply cp
;
4697 cp
.handle
= cpu_to_le16(handle
);
4700 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY
, sizeof(cp
),
4704 static void hci_le_remote_conn_param_req_evt(struct hci_dev
*hdev
,
4705 struct sk_buff
*skb
)
4707 struct hci_ev_le_remote_conn_param_req
*ev
= (void *) skb
->data
;
4708 struct hci_cp_le_conn_param_req_reply cp
;
4709 struct hci_conn
*hcon
;
4710 u16 handle
, min
, max
, latency
, timeout
;
4712 handle
= le16_to_cpu(ev
->handle
);
4713 min
= le16_to_cpu(ev
->interval_min
);
4714 max
= le16_to_cpu(ev
->interval_max
);
4715 latency
= le16_to_cpu(ev
->latency
);
4716 timeout
= le16_to_cpu(ev
->timeout
);
4718 hcon
= hci_conn_hash_lookup_handle(hdev
, handle
);
4719 if (!hcon
|| hcon
->state
!= BT_CONNECTED
)
4720 return send_conn_param_neg_reply(hdev
, handle
,
4721 HCI_ERROR_UNKNOWN_CONN_ID
);
4723 if (hci_check_conn_params(min
, max
, latency
, timeout
))
4724 return send_conn_param_neg_reply(hdev
, handle
,
4725 HCI_ERROR_INVALID_LL_PARAMS
);
4727 if (hcon
->role
== HCI_ROLE_MASTER
) {
4728 struct hci_conn_params
*params
;
4733 params
= hci_conn_params_lookup(hdev
, &hcon
->dst
,
4736 params
->conn_min_interval
= min
;
4737 params
->conn_max_interval
= max
;
4738 params
->conn_latency
= latency
;
4739 params
->supervision_timeout
= timeout
;
4745 hci_dev_unlock(hdev
);
4747 mgmt_new_conn_param(hdev
, &hcon
->dst
, hcon
->dst_type
,
4748 store_hint
, min
, max
, latency
, timeout
);
4751 cp
.handle
= ev
->handle
;
4752 cp
.interval_min
= ev
->interval_min
;
4753 cp
.interval_max
= ev
->interval_max
;
4754 cp
.latency
= ev
->latency
;
4755 cp
.timeout
= ev
->timeout
;
4759 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_REPLY
, sizeof(cp
), &cp
);
4762 static void hci_le_direct_adv_report_evt(struct hci_dev
*hdev
,
4763 struct sk_buff
*skb
)
4765 u8 num_reports
= skb
->data
[0];
4766 void *ptr
= &skb
->data
[1];
4770 while (num_reports
--) {
4771 struct hci_ev_le_direct_adv_info
*ev
= ptr
;
4773 process_adv_report(hdev
, ev
->evt_type
, &ev
->bdaddr
,
4774 ev
->bdaddr_type
, &ev
->direct_addr
,
4775 ev
->direct_addr_type
, ev
->rssi
, NULL
, 0);
4780 hci_dev_unlock(hdev
);
4783 static void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4785 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
4787 skb_pull(skb
, sizeof(*le_ev
));
4789 switch (le_ev
->subevent
) {
4790 case HCI_EV_LE_CONN_COMPLETE
:
4791 hci_le_conn_complete_evt(hdev
, skb
);
4794 case HCI_EV_LE_CONN_UPDATE_COMPLETE
:
4795 hci_le_conn_update_complete_evt(hdev
, skb
);
4798 case HCI_EV_LE_ADVERTISING_REPORT
:
4799 hci_le_adv_report_evt(hdev
, skb
);
4802 case HCI_EV_LE_LTK_REQ
:
4803 hci_le_ltk_request_evt(hdev
, skb
);
4806 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ
:
4807 hci_le_remote_conn_param_req_evt(hdev
, skb
);
4810 case HCI_EV_LE_DIRECT_ADV_REPORT
:
4811 hci_le_direct_adv_report_evt(hdev
, skb
);
4819 static void hci_chan_selected_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4821 struct hci_ev_channel_selected
*ev
= (void *) skb
->data
;
4822 struct hci_conn
*hcon
;
4824 BT_DBG("%s handle 0x%2.2x", hdev
->name
, ev
->phy_handle
);
4826 skb_pull(skb
, sizeof(*ev
));
4828 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4832 amp_read_loc_assoc_final_data(hdev
, hcon
);
4835 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4837 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
4838 __u8 event
= hdr
->evt
;
4842 /* Received events are (currently) only needed when a request is
4843 * ongoing so avoid unnecessary memory allocation.
