2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
46 __u8 status
= *((__u8
*) skb
->data
);
48 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
53 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
54 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
55 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
58 /* Set discovery state to stopped if we're not doing LE active
61 if (!hci_dev_test_flag(hdev
, HCI_LE_SCAN
) ||
62 hdev
->le_scan_type
!= LE_SCAN_ACTIVE
)
63 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
66 hci_conn_check_pending(hdev
);
69 static void hci_cc_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
71 __u8 status
= *((__u8
*) skb
->data
);
73 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
78 hci_dev_set_flag(hdev
, HCI_PERIODIC_INQ
);
81 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
83 __u8 status
= *((__u8
*) skb
->data
);
85 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
90 hci_dev_clear_flag(hdev
, HCI_PERIODIC_INQ
);
92 hci_conn_check_pending(hdev
);
95 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
,
98 BT_DBG("%s", hdev
->name
);
101 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
103 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
104 struct hci_conn
*conn
;
106 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
113 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
115 conn
->role
= rp
->role
;
117 hci_dev_unlock(hdev
);
120 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
122 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
123 struct hci_conn
*conn
;
125 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
132 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
134 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
136 hci_dev_unlock(hdev
);
139 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
141 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
142 struct hci_conn
*conn
;
145 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
150 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
156 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
158 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
160 hci_dev_unlock(hdev
);
163 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
,
166 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
168 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
173 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
176 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
,
179 __u8 status
= *((__u8
*) skb
->data
);
182 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
187 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
191 hdev
->link_policy
= get_unaligned_le16(sent
);
194 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
196 __u8 status
= *((__u8
*) skb
->data
);
198 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
200 clear_bit(HCI_RESET
, &hdev
->flags
);
205 /* Reset all non-persistent flags */
206 hci_dev_clear_volatile_flags(hdev
);
208 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
210 hdev
->inq_tx_power
= HCI_TX_POWER_INVALID
;
211 hdev
->adv_tx_power
= HCI_TX_POWER_INVALID
;
213 memset(hdev
->adv_data
, 0, sizeof(hdev
->adv_data
));
214 hdev
->adv_data_len
= 0;
216 memset(hdev
->scan_rsp_data
, 0, sizeof(hdev
->scan_rsp_data
));
217 hdev
->scan_rsp_data_len
= 0;
219 hdev
->le_scan_type
= LE_SCAN_PASSIVE
;
221 hdev
->ssp_debug_mode
= 0;
223 hci_bdaddr_list_clear(&hdev
->le_white_list
);
224 hci_bdaddr_list_clear(&hdev
->le_resolv_list
);
227 static void hci_cc_read_stored_link_key(struct hci_dev
*hdev
,
230 struct hci_rp_read_stored_link_key
*rp
= (void *)skb
->data
;
231 struct hci_cp_read_stored_link_key
*sent
;
233 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
235 sent
= hci_sent_cmd_data(hdev
, HCI_OP_READ_STORED_LINK_KEY
);
239 if (!rp
->status
&& sent
->read_all
== 0x01) {
240 hdev
->stored_max_keys
= rp
->max_keys
;
241 hdev
->stored_num_keys
= rp
->num_keys
;
245 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
248 struct hci_rp_delete_stored_link_key
*rp
= (void *)skb
->data
;
250 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
255 if (rp
->num_keys
<= hdev
->stored_num_keys
)
256 hdev
->stored_num_keys
-= rp
->num_keys
;
258 hdev
->stored_num_keys
= 0;
261 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
263 __u8 status
= *((__u8
*) skb
->data
);
266 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
268 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
274 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
275 mgmt_set_local_name_complete(hdev
, sent
, status
);
277 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
279 hci_dev_unlock(hdev
);
282 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
284 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
286 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
291 if (hci_dev_test_flag(hdev
, HCI_SETUP
) ||
292 hci_dev_test_flag(hdev
, HCI_CONFIG
))
293 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
296 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
298 __u8 status
= *((__u8
*) skb
->data
);
301 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
303 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
310 __u8 param
= *((__u8
*) sent
);
312 if (param
== AUTH_ENABLED
)
313 set_bit(HCI_AUTH
, &hdev
->flags
);
315 clear_bit(HCI_AUTH
, &hdev
->flags
);
318 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
319 mgmt_auth_enable_complete(hdev
, status
);
321 hci_dev_unlock(hdev
);
324 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
326 __u8 status
= *((__u8
*) skb
->data
);
330 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
335 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
339 param
= *((__u8
*) sent
);
342 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
344 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
347 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
349 __u8 status
= *((__u8
*) skb
->data
);
353 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
355 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
359 param
= *((__u8
*) sent
);
364 hdev
->discov_timeout
= 0;
368 if (param
& SCAN_INQUIRY
)
369 set_bit(HCI_ISCAN
, &hdev
->flags
);
371 clear_bit(HCI_ISCAN
, &hdev
->flags
);
373 if (param
& SCAN_PAGE
)
374 set_bit(HCI_PSCAN
, &hdev
->flags
);
376 clear_bit(HCI_PSCAN
, &hdev
->flags
);
379 hci_dev_unlock(hdev
);
382 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
384 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
386 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
391 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
393 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
394 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
397 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
399 __u8 status
= *((__u8
*) skb
->data
);
402 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
404 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
411 memcpy(hdev
->dev_class
, sent
, 3);
413 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
414 mgmt_set_class_of_dev_complete(hdev
, sent
, status
);
416 hci_dev_unlock(hdev
);
419 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
421 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
424 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
429 setting
= __le16_to_cpu(rp
->voice_setting
);
431 if (hdev
->voice_setting
== setting
)
434 hdev
->voice_setting
= setting
;
436 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
439 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
442 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
,
445 __u8 status
= *((__u8
*) skb
->data
);
449 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
454 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
458 setting
= get_unaligned_le16(sent
);
460 if (hdev
->voice_setting
== setting
)
463 hdev
->voice_setting
= setting
;
465 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
468 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
471 static void hci_cc_read_num_supported_iac(struct hci_dev
*hdev
,
474 struct hci_rp_read_num_supported_iac
*rp
= (void *) skb
->data
;
476 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
481 hdev
->num_iac
= rp
->num_iac
;
483 BT_DBG("%s num iac %d", hdev
->name
, hdev
->num_iac
);
486 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
488 __u8 status
= *((__u8
*) skb
->data
);
489 struct hci_cp_write_ssp_mode
*sent
;
491 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
493 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
501 hdev
->features
[1][0] |= LMP_HOST_SSP
;
503 hdev
->features
[1][0] &= ~LMP_HOST_SSP
;
506 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
507 mgmt_ssp_enable_complete(hdev
, sent
->mode
, status
);
510 hci_dev_set_flag(hdev
, HCI_SSP_ENABLED
);
512 hci_dev_clear_flag(hdev
, HCI_SSP_ENABLED
);
515 hci_dev_unlock(hdev
);
518 static void hci_cc_write_sc_support(struct hci_dev
*hdev
, struct sk_buff
*skb
)
520 u8 status
= *((u8
*) skb
->data
);
521 struct hci_cp_write_sc_support
*sent
;
523 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
525 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SC_SUPPORT
);
533 hdev
->features
[1][0] |= LMP_HOST_SC
;
535 hdev
->features
[1][0] &= ~LMP_HOST_SC
;
538 if (!hci_dev_test_flag(hdev
, HCI_MGMT
) && !status
) {
540 hci_dev_set_flag(hdev
, HCI_SC_ENABLED
);
542 hci_dev_clear_flag(hdev
, HCI_SC_ENABLED
);
545 hci_dev_unlock(hdev
);
548 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
550 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
552 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
557 if (hci_dev_test_flag(hdev
, HCI_SETUP
) ||
558 hci_dev_test_flag(hdev
, HCI_CONFIG
)) {
559 hdev
->hci_ver
= rp
->hci_ver
;
560 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
561 hdev
->lmp_ver
= rp
->lmp_ver
;
562 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
563 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
567 static void hci_cc_read_local_commands(struct hci_dev
*hdev
,
570 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
572 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
577 if (hci_dev_test_flag(hdev
, HCI_SETUP
) ||
578 hci_dev_test_flag(hdev
, HCI_CONFIG
))
579 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
582 static void hci_cc_read_local_features(struct hci_dev
*hdev
,
585 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
587 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
592 memcpy(hdev
->features
, rp
->features
, 8);
594 /* Adjust default settings according to features
595 * supported by device. */
597 if (hdev
->features
[0][0] & LMP_3SLOT
)
598 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
600 if (hdev
->features
[0][0] & LMP_5SLOT
)
601 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
603 if (hdev
->features
[0][1] & LMP_HV2
) {
604 hdev
->pkt_type
|= (HCI_HV2
);
605 hdev
->esco_type
|= (ESCO_HV2
);
608 if (hdev
->features
[0][1] & LMP_HV3