4845 if (hci_req_pending(hdev
)) {
4846 kfree_skb(hdev
->recv_evt
);
4847 hdev
->recv_evt
= skb_clone(skb
, GFP_KERNEL
);
4850 hci_dev_unlock(hdev
);
4852 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
4854 if (hdev
->sent_cmd
&& bt_cb(hdev
->sent_cmd
)->req
.event
== event
) {
4855 struct hci_command_hdr
*cmd_hdr
= (void *) hdev
->sent_cmd
->data
;
4856 u16 opcode
= __le16_to_cpu(cmd_hdr
->opcode
);
4858 hci_req_cmd_complete(hdev
, opcode
, 0);
4862 case HCI_EV_INQUIRY_COMPLETE
:
4863 hci_inquiry_complete_evt(hdev
, skb
);
4866 case HCI_EV_INQUIRY_RESULT
:
4867 hci_inquiry_result_evt(hdev
, skb
);
4870 case HCI_EV_CONN_COMPLETE
:
4871 hci_conn_complete_evt(hdev
, skb
);
4874 case HCI_EV_CONN_REQUEST
:
4875 hci_conn_request_evt(hdev
, skb
);
4878 case HCI_EV_DISCONN_COMPLETE
:
4879 hci_disconn_complete_evt(hdev
, skb
);
4882 case HCI_EV_AUTH_COMPLETE
:
4883 hci_auth_complete_evt(hdev
, skb
);
4886 case HCI_EV_REMOTE_NAME
:
4887 hci_remote_name_evt(hdev
, skb
);
4890 case HCI_EV_ENCRYPT_CHANGE
:
4891 hci_encrypt_change_evt(hdev
, skb
);
4894 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
4895 hci_change_link_key_complete_evt(hdev
, skb
);
4898 case HCI_EV_REMOTE_FEATURES
:
4899 hci_remote_features_evt(hdev
, skb
);
4902 case HCI_EV_CMD_COMPLETE
:
4903 hci_cmd_complete_evt(hdev
, skb
);
4906 case HCI_EV_CMD_STATUS
:
4907 hci_cmd_status_evt(hdev
, skb
);
4910 case HCI_EV_HARDWARE_ERROR
:
4911 hci_hardware_error_evt(hdev
, skb
);
4914 case HCI_EV_ROLE_CHANGE
:
4915 hci_role_change_evt(hdev
, skb
);
4918 case HCI_EV_NUM_COMP_PKTS
:
4919 hci_num_comp_pkts_evt(hdev
, skb
);
4922 case HCI_EV_MODE_CHANGE
:
4923 hci_mode_change_evt(hdev
, skb
);
4926 case HCI_EV_PIN_CODE_REQ
:
4927 hci_pin_code_request_evt(hdev
, skb
);
4930 case HCI_EV_LINK_KEY_REQ
:
4931 hci_link_key_request_evt(hdev
, skb
);
4934 case HCI_EV_LINK_KEY_NOTIFY
:
4935 hci_link_key_notify_evt(hdev
, skb
);
4938 case HCI_EV_CLOCK_OFFSET
:
4939 hci_clock_offset_evt(hdev
, skb
);
4942 case HCI_EV_PKT_TYPE_CHANGE
:
4943 hci_pkt_type_change_evt(hdev
, skb
);
4946 case HCI_EV_PSCAN_REP_MODE
:
4947 hci_pscan_rep_mode_evt(hdev
, skb
);
4950 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
4951 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
4954 case HCI_EV_REMOTE_EXT_FEATURES
:
4955 hci_remote_ext_features_evt(hdev
, skb
);
4958 case HCI_EV_SYNC_CONN_COMPLETE
:
4959 hci_sync_conn_complete_evt(hdev
, skb
);
4962 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
4963 hci_extended_inquiry_result_evt(hdev
, skb
);
4966 case HCI_EV_KEY_REFRESH_COMPLETE
:
4967 hci_key_refresh_complete_evt(hdev
, skb
);
4970 case HCI_EV_IO_CAPA_REQUEST
:
4971 hci_io_capa_request_evt(hdev
, skb
);
4974 case HCI_EV_IO_CAPA_REPLY
:
4975 hci_io_capa_reply_evt(hdev
, skb
);
4978 case HCI_EV_USER_CONFIRM_REQUEST
:
4979 hci_user_confirm_request_evt(hdev
, skb
);
4982 case HCI_EV_USER_PASSKEY_REQUEST
:
4983 hci_user_passkey_request_evt(hdev
, skb
);
4986 case HCI_EV_USER_PASSKEY_NOTIFY
:
4987 hci_user_passkey_notify_evt(hdev
, skb
);
4990 case HCI_EV_KEYPRESS_NOTIFY
:
4991 hci_keypress_notify_evt(hdev
, skb
);
4994 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
4995 hci_simple_pair_complete_evt(hdev
, skb
);
4998 case HCI_EV_REMOTE_HOST_FEATURES
:
4999 hci_remote_host_features_evt(hdev
, skb
);
5002 case HCI_EV_LE_META
:
5003 hci_le_meta_evt(hdev
, skb
);
5006 case HCI_EV_CHANNEL_SELECTED
:
5007 hci_chan_selected_evt(hdev
, skb
);
5010 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
5011 hci_remote_oob_data_request_evt(hdev
, skb
);
5014 case HCI_EV_PHY_LINK_COMPLETE
:
5015 hci_phy_link_complete_evt(hdev
, skb
);
5018 case HCI_EV_LOGICAL_LINK_COMPLETE
:
5019 hci_loglink_complete_evt(hdev
, skb
);
5022 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE
:
5023 hci_disconn_loglink_complete_evt(hdev
, skb
);
5026 case HCI_EV_DISCONN_PHY_LINK_COMPLETE
:
5027 hci_disconn_phylink_complete_evt(hdev
, skb
);
5030 case HCI_EV_NUM_COMP_BLOCKS
:
5031 hci_num_comp_blocks_evt(hdev
, skb
);
5035 BT_DBG("%s event 0x%2.2x", hdev
->name
, event
);
5040 hdev
->stat
.evt_rx
++;