) {
609 hdev
->pkt_type
|= (HCI_HV3
);
610 hdev
->esco_type
|= (ESCO_HV3
);
613 if (lmp_esco_capable(hdev
))
614 hdev
->esco_type
|= (ESCO_EV3
);
616 if (hdev
->features
[0][4] & LMP_EV4
)
617 hdev
->esco_type
|= (ESCO_EV4
);
619 if (hdev
->features
[0][4] & LMP_EV5
)
620 hdev
->esco_type
|= (ESCO_EV5
);
622 if (hdev
->features
[0][5] & LMP_EDR_ESCO_2M
)
623 hdev
->esco_type
|= (ESCO_2EV3
);
625 if (hdev
->features
[0][5] & LMP_EDR_ESCO_3M
)
626 hdev
->esco_type
|= (ESCO_3EV3
);
628 if (hdev
->features
[0][5] & LMP_EDR_3S_ESCO
)
629 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
632 static void hci_cc_read_local_ext_features(struct hci_dev
*hdev
,
635 struct hci_rp_read_local_ext_features
*rp
= (void *) skb
->data
;
637 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
642 if (hdev
->max_page
< rp
->max_page
)
643 hdev
->max_page
= rp
->max_page
;
645 if (rp
->page
< HCI_MAX_PAGES
)
646 memcpy(hdev
->features
[rp
->page
], rp
->features
, 8);
649 static void hci_cc_read_flow_control_mode(struct hci_dev
*hdev
,
652 struct hci_rp_read_flow_control_mode
*rp
= (void *) skb
->data
;
654 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
659 hdev
->flow_ctl_mode
= rp
->mode
;
662 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
664 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
666 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
671 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
672 hdev
->sco_mtu
= rp
->sco_mtu
;
673 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
674 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
676 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
681 hdev
->acl_cnt
= hdev
->acl_pkts
;
682 hdev
->sco_cnt
= hdev
->sco_pkts
;
684 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
, hdev
->acl_mtu
,
685 hdev
->acl_pkts
, hdev
->sco_mtu
, hdev
->sco_pkts
);
688 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
690 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
692 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
697 if (test_bit(HCI_INIT
, &hdev
->flags
))
698 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
700 if (hci_dev_test_flag(hdev
, HCI_SETUP
))
701 bacpy(&hdev
->setup_addr
, &rp
->bdaddr
);
704 static void hci_cc_read_page_scan_activity(struct hci_dev
*hdev
,
707 struct hci_rp_read_page_scan_activity
*rp
= (void *) skb
->data
;
709 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
714 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
715 hdev
->page_scan_interval
= __le16_to_cpu(rp
->interval
);
716 hdev
->page_scan_window
= __le16_to_cpu(rp
->window
);
720 static void hci_cc_write_page_scan_activity(struct hci_dev
*hdev
,
723 u8 status
= *((u8
*) skb
->data
);
724 struct hci_cp_write_page_scan_activity
*sent
;
726 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
731 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
);
735 hdev
->page_scan_interval
= __le16_to_cpu(sent
->interval
);
736 hdev
->page_scan_window
= __le16_to_cpu(sent
->window
);
739 static void hci_cc_read_page_scan_type(struct hci_dev
*hdev
,
742 struct hci_rp_read_page_scan_type
*rp
= (void *) skb
->data
;
744 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
749 if (test_bit(HCI_INIT
, &hdev
->flags
))
750 hdev
->page_scan_type
= rp
->type
;
753 static void hci_cc_write_page_scan_type(struct hci_dev
*hdev
,
756 u8 status
= *((u8
*) skb
->data
);
759 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
764 type
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
);
766 hdev
->page_scan_type
= *type
;
769 static void hci_cc_read_data_block_size(struct hci_dev
*hdev
,
772 struct hci_rp_read_data_block_size
*rp
= (void *) skb
->data
;
774 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
779 hdev
->block_mtu
= __le16_to_cpu(rp
->max_acl_len
);
780 hdev
->block_len
= __le16_to_cpu(rp
->block_len
);
781 hdev
->num_blocks
= __le16_to_cpu(rp
->num_blocks
);
783 hdev
->block_cnt
= hdev
->num_blocks
;
785 BT_DBG("%s blk mtu %d cnt %d len %d", hdev
->name
, hdev
->block_mtu
,
786 hdev
->block_cnt
, hdev
->block_len
);
789 static void hci_cc_read_clock(struct hci_dev
*hdev
, struct sk_buff
*skb
)
791 struct hci_rp_read_clock
*rp
= (void *) skb
->data
;
792 struct hci_cp_read_clock
*cp
;
793 struct hci_conn
*conn
;
795 BT_DBG("%s", hdev
->name
);
797 if (skb
->len
< sizeof(*rp
))
805 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
809 if (cp
->which
== 0x00) {
810 hdev
->clock
= le32_to_cpu(rp
->clock
);
814 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
816 conn
->clock
= le32_to_cpu(rp
->clock
);
817 conn
->clock_accuracy
= le16_to_cpu(rp
->accuracy
);
821 hci_dev_unlock(hdev
);
824 static void hci_cc_read_local_amp_info(struct hci_dev
*hdev
,
827 struct hci_rp_read_local_amp_info
*rp
= (void *) skb
->data
;
829 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
834 hdev
->amp_status
= rp
->amp_status
;
835 hdev
->amp_total_bw
= __le32_to_cpu(rp
->total_bw
);
836 hdev
->amp_max_bw
= __le32_to_cpu(rp
->max_bw
);
837 hdev
->amp_min_latency
= __le32_to_cpu(rp
->min_latency
);
838 hdev
->amp_max_pdu
= __le32_to_cpu(rp
->max_pdu
);
839 hdev
->amp_type
= rp
->amp_type
;
840 hdev
->amp_pal_cap
= __le16_to_cpu(rp
->pal_cap
);
841 hdev
->amp_assoc_size
= __le16_to_cpu(rp
->max_assoc_size
);
842 hdev
->amp_be_flush_to
= __le32_to_cpu(rp
->be_flush_to
);
843 hdev
->amp_max_flush_to
= __le32_to_cpu(rp
->max_flush_to
);
846 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
849 struct hci_rp_read_inq_rsp_tx_power
*rp
= (void *) skb
->data
;
851 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
856 hdev
->inq_tx_power
= rp
->tx_power
;
859 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
861 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
862 struct hci_cp_pin_code_reply
*cp
;
863 struct hci_conn
*conn
;
865 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
869 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
870 mgmt_pin_code_reply_complete(hdev
, &rp
->bdaddr
, rp
->status
);
875 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
879 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
881 conn
->pin_length
= cp
->pin_len
;
884 hci_dev_unlock(hdev
);
887 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
889 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
891 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
895 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
896 mgmt_pin_code_neg_reply_complete(hdev
, &rp
->bdaddr
,
899 hci_dev_unlock(hdev
);
902 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
905 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
907 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
912 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
913 hdev
->le_pkts
= rp
->le_max_pkt
;
915 hdev
->le_cnt
= hdev
->le_pkts
;
917 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
920 static void hci_cc_le_read_local_features(struct hci_dev
*hdev
,
923 struct hci_rp_le_read_local_features
*rp
= (void *) skb
->data
;
925 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
930 memcpy(hdev
->le_features
, rp
->features
, 8);
933 static void hci_cc_le_read_adv_tx_power(struct hci_dev
*hdev
,
936 struct hci_rp_le_read_adv_tx_power
*rp
= (void *) skb
->data
;
938 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
943 hdev
->adv_tx_power
= rp
->tx_power
;
946 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
948 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
950 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
954 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
955 mgmt_user_confirm_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
, 0,
958 hci_dev_unlock(hdev
);
961 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
964 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
966 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
970 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
971 mgmt_user_confirm_neg_reply_complete(hdev
, &rp
->bdaddr
,
972 ACL_LINK
, 0, rp
->status
);
974 hci_dev_unlock(hdev
);
977 static void hci_cc_user_passkey_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
979 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
981 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
985 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
986 mgmt_user_passkey_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
,
989 hci_dev_unlock(hdev
);
992 static void hci_cc_user_passkey_neg_reply(struct hci_dev
*hdev
,
995 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
997 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1001 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
1002 mgmt_user_passkey_neg_reply_complete(hdev
, &rp
->bdaddr
,
1003 ACL_LINK
, 0, rp
->status
);
1005 hci_dev_unlock(hdev
);
1008 static void hci_cc_read_local_oob_data(struct hci_dev
*hdev
,
1009 struct sk_buff
*skb
)
1011 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
1013 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1016 static void hci_cc_read_local_oob_ext_data(struct hci_dev
*hdev
,
1017 struct sk_buff
*skb
)
1019 struct hci_rp_read_local_oob_ext_data
*rp
= (void *) skb
->data
;
1021 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1024 static void hci_cc_le_set_random_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1026 __u8 status
= *((__u8
*) skb
->data
);
1029 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1034 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_RANDOM_ADDR
);
1040 bacpy(&hdev
->random_addr
, sent
);
1042 hci_dev_unlock(hdev
);
1045 static void hci_cc_le_set_default_phy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1047 __u8 status
= *((__u8
*) skb
->data
);
1048 struct hci_cp_le_set_default_phy
*cp
;
1050 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1055 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_DEFAULT_PHY
);
1061 hdev
->le_tx_def_phys
= cp
->tx_phys
;
1062 hdev
->le_rx_def_phys
= cp
->rx_phys
;
1064 hci_dev_unlock(hdev
);
1067 static void hci_cc_le_set_adv_set_random_addr(struct hci_dev
*hdev
,
1068 struct sk_buff
*skb
)
1070 __u8 status
= *((__u8
*) skb
->data
);
1071 struct hci_cp_le_set_adv_set_rand_addr
*cp
;
1072 struct adv_info
*adv_instance
;
1077 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_SET_RAND_ADDR
);
1083 if (!hdev
->cur_adv_instance
) {
1084 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1085 bacpy(&hdev
->random_addr
, &cp
->bdaddr
);
1087 adv_instance
= hci_find_adv_instance(hdev
,
1088 hdev
->cur_adv_instance
);
1090 bacpy(&adv_instance
->random_addr
, &cp
->bdaddr
);
1093 hci_dev_unlock(hdev
);
1096 static void hci_cc_le_set_adv_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1098 __u8
*sent
, status
= *((__u8
*) skb
->data
);
1100 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1105 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_ENABLE
);
1111 /* If we're doing connection initiation as peripheral. Set a
1112 * timeout in case something goes wrong.
1115 struct hci_conn
*conn
;
1117 hci_dev_set_flag(hdev
, HCI_LE_ADV
);
1119 conn
= hci_lookup_le_connect(hdev
);
1121 queue_delayed_work(hdev
->workqueue
,
1122 &conn
->le_conn_timeout
,
1123 conn
->conn_timeout
);
1125 hci_dev_clear_flag(hdev
, HCI_LE_ADV
);
1128 hci_dev_unlock(hdev
);
1131 static void hci_cc_le_set_ext_adv_enable(struct hci_dev
*hdev
,
1132 struct sk_buff
*skb
)
1134 struct hci_cp_le_set_ext_adv_enable
*cp
;
1135 struct hci_cp_ext_adv_set
*adv_set
;
1136 __u8 status
= *((__u8
*) skb
->data
);
1138 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1143 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_EXT_ADV_ENABLE
);
1147 adv_set
= (void *) cp
->data
;
1152 struct hci_conn
*conn
;
1154 hci_dev_set_flag(hdev
, HCI_LE_ADV
);
1156 conn
= hci_lookup_le_connect(hdev
);
1158 queue_delayed_work(hdev
->workqueue
,
1159 &conn
->le_conn_timeout
,
1160 conn
->conn_timeout
);
1162 hci_dev_clear_flag(hdev
, HCI_LE_ADV
);
1165 hci_dev_unlock(hdev
);
1168 static void hci_cc_le_set_scan_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1170 struct hci_cp_le_set_scan_param
*cp
;
1171 __u8 status
= *((__u8
*) skb
->data
);
1173 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1178 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_PARAM
);
1184 hdev
->le_scan_type
= cp
->type
;
1186 hci_dev_unlock(hdev
);
1189 static void hci_cc_le_set_ext_scan_param(struct hci_dev
*hdev
,
1190 struct sk_buff
*skb
)
1192 struct hci_cp_le_set_ext_scan_params
*cp
;
1193 __u8 status
= *((__u8
*) skb
->data
);
1194 struct hci_cp_le_scan_phy_params
*phy_param
;
1196 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1201 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_EXT_SCAN_PARAMS
);
1205 phy_param
= (void *)cp
->data
;
1209 hdev
->le_scan_type
= phy_param
->type
;
1211 hci_dev_unlock(hdev
);
1214 static bool has_pending_adv_report(struct hci_dev
*hdev
)
1216 struct discovery_state
*d
= &hdev
->discovery
;
1218 return bacmp(&d
->last_adv_addr
, BDADDR_ANY
);
1221 static void clear_pending_adv_report(struct hci_dev
*hdev
)
1223 struct discovery_state
*d
= &hdev
->discovery
;
1225 bacpy(&d
->last_adv_addr
, BDADDR_ANY
);
1226 d
->last_adv_data_len
= 0;
1229 static void store_pending_adv_report(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1230 u8 bdaddr_type
, s8 rssi
, u32 flags
,
1233 struct discovery_state
*d
= &hdev
->discovery
;
1235 bacpy(&d
->last_adv_addr
, bdaddr
);
1236 d
->last_adv_addr_type
= bdaddr_type
;
1237 d
->last_adv_rssi
= rssi
;
1238 d
->last_adv_flags
= flags
;
1239 memcpy(d
->last_adv_data
, data
, len
);
1240 d
->last_adv_data_len
= len
;
1243 static void le_set_scan_enable_complete(struct hci_dev
*hdev
, u8 enable
)
1248 case LE_SCAN_ENABLE
:
1249 hci_dev_set_flag(hdev
, HCI_LE_SCAN
);
1250 if (hdev
->le_scan_type
== LE_SCAN_ACTIVE
)
1251 clear_pending_adv_report(hdev
);
1254 case LE_SCAN_DISABLE
:
1255 /* We do this here instead of when setting DISCOVERY_STOPPED
1256 * since the latter would potentially require waiting for
1257 * inquiry to stop too.
1259 if (has_pending_adv_report(hdev
)) {
1260 struct discovery_state
*d
= &hdev
->discovery
;
1262 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
1263 d
->last_adv_addr_type
, NULL
,
1264 d
->last_adv_rssi
, d
->last_adv_flags
,
1266 d
->last_adv_data_len
, NULL
, 0);
1269 /* Cancel this timer so that we don't try to disable scanning
1270 * when it's already disabled.
1272 cancel_delayed_work(&hdev
->le_scan_disable
);
1274 hci_dev_clear_flag(hdev
, HCI_LE_SCAN
);
1276 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1277 * interrupted scanning due to a connect request. Mark
1278 * therefore discovery as stopped. If this was not
1279 * because of a connect request advertising might have
1280 * been disabled because of active scanning, so
1281 * re-enable it again if necessary.
1283 if (hci_dev_test_and_clear_flag(hdev
, HCI_LE_SCAN_INTERRUPTED
))
1284 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1285 else if (!hci_dev_test_flag(hdev
, HCI_LE_ADV
) &&
1286 hdev
->discovery
.state
== DISCOVERY_FINDING
)
1287 hci_req_reenable_advertising(hdev
);
1292 bt_dev_err(hdev
, "use of reserved LE_Scan_Enable param %d",
1297 hci_dev_unlock(hdev
);
1300 static void hci_cc_le_set_scan_enable(struct hci_dev
*hdev
,
1301 struct sk_buff
*skb
)
1303 struct hci_cp_le_set_scan_enable
*cp
;
1304 __u8 status
= *((__u8
*) skb
->data
);
1306 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1311 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
);
1315 le_set_scan_enable_complete(hdev
, cp
->enable
);
1318 static void hci_cc_le_set_ext_scan_enable(struct hci_dev
*hdev
,
1319 struct sk_buff
*skb
)
1321 struct hci_cp_le_set_ext_scan_enable
*cp
;
1322 __u8 status
= *((__u8
*) skb
->data
);
1324 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1329 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_EXT_SCAN_ENABLE
);
1333 le_set_scan_enable_complete(hdev
, cp
->enable
);
1336 static void hci_cc_le_read_num_adv_sets(struct hci_dev
*hdev
,
1337 struct sk_buff
*skb
)
1339 struct hci_rp_le_read_num_supported_adv_sets
*rp
= (void *) skb
->data
;
1341 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev
->name
, rp
->status
,
1347 hdev
->le_num_of_adv_sets
= rp
->num_of_sets
;
1350 static void hci_cc_le_read_white_list_size(struct hci_dev
*hdev
,
1351 struct sk_buff
*skb
)
1353 struct hci_rp_le_read_white_list_size
*rp
= (void *) skb
->data
;
1355 BT_DBG("%s status 0x%2.2x size %u", hdev
->name
, rp
->status
, rp
->size
);
1360 hdev
->le_white_list_size
= rp
->size
;
1363 static void hci_cc_le_clear_white_list(struct hci_dev
*hdev
,
1364 struct sk_buff
*skb
)
1366 __u8 status
= *((__u8
*) skb
->data
);
1368 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1373 hci_bdaddr_list_clear(&hdev
->le_white_list
);
1376 static void hci_cc_le_add_to_white_list(struct hci_dev
*hdev
,
1377 struct sk_buff
*skb
)
1379 struct hci_cp_le_add_to_white_list
*sent
;
1380 __u8 status
= *((__u8
*) skb
->data
);
1382 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1387 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_ADD_TO_WHITE_LIST
);
1391 hci_bdaddr_list_add(&hdev
->le_white_list
, &sent
->bdaddr
,
1395 static void hci_cc_le_del_from_white_list(struct hci_dev
*hdev
,
1396 struct sk_buff
*skb
)
1398 struct hci_cp_le_del_from_white_list
*sent
;
1399 __u8 status
= *((__u8
*) skb
->data
);
1401 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1406 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_DEL_FROM_WHITE_LIST
);
1410 hci_bdaddr_list_del(&hdev
->le_white_list
, &sent
->bdaddr
,
1414 static void hci_cc_le_read_supported_states(struct hci_dev
*hdev
,
1415 struct sk_buff
*skb
)
1417 struct hci_rp_le_read_supported_states
*rp
= (void *) skb
->data
;
1419 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1424 memcpy(hdev
->le_states
, rp
->le_states
, 8);
1427 static void hci_cc_le_read_def_data_len(struct hci_dev
*hdev
,
1428 struct sk_buff
*skb
)
1430 struct hci_rp_le_read_def_data_len
*rp
= (void *) skb
->data
;
1432 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1437 hdev
->le_def_tx_len
= le16_to_cpu(rp
->tx_len
);
1438 hdev
->le_def_tx_time
= le16_to_cpu(rp
->tx_time
);
1441 static void hci_cc_le_write_def_data_len(struct hci_dev
*hdev
,
1442 struct sk_buff
*skb
)
1444 struct hci_cp_le_write_def_data_len
*sent
;
1445 __u8 status
= *((__u8
*) skb
->data
);
1447 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1452 sent
= hci_sent_cmd_data(hdev
, HCI_OP_LE_WRITE_DEF_DATA_LEN
);
1456 hdev
->le_def_tx_len
= le16_to_cpu(sent
->tx_len
);
1457 hdev
->le_def_tx_time
= le16_to_cpu(sent
->tx_time
);
1460 static void hci_cc_le_clear_resolv_list(struct hci_dev
*hdev
,
1461 struct sk_buff
*skb
)
1463 __u8 status
= *((__u8
*) skb
->data
);
1465 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1470 hci_bdaddr_list_clear(&hdev
->le_resolv_list
);
1473 static void hci_cc_le_read_resolv_list_size(struct hci_dev
*hdev
,
1474 struct sk_buff
*skb
)
1476 struct hci_rp_le_read_resolv_list_size
*rp
= (void *) skb
->data
;
1478 BT_DBG("%s status 0x%2.2x size %u", hdev
->name
, rp
->status
, rp
->size
);
1483 hdev
->le_resolv_list_size
= rp
->size
;
1486 static void hci_cc_le_read_max_data_len(struct hci_dev
*hdev
,
1487 struct sk_buff
*skb
)
1489 struct hci_rp_le_read_max_data_len
*rp
= (void *) skb
->data
;
1491 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1496 hdev
->le_max_tx_len
= le16_to_cpu(rp
->tx_len
);
1497 hdev
->le_max_tx_time
= le16_to_cpu(rp
->tx_time
);
1498 hdev
->le_max_rx_len
= le16_to_cpu(rp
->rx_len
);
1499 hdev
->le_max_rx_time
= le16_to_cpu(rp
->rx_time
);
1502 static void hci_cc_write_le_host_supported(struct hci_dev
*hdev
,
1503 struct sk_buff
*skb
)
1505 struct hci_cp_write_le_host_supported
*sent
;
1506 __u8 status
= *((__u8
*) skb
->data
);
1508 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1513 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
);
1520 hdev
->features
[1][0] |= LMP_HOST_LE
;
1521 hci_dev_set_flag(hdev
, HCI_LE_ENABLED
);
1523 hdev
->features
[1][0] &= ~LMP_HOST_LE
;
1524 hci_dev_clear_flag(hdev
, HCI_LE_ENABLED
);
1525 hci_dev_clear_flag(hdev
, HCI_ADVERTISING
);
1529 hdev
->features
[1][0] |= LMP_HOST_LE_BREDR
;
1531 hdev
->features
[1][0] &= ~LMP_HOST_LE_BREDR
;
1533 hci_dev_unlock(hdev
);
1536 static void hci_cc_set_adv_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1538 struct hci_cp_le_set_adv_param
*cp
;
1539 u8 status
= *((u8
*) skb
->data
);
1541 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1546 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_ADV_PARAM
);
1551 hdev
->adv_addr_type
= cp
->own_address_type
;
1552 hci_dev_unlock(hdev
);
1555 static void hci_cc_set_ext_adv_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1557 struct hci_rp_le_set_ext_adv_params
*rp
= (void *) skb
->data
;
1558 struct hci_cp_le_set_ext_adv_params
*cp
;
1559 struct adv_info
*adv_instance
;
1561 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1566 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_EXT_ADV_PARAMS
);
1571 hdev
->adv_addr_type
= cp
->own_addr_type
;
1572 if (!hdev
->cur_adv_instance
) {
1573 /* Store in hdev for instance 0 */
1574 hdev
->adv_tx_power
= rp
->tx_power
;
1576 adv_instance
= hci_find_adv_instance(hdev
,
1577 hdev
->cur_adv_instance
);
1579 adv_instance
->tx_power
= rp
->tx_power
;
1581 /* Update adv data as tx power is known now */
1582 hci_req_update_adv_data(hdev
, hdev
->cur_adv_instance
);
1583 hci_dev_unlock(hdev
);
1586 static void hci_cc_read_rssi(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1588 struct hci_rp_read_rssi
*rp
= (void *) skb
->data
;
1589 struct hci_conn
*conn
;
1591 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1598 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1600 conn
->rssi
= rp
->rssi
;
1602 hci_dev_unlock(hdev
);
1605 static void hci_cc_read_tx_power(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1607 struct hci_cp_read_tx_power
*sent
;
1608 struct hci_rp_read_tx_power
*rp
= (void *) skb
->data
;
1609 struct hci_conn
*conn
;
1611 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1616 sent
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
1622 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
1626 switch (sent
->type
) {
1628 conn
->tx_power
= rp
->tx_power
;
1631 conn
->max_tx_power
= rp
->tx_power
;
1636 hci_dev_unlock(hdev
);
1639 static void hci_cc_write_ssp_debug_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1641 u8 status
= *((u8
*) skb
->data
);
1644 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1649 mode
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
);
1651 hdev
->ssp_debug_mode
= *mode
;
1654 static void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
1656 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1659 hci_conn_check_pending(hdev
);
1663 set_bit(HCI_INQUIRY
, &hdev
->flags
);
1666 static void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
1668 struct hci_cp_create_conn
*cp
;
1669 struct hci_conn
*conn
;
1671 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1673 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
1679 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1681 BT_DBG("%s bdaddr %pMR hcon %p", hdev
->name
, &cp
->bdaddr
, conn
);
1684 if (conn
&& conn
->state
== BT_CONNECT
) {
1685 if (status
!= 0x0c || conn
->attempt
> 2) {
1686 conn
->state
= BT_CLOSED
;
1687 hci_connect_cfm(conn
, status
);
1690 conn
->state
= BT_CONNECT2
;
1694 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
,
1697 bt_dev_err(hdev
, "no memory for new connection");
1701 hci_dev_unlock(hdev
);
1704 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
1706 struct hci_cp_add_sco
*cp
;
1707 struct hci_conn
*acl
, *sco
;
1710 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1715 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
1719 handle
= __le16_to_cpu(cp
->handle
);
1721 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1725 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1729 sco
->state
= BT_CLOSED
;
1731 hci_connect_cfm(sco
, status
);
1736 hci_dev_unlock(hdev
);
1739 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
1741 struct hci_cp_auth_requested
*cp
;
1742 struct hci_conn
*conn
;
1744 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1749 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
1755 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1757 if (conn
->state
== BT_CONFIG
) {
1758 hci_connect_cfm(conn
, status
);
1759 hci_conn_drop(conn
);
1763 hci_dev_unlock(hdev
);
1766 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
1768 struct hci_cp_set_conn_encrypt
*cp
;
1769 struct hci_conn
*conn
;
1771 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1776 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
1782 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1784 if (conn
->state
== BT_CONFIG
) {
1785 hci_connect_cfm(conn
, status
);
1786 hci_conn_drop(conn
);
1790 hci_dev_unlock(hdev
);
1793 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
1794 struct hci_conn
*conn
)
1796 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
1799 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
1802 /* Only request authentication for SSP connections or non-SSP
1803 * devices with sec_level MEDIUM or HIGH or if MITM protection
1806 if (!hci_conn_ssp_enabled(conn
) && !(conn
->auth_type
& 0x01) &&
1807 conn
->pending_sec_level
!= BT_SECURITY_FIPS
&&
1808 conn
->pending_sec_level
!= BT_SECURITY_HIGH
&&
1809 conn
->pending_sec_level
!= BT_SECURITY_MEDIUM
)
1815 static int hci_resolve_name(struct hci_dev
*hdev
,
1816 struct inquiry_entry
*e
)
1818 struct hci_cp_remote_name_req cp
;
1820 memset(&cp
, 0, sizeof(cp
));
1822 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1823 cp
.pscan_rep_mode
= e
->data
.pscan_rep_mode
;
1824 cp
.pscan_mode
= e
->data
.pscan_mode
;
1825 cp
.clock_offset
= e
->data
.clock_offset
;
1827 return hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1830 static bool hci_resolve_next_name(struct hci_dev
*hdev
)
1832 struct discovery_state
*discov
= &hdev
->discovery
;
1833 struct inquiry_entry
*e
;
1835 if (list_empty(&discov
->resolve
))
1838 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1842 if (hci_resolve_name(hdev
, e
) == 0) {
1843 e
->name_state
= NAME_PENDING
;
1850 static void hci_check_pending_name(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1851 bdaddr_t
*bdaddr
, u8
*name
, u8 name_len
)
1853 struct discovery_state
*discov
= &hdev
->discovery
;
1854 struct inquiry_entry
*e
;
1856 /* Update the mgmt connected state if necessary. Be careful with
1857 * conn objects that exist but are not (yet) connected however.
1858 * Only those in BT_CONFIG or BT_CONNECTED states can be
1859 * considered connected.
1862 (conn
->state
== BT_CONFIG
|| conn
->state
== BT_CONNECTED
) &&
1863 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
1864 mgmt_device_connected(hdev
, conn
, 0, name
, name_len
);
1866 if (discov
->state
== DISCOVERY_STOPPED
)
1869 if (discov
->state
== DISCOVERY_STOPPING
)
1870 goto discov_complete
;
1872 if (discov
->state
!= DISCOVERY_RESOLVING
)
1875 e
= hci_inquiry_cache_lookup_resolve(hdev
, bdaddr
, NAME_PENDING
);
1876 /* If the device was not found in a list of found devices names of which
1877 * are pending. there is no need to continue resolving a next name as it
1878 * will be done upon receiving another Remote Name Request Complete
1885 e
->name_state
= NAME_KNOWN
;
1886 mgmt_remote_name(hdev
, bdaddr
, ACL_LINK
, 0x00,
1887 e
->data
.rssi
, name
, name_len
);
1889 e
->name_state
= NAME_NOT_KNOWN
;
1892 if (hci_resolve_next_name(hdev
))
1896 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1899 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1901 struct hci_cp_remote_name_req
*cp
;
1902 struct hci_conn
*conn
;
1904 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1906 /* If successful wait for the name req complete event before
1907 * checking for the need to do authentication */
1911 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1917 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1919 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
1920 hci_check_pending_name(hdev
, conn
, &cp
->bdaddr
, NULL
, 0);
1925 if (!hci_outgoing_auth_needed(hdev
, conn
))
1928 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
1929 struct hci_cp_auth_requested auth_cp
;
1931 set_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
);
1933 auth_cp
.handle
= __cpu_to_le16(conn
->handle
);
1934 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
,
1935 sizeof(auth_cp
), &auth_cp
);
1939 hci_dev_unlock(hdev
);
1942 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1944 struct hci_cp_read_remote_features
*cp
;
1945 struct hci_conn
*conn
;
1947 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1952 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1958 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1960 if (conn
->state
== BT_CONFIG
) {
1961 hci_connect_cfm(conn
, status
);
1962 hci_conn_drop(conn
);
1966 hci_dev_unlock(hdev
);
1969 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1971 struct hci_cp_read_remote_ext_features
*cp
;
1972 struct hci_conn
*conn
;
1974 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1979 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1985 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1987 if (conn
->state
== BT_CONFIG
) {
1988 hci_connect_cfm(conn
, status
);
1989 hci_conn_drop(conn
);
1993 hci_dev_unlock(hdev
);
1996 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1998 struct hci_cp_setup_sync_conn
*cp
;
1999 struct hci_conn
*acl
, *sco
;
2002 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2007 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
2011 handle
= __le16_to_cpu(cp
->handle
);
2013 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
2017 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
2021 sco
->state
= BT_CLOSED
;
2023 hci_connect_cfm(sco
, status
);
2028 hci_dev_unlock(hdev
);
2031 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
2033 struct hci_cp_sniff_mode
*cp
;
2034 struct hci_conn
*conn
;
2036 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2041 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
2047 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
2049 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
2051 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
2052 hci_sco_setup(conn
, status
);
2055 hci_dev_unlock(hdev
);
2058 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
2060 struct hci_cp_exit_sniff_mode
*cp
;
2061 struct hci_conn
*conn
;
2063 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2068 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
2074 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
2076 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
2078 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
2079 hci_sco_setup(conn
, status
);
2082 hci_dev_unlock(hdev
);
2085 static void hci_cs_disconnect(struct hci_dev
*hdev
, u8 status
)
2087 struct hci_cp_disconnect
*cp
;
2088 struct hci_conn
*conn
;
2093 cp
= hci_sent_cmd_data(hdev
, HCI_OP_DISCONNECT
);
2099 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
2101 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
2102 conn
->dst_type
, status
);
2104 hci_dev_unlock(hdev
);
2107 static void cs_le_create_conn(struct hci_dev
*hdev
, bdaddr_t
*peer_addr
,
2108 u8 peer_addr_type
, u8 own_address_type
,
2111 struct hci_conn
*conn
;
2113 conn
= hci_conn_hash_lookup_le(hdev
, peer_addr
,
2118 /* Store the initiator and responder address information which
2119 * is needed for SMP. These values will not change during the
2120 * lifetime of the connection.
2122 conn
->init_addr_type
= own_address_type
;
2123 if (own_address_type
== ADDR_LE_DEV_RANDOM
)
2124 bacpy(&conn
->init_addr
, &hdev
->random_addr
);
2126 bacpy(&conn
->init_addr
, &hdev
->bdaddr
);
2128 conn
->resp_addr_type
= peer_addr_type
;
2129 bacpy(&conn
->resp_addr
, peer_addr
);
2131 /* We don't want the connection attempt to stick around
2132 * indefinitely since LE doesn't have a page timeout concept
2133 * like BR/EDR. Set a timer for any connection that doesn't use
2134 * the white list for connecting.
2136 if (filter_policy
== HCI_LE_USE_PEER_ADDR
)
2137 queue_delayed_work(conn
->hdev
->workqueue
,
2138 &conn
->le_conn_timeout
,
2139 conn
->conn_timeout
);
2142 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, u8 status
)
2144 struct hci_cp_le_create_conn
*cp
;
2146 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2148 /* All connection failure handling is taken care of by the
2149 * hci_le_conn_failed function which is triggered by the HCI
2150 * request completion callbacks used for connecting.
2155 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
2161 cs_le_create_conn(hdev
, &cp
->peer_addr
, cp
->peer_addr_type
,
2162 cp
->own_address_type
, cp
->filter_policy
);
2164 hci_dev_unlock(hdev
);
2167 static void hci_cs_le_ext_create_conn(struct hci_dev
*hdev
, u8 status
)
2169 struct hci_cp_le_ext_create_conn
*cp
;
2171 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2173 /* All connection failure handling is taken care of by the
2174 * hci_le_conn_failed function which is triggered by the HCI
2175 * request completion callbacks used for connecting.
2180 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_EXT_CREATE_CONN
);
2186 cs_le_create_conn(hdev
, &cp
->peer_addr
, cp
->peer_addr_type
,
2187 cp
->own_addr_type
, cp
->filter_policy
);
2189 hci_dev_unlock(hdev
);
2192 static void hci_cs_le_read_remote_features(struct hci_dev
*hdev
, u8 status
)
2194 struct hci_cp_le_read_remote_features
*cp
;
2195 struct hci_conn
*conn
;
2197 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2202 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_READ_REMOTE_FEATURES
);
2208 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
2210 if (conn
->state
== BT_CONFIG
) {
2211 hci_connect_cfm(conn
, status
);
2212 hci_conn_drop(conn
);
2216 hci_dev_unlock(hdev
);
2219 static void hci_cs_le_start_enc(struct hci_dev
*hdev
, u8 status
)
2221 struct hci_cp_le_start_enc
*cp
;
2222 struct hci_conn
*conn
;
2224 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2231 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_START_ENC
);
2235 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
2239 if (conn
->state
!= BT_CONNECTED
)
2242 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
2243 hci_conn_drop(conn
);
2246 hci_dev_unlock(hdev
);
2249 static void hci_cs_switch_role(struct hci_dev
*hdev
, u8 status
)
2251 struct hci_cp_switch_role
*cp
;
2252 struct hci_conn
*conn
;
2254 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2259 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SWITCH_ROLE
);
2265 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
2267 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
2269 hci_dev_unlock(hdev
);
2272 static void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2274 __u8 status
= *((__u8
*) skb
->data
);
2275 struct discovery_state
*discov
= &hdev
->discovery
;
2276 struct inquiry_entry
*e
;
2278 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
2280 hci_conn_check_pending(hdev
);
2282 if (!test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
2285 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2286 wake_up_bit(&hdev
->flags
, HCI_INQUIRY
);
2288 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
2293 if (discov
->state
!= DISCOVERY_FINDING
)
2296 if (list_empty(&discov
->resolve
)) {
2297 /* When BR/EDR inquiry is active and no LE scanning is in
2298 * progress, then change discovery state to indicate completion.
2300 * When running LE scanning and BR/EDR inquiry simultaneously
2301 * and the LE scan already finished, then change the discovery
2302 * state to indicate completion.
2304 if (!hci_dev_test_flag(hdev
, HCI_LE_SCAN
) ||
2305 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
))
2306 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2310 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
2311 if (e
&& hci_resolve_name(hdev
, e
) == 0) {
2312 e
->name_state
= NAME_PENDING
;
2313 hci_discovery_set_state(hdev
, DISCOVERY_RESOLVING
);
2315 /* When BR/EDR inquiry is active and no LE scanning is in
2316 * progress, then change discovery state to indicate completion.
2318 * When running LE scanning and BR/EDR inquiry simultaneously
2319 * and the LE scan already finished, then change the discovery
2320 * state to indicate completion.
2322 if (!hci_dev_test_flag(hdev
, HCI_LE_SCAN
) ||
2323 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY
, &hdev
->quirks
))
2324 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2328 hci_dev_unlock(hdev
);
2331 static void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2333 struct inquiry_data data
;
2334 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
2335 int num_rsp
= *((__u8
*) skb
->data
);
2337 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2342 if (hci_dev_test_flag(hdev
, HCI_PERIODIC_INQ
))
2347 for (; num_rsp
; num_rsp
--, info
++) {
2350 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2351 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2352 data
.pscan_period_mode
= info
->pscan_period_mode
;
2353 data
.pscan_mode
= info
->pscan_mode
;
2354 memcpy(data
.dev_class
, info
->dev_class
, 3);
2355 data
.clock_offset
= info
->clock_offset
;
2356 data
.rssi
= HCI_RSSI_INVALID
;
2357 data
.ssp_mode
= 0x00;
2359 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
2361 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2362 info
->dev_class
, HCI_RSSI_INVALID
,
2363 flags
, NULL
, 0, NULL
, 0);
2366 hci_dev_unlock(hdev
);
2369 static void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2371 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
2372 struct hci_conn
*conn
;
2374 BT_DBG("%s", hdev
->name
);
2378 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2380 if (ev
->link_type
!= SCO_LINK
)
2383 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2387 conn
->type
= SCO_LINK
;
2391 conn
->handle
= __le16_to_cpu(ev
->handle
);
2393 if (conn
->type
== ACL_LINK
) {
2394 conn
->state
= BT_CONFIG
;
2395 hci_conn_hold(conn
);
2397 if (!conn
->out
&& !hci_conn_ssp_enabled(conn
) &&
2398 !hci_find_link_key(hdev
, &ev
->bdaddr
))
2399 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2401 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2403 conn
->state
= BT_CONNECTED
;
2405 hci_debugfs_create_conn(conn
);
2406 hci_conn_add_sysfs(conn
);
2408 if (test_bit(HCI_AUTH
, &hdev
->flags
))
2409 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2411 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
2412 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2414 /* Get remote features */
2415 if (conn
->type
== ACL_LINK
) {
2416 struct hci_cp_read_remote_features cp
;
2417 cp
.handle
= ev
->handle
;
2418 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
2421 hci_req_update_scan(hdev
);
2424 /* Set packet type for incoming connection */
2425 if (!conn
->out
&& hdev
->hci_ver
< BLUETOOTH_VER_2_0
) {
2426 struct hci_cp_change_conn_ptype cp
;
2427 cp
.handle
= ev
->handle
;
2428 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2429 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
, sizeof(cp
),
2433 conn
->state
= BT_CLOSED
;
2434 if (conn
->type
== ACL_LINK
)
2435 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
,
2436 conn
->dst_type
, ev
->status
);
2439 if (conn
->type
== ACL_LINK
)
2440 hci_sco_setup(conn
, ev
->status
);
2443 hci_connect_cfm(conn
, ev
->status
);
2445 } else if (ev
->link_type
!= ACL_LINK
)
2446 hci_connect_cfm(conn
, ev
->status
);
2449 hci_dev_unlock(hdev
);
2451 hci_conn_check_pending(hdev
);
2454 static void hci_reject_conn(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
2456 struct hci_cp_reject_conn_req cp
;
2458 bacpy(&cp
.bdaddr
, bdaddr
);
2459 cp
.reason
= HCI_ERROR_REJ_BAD_ADDR
;
2460 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
2463 static void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2465 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
2466 int mask
= hdev
->link_mode
;
2467 struct inquiry_entry
*ie
;
2468 struct hci_conn
*conn
;
2471 BT_DBG("%s bdaddr %pMR type 0x%x", hdev
->name
, &ev
->bdaddr
,
2474 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
,
2477 if (!(mask
& HCI_LM_ACCEPT
)) {
2478 hci_reject_conn(hdev
, &ev
->bdaddr
);
2482 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, &ev
->bdaddr
,
2484 hci_reject_conn(hdev
, &ev
->bdaddr
);
2488 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2489 * connection. These features are only touched through mgmt so
2490 * only do the checks if HCI_MGMT is set.
2492 if (hci_dev_test_flag(hdev
, HCI_MGMT
) &&
2493 !hci_dev_test_flag(hdev
, HCI_CONNECTABLE
) &&
2494 !hci_bdaddr_list_lookup(&hdev
->whitelist
, &ev
->bdaddr
,
2496 hci_reject_conn(hdev
, &ev
->bdaddr
);
2500 /* Connection accepted */
2504 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2506 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
2508 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
,
2511 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
,
2514 bt_dev_err(hdev
, "no memory for new connection");
2515 hci_dev_unlock(hdev
);
2520 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
2522 hci_dev_unlock(hdev
);
2524 if (ev
->link_type
== ACL_LINK
||
2525 (!(flags
& HCI_PROTO_DEFER
) && !lmp_esco_capable(hdev
))) {
2526 struct hci_cp_accept_conn_req cp
;
2527 conn
->state
= BT_CONNECT
;
2529 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2531 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
2532 cp
.role
= 0x00; /* Become master */
2534 cp
.role
= 0x01; /* Remain slave */
2536 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
, sizeof(cp
), &cp
);
2537 } else if (!(flags
& HCI_PROTO_DEFER
)) {
2538 struct hci_cp_accept_sync_conn_req cp
;
2539 conn
->state
= BT_CONNECT
;
2541 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2542 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2544 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
2545 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
2546 cp
.max_latency
= cpu_to_le16(0xffff);
2547 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
2548 cp
.retrans_effort
= 0xff;
2550 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
, sizeof(cp
),
2553 conn
->state
= BT_CONNECT2
;
2554 hci_connect_cfm(conn
, 0);
2558 static u8
hci_to_mgmt_reason(u8 err
)
2561 case HCI_ERROR_CONNECTION_TIMEOUT
:
2562 return MGMT_DEV_DISCONN_TIMEOUT
;
2563 case HCI_ERROR_REMOTE_USER_TERM
:
2564 case HCI_ERROR_REMOTE_LOW_RESOURCES
:
2565 case HCI_ERROR_REMOTE_POWER_OFF
:
2566 return MGMT_DEV_DISCONN_REMOTE
;
2567 case HCI_ERROR_LOCAL_HOST_TERM
:
2568 return MGMT_DEV_DISCONN_LOCAL_HOST
;
2570 return MGMT_DEV_DISCONN_UNKNOWN
;
2574 static void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2576 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
2578 struct hci_conn_params
*params
;
2579 struct hci_conn
*conn
;
2580 bool mgmt_connected
;
2583 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2587 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2592 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
2593 conn
->dst_type
, ev
->status
);
2597 conn
->state
= BT_CLOSED
;
2599 mgmt_connected
= test_and_clear_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
);
2601 if (test_bit(HCI_CONN_AUTH_FAILURE
, &conn
->flags
))
2602 reason
= MGMT_DEV_DISCONN_AUTH_FAILURE
;
2604 reason
= hci_to_mgmt_reason(ev
->reason
);
2606 mgmt_device_disconnected(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
2607 reason
, mgmt_connected
);
2609 if (conn
->type
== ACL_LINK
) {
2610 if (test_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
))
2611 hci_remove_link_key(hdev
, &conn
->dst
);
2613 hci_req_update_scan(hdev
);
2616 params
= hci_conn_params_lookup(hdev
, &conn
->dst
, conn
->dst_type
);
2618 switch (params
->auto_connect
) {
2619 case HCI_AUTO_CONN_LINK_LOSS
:
2620 if (ev
->reason
!= HCI_ERROR_CONNECTION_TIMEOUT
)
2624 case HCI_AUTO_CONN_DIRECT
:
2625 case HCI_AUTO_CONN_ALWAYS
:
2626 list_del_init(¶ms
->action
);
2627 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
2628 hci_update_background_scan(hdev
);
2638 hci_disconn_cfm(conn
, ev
->reason
);
2641 /* Re-enable advertising if necessary, since it might
2642 * have been disabled by the connection. From the
2643 * HCI_LE_Set_Advertise_Enable command description in
2644 * the core specification (v4.0):
2645 * "The Controller shall continue advertising until the Host
2646 * issues an LE_Set_Advertise_Enable command with
2647 * Advertising_Enable set to 0x00 (Advertising is disabled)
2648 * or until a connection is created or until the Advertising
2649 * is timed out due to Directed Advertising."
2651 if (type
== LE_LINK
)
2652 hci_req_reenable_advertising(hdev
);
2655 hci_dev_unlock(hdev
);
2658 static void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2660 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
2661 struct hci_conn
*conn
;
2663 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2667 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2672 clear_bit(HCI_CONN_AUTH_FAILURE
, &conn
->flags
);
2674 if (!hci_conn_ssp_enabled(conn
) &&
2675 test_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
)) {
2676 bt_dev_info(hdev
, "re-auth of legacy device is not possible.");
2678 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2679 conn
->sec_level
= conn
->pending_sec_level
;
2682 if (ev
->status
== HCI_ERROR_PIN_OR_KEY_MISSING
)
2683 set_bit(HCI_CONN_AUTH_FAILURE
, &conn
->flags
);
2685 mgmt_auth_failed(conn
, ev
->status
);
2688 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2689 clear_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
2691 if (conn
->state
== BT_CONFIG
) {
2692 if (!ev
->status
&& hci_conn_ssp_enabled(conn
)) {
2693 struct hci_cp_set_conn_encrypt cp
;
2694 cp
.handle
= ev
->handle
;
2696 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2699 conn
->state
= BT_CONNECTED
;
2700 hci_connect_cfm(conn
, ev
->status
);
2701 hci_conn_drop(conn
);
2704 hci_auth_cfm(conn
, ev
->status
);
2706 hci_conn_hold(conn
);
2707 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2708 hci_conn_drop(conn
);
2711 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
2713 struct hci_cp_set_conn_encrypt cp
;
2714 cp
.handle
= ev
->handle
;
2716 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2719 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2720 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
2725 hci_dev_unlock(hdev
);
2728 static void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2730 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
2731 struct hci_conn
*conn
;
2733 BT_DBG("%s", hdev
->name
);
2735 hci_conn_check_pending(hdev
);
2739 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2741 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
2744 if (ev
->status
== 0)
2745 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, ev
->name
,
2746 strnlen(ev
->name
, HCI_MAX_NAME_LENGTH
));
2748 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, NULL
, 0);
2754 if (!hci_outgoing_auth_needed(hdev
, conn
))
2757 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
2758 struct hci_cp_auth_requested cp
;
2760 set_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
);
2762 cp
.handle
= __cpu_to_le16(conn
->handle
);
2763 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
2767 hci_dev_unlock(hdev
);
2770 static void read_enc_key_size_complete(struct hci_dev
*hdev
, u8 status
,
2771 u16 opcode
, struct sk_buff
*skb
)
2773 const struct hci_rp_read_enc_key_size
*rp
;
2774 struct hci_conn
*conn
;
2777 BT_DBG("%s status 0x%02x", hdev
->name
, status
);
2779 if (!skb
|| skb
->len
< sizeof(*rp
)) {
2780 bt_dev_err(hdev
, "invalid read key size response");
2784 rp
= (void *)skb
->data
;
2785 handle
= le16_to_cpu(rp
->handle
);
2789 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2793 /* If we fail to read the encryption key size, assume maximum
2794 * (which is the same we do also when this HCI command isn't
2798 bt_dev_err(hdev
, "failed to read key size for handle %u",
2800 conn
->enc_key_size
= HCI_LINK_KEY_SIZE
;
2802 conn
->enc_key_size
= rp
->key_size
;
2805 if (conn
->state
== BT_CONFIG
) {
2806 conn
->state
= BT_CONNECTED
;
2807 hci_connect_cfm(conn
, 0);
2808 hci_conn_drop(conn
);
2812 if (!test_bit(HCI_CONN_ENCRYPT
, &conn
->flags
))
2814 else if (test_bit(HCI_CONN_AES_CCM
, &conn
->flags
))
2819 hci_encrypt_cfm(conn
, 0, encrypt
);
2823 hci_dev_unlock(hdev
);
2826 static void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2828 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
2829 struct hci_conn
*conn
;
2831 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2835 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2841 /* Encryption implies authentication */
2842 set_bit(HCI_CONN_AUTH
, &conn
->flags
);
2843 set_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2844 conn
->sec_level
= conn
->pending_sec_level
;
2846 /* P-256 authentication key implies FIPS */
2847 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION_P256
)
2848 set_bit(HCI_CONN_FIPS
, &conn
->flags
);
2850 if ((conn
->type
== ACL_LINK
&& ev
->encrypt
== 0x02) ||
2851 conn
->type
== LE_LINK
)
2852 set_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2854 clear_bit(HCI_CONN_ENCRYPT
, &conn
->flags
);
2855 clear_bit(HCI_CONN_AES_CCM
, &conn
->flags
);
2859 /* We should disregard the current RPA and generate a new one
2860 * whenever the encryption procedure fails.
2862 if (ev
->status
&& conn
->type
== LE_LINK
) {
2863 hci_dev_set_flag(hdev
, HCI_RPA_EXPIRED
);
2864 hci_adv_instances_set_rpa_expired(hdev
, true);
2867 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2869 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
2870 if (ev
->status
== HCI_ERROR_PIN_OR_KEY_MISSING
)
2871 set_bit(HCI_CONN_AUTH_FAILURE
, &conn
->flags
);
2873 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
2874 hci_conn_drop(conn
);
2878 /* In Secure Connections Only mode, do not allow any connections
2879 * that are not encrypted with AES-CCM using a P-256 authenticated
2882 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
) &&
2883 (!test_bit(HCI_CONN_AES_CCM
, &conn
->flags
) ||
2884 conn
->key_type
!= HCI_LK_AUTH_COMBINATION_P256
)) {
2885 hci_connect_cfm(conn
, HCI_ERROR_AUTH_FAILURE
);
2886 hci_conn_drop(conn
);
2890 /* Try reading the encryption key size for encrypted ACL links */
2891 if (!ev
->status
&& ev
->encrypt
&& conn
->type
== ACL_LINK
) {
2892 struct hci_cp_read_enc_key_size cp
;
2893 struct hci_request req
;
2895 /* Only send HCI_Read_Encryption_Key_Size if the
2896 * controller really supports it. If it doesn't, assume
2897 * the default size (16).
2899 if (!(hdev
->commands
[20] & 0x10)) {
2900 conn
->enc_key_size
= HCI_LINK_KEY_SIZE
;
2904 hci_req_init(&req
, hdev
);
2906 cp
.handle
= cpu_to_le16(conn
->handle
);
2907 hci_req_add(&req
, HCI_OP_READ_ENC_KEY_SIZE
, sizeof(cp
), &cp
);
2909 if (hci_req_run_skb(&req
, read_enc_key_size_complete
)) {
2910 bt_dev_err(hdev
, "sending read key size failed");
2911 conn
->enc_key_size
= HCI_LINK_KEY_SIZE
;
2919 if (conn
->state
== BT_CONFIG
) {
2921 conn
->state
= BT_CONNECTED
;
2923 hci_connect_cfm(conn
, ev
->status
);
2924 hci_conn_drop(conn
);
2926 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
2929 hci_dev_unlock(hdev
);
2932 static void hci_change_link_key_complete_evt(struct hci_dev
*hdev
,
2933 struct sk_buff
*skb
)
2935 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
2936 struct hci_conn
*conn
;
2938 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2942 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2945 set_bit(HCI_CONN_SECURE
, &conn
->flags
);
2947 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2949 hci_key_change_cfm(conn
, ev
->status
);
2952 hci_dev_unlock(hdev
);
2955 static void hci_remote_features_evt(struct hci_dev
*hdev
,
2956 struct sk_buff
*skb
)
2958 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
2959 struct hci_conn
*conn
;
2961 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2965 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2970 memcpy(conn
->features
[0], ev
->features
, 8);
2972 if (conn
->state
!= BT_CONFIG
)
2975 if (!ev
->status
&& lmp_ext_feat_capable(hdev
) &&
2976 lmp_ext_feat_capable(conn
)) {
2977 struct hci_cp_read_remote_ext_features cp
;
2978 cp
.handle
= ev
->handle
;
2980 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
2985 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
2986 struct hci_cp_remote_name_req cp
;
2987 memset(&cp
, 0, sizeof(cp
));
2988 bacpy(&cp
.bdaddr
, &conn
->dst
);
2989 cp
.pscan_rep_mode
= 0x02;
2990 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2991 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
2992 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
2994 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2995 conn
->state
= BT_CONNECTED
;
2996 hci_connect_cfm(conn
, ev
->status
);
2997 hci_conn_drop(conn
);
3001 hci_dev_unlock(hdev
);
3004 static void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
,
3005 u16
*opcode
, u8
*status
,
3006 hci_req_complete_t
*req_complete
,
3007 hci_req_complete_skb_t
*req_complete_skb
)
3009 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
3011 *opcode
= __le16_to_cpu(ev
->opcode
);
3012 *status
= skb
->data
[sizeof(*ev
)];
3014 skb_pull(skb
, sizeof(*ev
));
3017 case HCI_OP_INQUIRY_CANCEL
:
3018 hci_cc_inquiry_cancel(hdev
, skb
);
3021 case HCI_OP_PERIODIC_INQ
:
3022 hci_cc_periodic_inq(hdev
, skb
);
3025 case HCI_OP_EXIT_PERIODIC_INQ
:
3026 hci_cc_exit_periodic_inq(hdev
, skb
);
3029 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
3030 hci_cc_remote_name_req_cancel(hdev
, skb
);
3033 case HCI_OP_ROLE_DISCOVERY
:
3034 hci_cc_role_discovery(hdev
, skb
);
3037 case HCI_OP_READ_LINK_POLICY
:
3038 hci_cc_read_link_policy(hdev
, skb
);
3041 case HCI_OP_WRITE_LINK_POLICY
:
3042 hci_cc_write_link_policy(hdev
, skb
);
3045 case HCI_OP_READ_DEF_LINK_POLICY
:
3046 hci_cc_read_def_link_policy(hdev
, skb
);
3049 case HCI_OP_WRITE_DEF_LINK_POLICY
:
3050 hci_cc_write_def_link_policy(hdev
, skb
);
3054 hci_cc_reset(hdev
, skb
);
3057 case HCI_OP_READ_STORED_LINK_KEY
:
3058 hci_cc_read_stored_link_key(hdev
, skb
);
3061 case HCI_OP_DELETE_STORED_LINK_KEY
:
3062 hci_cc_delete_stored_link_key(hdev
, skb
);
3065 case HCI_OP_WRITE_LOCAL_NAME
:
3066 hci_cc_write_local_name(hdev
, skb
);
3069 case HCI_OP_READ_LOCAL_NAME
:
3070 hci_cc_read_local_name(hdev
, skb
);
3073 case HCI_OP_WRITE_AUTH_ENABLE
:
3074 hci_cc_write_auth_enable(hdev
, skb
);
3077 case HCI_OP_WRITE_ENCRYPT_MODE
:
3078 hci_cc_write_encrypt_mode(hdev
, skb
);
3081 case HCI_OP_WRITE_SCAN_ENABLE
:
3082 hci_cc_write_scan_enable(hdev
, skb
);
3085 case HCI_OP_READ_CLASS_OF_DEV
:
3086 hci_cc_read_class_of_dev(hdev
, skb
);
3089 case HCI_OP_WRITE_CLASS_OF_DEV
:
3090 hci_cc_write_class_of_dev(hdev
, skb
);
3093 case HCI_OP_READ_VOICE_SETTING
:
3094 hci_cc_read_voice_setting(hdev
, skb
);
3097 case HCI_OP_WRITE_VOICE_SETTING
:
3098 hci_cc_write_voice_setting(hdev
, skb
);
3101 case HCI_OP_READ_NUM_SUPPORTED_IAC
:
3102 hci_cc_read_num_supported_iac(hdev
, skb
);
3105 case HCI_OP_WRITE_SSP_MODE
:
3106 hci_cc_write_ssp_mode(hdev
, skb
);
3109 case HCI_OP_WRITE_SC_SUPPORT
:
3110 hci_cc_write_sc_support(hdev
, skb
);
3113 case HCI_OP_READ_LOCAL_VERSION
:
3114 hci_cc_read_local_version(hdev
, skb
);
3117 case HCI_OP_READ_LOCAL_COMMANDS
:
3118 hci_cc_read_local_commands(hdev
, skb
);
3121 case HCI_OP_READ_LOCAL_FEATURES
:
3122 hci_cc_read_local_features(hdev
, skb
);
3125 case HCI_OP_READ_LOCAL_EXT_FEATURES
:
3126 hci_cc_read_local_ext_features(hdev
, skb
);
3129 case HCI_OP_READ_BUFFER_SIZE
:
3130 hci_cc_read_buffer_size(hdev
, skb
);
3133 case HCI_OP_READ_BD_ADDR
:
3134 hci_cc_read_bd_addr(hdev
, skb
);
3137 case HCI_OP_READ_PAGE_SCAN_ACTIVITY
:
3138 hci_cc_read_page_scan_activity(hdev
, skb
);
3141 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
:
3142 hci_cc_write_page_scan_activity(hdev
, skb
);
3145 case HCI_OP_READ_PAGE_SCAN_TYPE
:
3146 hci_cc_read_page_scan_type(hdev
, skb
);
3149 case HCI_OP_WRITE_PAGE_SCAN_TYPE
:
3150 hci_cc_write_page_scan_type(hdev
, skb
);
3153 case HCI_OP_READ_DATA_BLOCK_SIZE
:
3154 hci_cc_read_data_block_size(hdev
, skb
);
3157 case HCI_OP_READ_FLOW_CONTROL_MODE
:
3158 hci_cc_read_flow_control_mode(hdev
, skb
);
3161 case HCI_OP_READ_LOCAL_AMP_INFO
:
3162 hci_cc_read_local_amp_info(hdev
, skb
);
3165 case HCI_OP_READ_CLOCK
:
3166 hci_cc_read_clock(hdev
, skb
);
3169 case HCI_OP_READ_INQ_RSP_TX_POWER
:
3170 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
3173 case HCI_OP_PIN_CODE_REPLY
:
3174 hci_cc_pin_code_reply(hdev
, skb
);
3177 case HCI_OP_PIN_CODE_NEG_REPLY
:
3178 hci_cc_pin_code_neg_reply(hdev
, skb
);
3181 case HCI_OP_READ_LOCAL_OOB_DATA
:
3182 hci_cc_read_local_oob_data(hdev
, skb
);
3185 case HCI_OP_READ_LOCAL_OOB_EXT_DATA
:
3186 hci_cc_read_local_oob_ext_data(hdev
, skb
);
3189 case HCI_OP_LE_READ_BUFFER_SIZE
:
3190 hci_cc_le_read_buffer_size(hdev
, skb
);
3193 case HCI_OP_LE_READ_LOCAL_FEATURES
:
3194 hci_cc_le_read_local_features(hdev
, skb
);
3197 case HCI_OP_LE_READ_ADV_TX_POWER
:
3198 hci_cc_le_read_adv_tx_power(hdev
, skb
);
3201 case HCI_OP_USER_CONFIRM_REPLY
:
3202 hci_cc_user_confirm_reply(hdev
, skb
);
3205 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
3206 hci_cc_user_confirm_neg_reply(hdev
, skb
);
3209 case HCI_OP_USER_PASSKEY_REPLY
:
3210 hci_cc_user_passkey_reply(hdev
, skb
);
3213 case HCI_OP_USER_PASSKEY_NEG_REPLY
:
3214 hci_cc_user_passkey_neg_reply(hdev
, skb
);
3217 case HCI_OP_LE_SET_RANDOM_ADDR
:
3218 hci_cc_le_set_random_addr(hdev
, skb
);
3221 case HCI_OP_LE_SET_ADV_ENABLE
:
3222 hci_cc_le_set_adv_enable(hdev
, skb
);
3225 case HCI_OP_LE_SET_SCAN_PARAM
:
3226 hci_cc_le_set_scan_param(hdev
, skb
);
3229 case HCI_OP_LE_SET_SCAN_ENABLE
:
3230 hci_cc_le_set_scan_enable(hdev
, skb
);
3233 case HCI_OP_LE_READ_WHITE_LIST_SIZE
:
3234 hci_cc_le_read_white_list_size(hdev
, skb
);
3237 case HCI_OP_LE_CLEAR_WHITE_LIST
:
3238 hci_cc_le_clear_white_list(hdev
, skb
);
3241 case HCI_OP_LE_ADD_TO_WHITE_LIST
:
3242 hci_cc_le_add_to_white_list(hdev
, skb
);
3245 case HCI_OP_LE_DEL_FROM_WHITE_LIST
:
3246 hci_cc_le_del_from_white_list(hdev
, skb
);
3249 case HCI_OP_LE_READ_SUPPORTED_STATES
:
3250 hci_cc_le_read_supported_states(hdev
, skb
);
3253 case HCI_OP_LE_READ_DEF_DATA_LEN
:
3254 hci_cc_le_read_def_data_len(hdev
, skb
);
3257 case HCI_OP_LE_WRITE_DEF_DATA_LEN
:
3258 hci_cc_le_write_def_data_len(hdev
, skb
);
3261 case HCI_OP_LE_CLEAR_RESOLV_LIST
:
3262 hci_cc_le_clear_resolv_list(hdev
, skb
);
3265 case HCI_OP_LE_READ_RESOLV_LIST_SIZE
:
3266 hci_cc_le_read_resolv_list_size(hdev
, skb
);
3269 case HCI_OP_LE_READ_MAX_DATA_LEN
:
3270 hci_cc_le_read_max_data_len(hdev
, skb
);
3273 case HCI_OP_WRITE_LE_HOST_SUPPORTED
:
3274 hci_cc_write_le_host_supported(hdev
, skb
);
3277 case HCI_OP_LE_SET_ADV_PARAM
:
3278 hci_cc_set_adv_param(hdev
, skb
);
3281 case HCI_OP_READ_RSSI
:
3282 hci_cc_read_rssi(hdev
, skb
);
3285 case HCI_OP_READ_TX_POWER
:
3286 hci_cc_read_tx_power(hdev
, skb
);
3289 case HCI_OP_WRITE_SSP_DEBUG_MODE
:
3290 hci_cc_write_ssp_debug_mode(hdev
, skb
);
3293 case HCI_OP_LE_SET_EXT_SCAN_PARAMS
:
3294 hci_cc_le_set_ext_scan_param(hdev
, skb
);
3297 case HCI_OP_LE_SET_EXT_SCAN_ENABLE
:
3298 hci_cc_le_set_ext_scan_enable(hdev
, skb
);
3301 case HCI_OP_LE_SET_DEFAULT_PHY
:
3302 hci_cc_le_set_default_phy(hdev
, skb
);
3305 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS
:
3306 hci_cc_le_read_num_adv_sets(hdev
, skb
);
3309 case HCI_OP_LE_SET_EXT_ADV_PARAMS
:
3310 hci_cc_set_ext_adv_param(hdev
, skb
);
3313 case HCI_OP_LE_SET_EXT_ADV_ENABLE
:
3314 hci_cc_le_set_ext_adv_enable(hdev
, skb
);
3317 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR
:
3318 hci_cc_le_set_adv_set_random_addr(hdev
, skb
);
3322 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, *opcode
);
3326 if (*opcode
!= HCI_OP_NOP
)
3327 cancel_delayed_work(&hdev
->cmd_timer
);
3329 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
))
3330 atomic_set(&hdev
->cmd_cnt
, 1);
3332 hci_req_cmd_complete(hdev
, *opcode
, *status
, req_complete
,
3335 if (atomic_read(&hdev
->cmd_cnt
) && !skb_queue_empty(&hdev
->cmd_q
))
3336 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
3339 static void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
,
3340 u16
*opcode
, u8
*status
,
3341 hci_req_complete_t
*req_complete
,
3342 hci_req_complete_skb_t
*req_complete_skb
)
3344 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
3346 skb_pull(skb
, sizeof(*ev
));
3348 *opcode
= __le16_to_cpu(ev
->opcode
);
3349 *status
= ev
->status
;
3352 case HCI_OP_INQUIRY
:
3353 hci_cs_inquiry(hdev
, ev
->status
);
3356 case HCI_OP_CREATE_CONN
:
3357 hci_cs_create_conn(hdev
, ev
->status
);
3360 case HCI_OP_DISCONNECT
:
3361 hci_cs_disconnect(hdev
, ev
->status
);
3364 case HCI_OP_ADD_SCO
:
3365 hci_cs_add_sco(hdev
, ev
->status
);
3368 case HCI_OP_AUTH_REQUESTED
:
3369 hci_cs_auth_requested(hdev
, ev
->status
);
3372 case HCI_OP_SET_CONN_ENCRYPT
:
3373 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
3376 case HCI_OP_REMOTE_NAME_REQ
:
3377 hci_cs_remote_name_req(hdev
, ev
->status
);
3380 case HCI_OP_READ_REMOTE_FEATURES
:
3381 hci_cs_read_remote_features(hdev
, ev
->status
);
3384 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
3385 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
3388 case HCI_OP_SETUP_SYNC_CONN
:
3389 hci_cs_setup_sync_conn(hdev
, ev
->status
);
3392 case HCI_OP_SNIFF_MODE
:
3393 hci_cs_sniff_mode(hdev
, ev
->status
);
3396 case HCI_OP_EXIT_SNIFF_MODE
:
3397 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
3400 case HCI_OP_SWITCH_ROLE
:
3401 hci_cs_switch_role(hdev
, ev
->status
);
3404 case HCI_OP_LE_CREATE_CONN
:
3405 hci_cs_le_create_conn(hdev
, ev
->status
);
3408 case HCI_OP_LE_READ_REMOTE_FEATURES
:
3409 hci_cs_le_read_remote_features(hdev
, ev
->status
);
3412 case HCI_OP_LE_START_ENC
:
3413 hci_cs_le_start_enc(hdev
, ev
->status
);
3416 case HCI_OP_LE_EXT_CREATE_CONN
:
3417 hci_cs_le_ext_create_conn(hdev
, ev
->status
);
3421 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, *opcode
);
3425 if (*opcode
!= HCI_OP_NOP
)
3426 cancel_delayed_work(&hdev
->cmd_timer
);
3428 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
))
3429 atomic_set(&hdev
->cmd_cnt
, 1);
3431 /* Indicate request completion if the command failed. Also, if
3432 * we're not waiting for a special event and we get a success
3433 * command status we should try to flag the request as completed
3434 * (since for this kind of commands there will not be a command
3438 (hdev
->sent_cmd
&& !bt_cb(hdev
->sent_cmd
)->hci
.req_event
))
3439 hci_req_cmd_complete(hdev
, *opcode
, ev
->status
, req_complete
,
3442 if (atomic_read(&hdev
->cmd_cnt
) && !skb_queue_empty(&hdev
->cmd_q
))
3443 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
3446 static void hci_hardware_error_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3448 struct hci_ev_hardware_error
*ev
= (void *) skb
->data
;
3450 hdev
->hw_error_code
= ev
->code
;
3452 queue_work(hdev
->req_workqueue
, &hdev
->error_reset
);
3455 static void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3457 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
3458 struct hci_conn
*conn
;
3460 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3464 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3467 conn
->role
= ev
->role
;
3469 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
3471 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
3474 hci_dev_unlock(hdev
);
3477 static void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3479 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
3482 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_PACKET_BASED
) {
3483 bt_dev_err(hdev
, "wrong event for mode %d", hdev
->flow_ctl_mode
);
3487 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
3488 ev
->num_hndl
* sizeof(struct hci_comp_pkts_info
)) {
3489 BT_DBG("%s bad parameters", hdev
->name
);
3493 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
3495 for (i
= 0; i
< ev
->num_hndl
; i
++) {
3496 struct hci_comp_pkts_info
*info
= &ev
->handles
[i
];
3497 struct hci_conn
*conn
;
3498 __u16 handle
, count
;
3500 handle
= __le16_to_cpu(info
->handle
);
3501 count
= __le16_to_cpu(info
->count
);
3503 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
3507 conn
->sent
-= count
;
3509 switch (conn
->type
) {
3511 hdev
->acl_cnt
+= count
;
3512 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
3513 hdev
->acl_cnt
= hdev
->acl_pkts
;
3517 if (hdev
->le_pkts
) {
3518 hdev
->le_cnt
+= count
;
3519 if (hdev
->le_cnt
> hdev
->le_pkts
)
3520 hdev
->le_cnt
= hdev
->le_pkts
;
3522 hdev
->acl_cnt
+= count
;
3523 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
3524 hdev
->acl_cnt
= hdev
->acl_pkts
;
3529 hdev
->sco_cnt
+= count
;
3530 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
3531 hdev
->sco_cnt
= hdev
->sco_pkts
;
3535 bt_dev_err(hdev
, "unknown type %d conn %p",
3541 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
3544 static struct hci_conn
*__hci_conn_lookup_handle(struct hci_dev
*hdev
,
3547 struct hci_chan
*chan
;
3549 switch (hdev
->dev_type
) {
3551 return hci_conn_hash_lookup_handle(hdev
, handle
);
3553 chan
= hci_chan_lookup_handle(hdev
, handle
);
3558 bt_dev_err(hdev
, "unknown dev_type %d", hdev
->dev_type
);
3565 static void hci_num_comp_blocks_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3567 struct hci_ev_num_comp_blocks
*ev
= (void *) skb
->data
;
3570 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_BLOCK_BASED
) {
3571 bt_dev_err(hdev
, "wrong event for mode %d", hdev
->flow_ctl_mode
);
3575 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
3576 ev
->num_hndl
* sizeof(struct hci_comp_blocks_info
)) {
3577 BT_DBG("%s bad parameters", hdev
->name
);
3581 BT_DBG("%s num_blocks %d num_hndl %d", hdev
->name
, ev
->num_blocks
,
3584 for (i
= 0; i
< ev
->num_hndl
; i
++) {
3585 struct hci_comp_blocks_info
*info
= &ev
->handles
[i
];
3586 struct hci_conn
*conn
= NULL
;
3587 __u16 handle
, block_count
;
3589 handle
= __le16_to_cpu(info
->handle
);
3590 block_count
= __le16_to_cpu(info
->blocks
);
3592 conn
= __hci_conn_lookup_handle(hdev
, handle
);
3596 conn
->sent
-= block_count
;
3598 switch (conn
->type
) {
3601 hdev
->block_cnt
+= block_count
;
3602 if (hdev
->block_cnt
> hdev
->num_blocks
)
3603 hdev
->block_cnt
= hdev
->num_blocks
;
3607 bt_dev_err(hdev
, "unknown type %d conn %p",
3613 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
3616 static void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3618 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
3619 struct hci_conn
*conn
;
3621 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3625 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3627 conn
->mode
= ev
->mode
;
3629 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
,
3631 if (conn
->mode
== HCI_CM_ACTIVE
)
3632 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3634 clear_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
3637 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
3638 hci_sco_setup(conn
, ev
->status
);
3641 hci_dev_unlock(hdev
);
3644 static void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3646 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
3647 struct hci_conn
*conn
;
3649 BT_DBG("%s", hdev
->name
);
3653 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3657 if (conn
->state
== BT_CONNECTED
) {
3658 hci_conn_hold(conn
);
3659 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
3660 hci_conn_drop(conn
);
3663 if (!hci_dev_test_flag(hdev
, HCI_BONDABLE
) &&
3664 !test_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
)) {
3665 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
3666 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3667 } else if (hci_dev_test_flag(hdev
, HCI_MGMT
)) {
3670 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
3675 mgmt_pin_code_request(hdev
, &ev
->bdaddr
, secure
);
3679 hci_dev_unlock(hdev
);
3682 static void conn_set_key(struct hci_conn
*conn
, u8 key_type
, u8 pin_len
)
3684 if (key_type
== HCI_LK_CHANGED_COMBINATION
)
3687 conn
->pin_length
= pin_len
;
3688 conn
->key_type
= key_type
;
3691 case HCI_LK_LOCAL_UNIT
:
3692 case HCI_LK_REMOTE_UNIT
:
3693 case HCI_LK_DEBUG_COMBINATION
:
3695 case HCI_LK_COMBINATION
:
3697 conn
->pending_sec_level
= BT_SECURITY_HIGH
;
3699 conn
->pending_sec_level
= BT_SECURITY_MEDIUM
;
3701 case HCI_LK_UNAUTH_COMBINATION_P192
:
3702 case HCI_LK_UNAUTH_COMBINATION_P256
:
3703 conn
->pending_sec_level
= BT_SECURITY_MEDIUM
;
3705 case HCI_LK_AUTH_COMBINATION_P192
:
3706 conn
->pending_sec_level
= BT_SECURITY_HIGH
;
3708 case HCI_LK_AUTH_COMBINATION_P256
:
3709 conn
->pending_sec_level
= BT_SECURITY_FIPS
;
3714 static void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3716 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
3717 struct hci_cp_link_key_reply cp
;
3718 struct hci_conn
*conn
;
3719 struct link_key
*key
;
3721 BT_DBG("%s", hdev
->name
);
3723 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
3728 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
3730 BT_DBG("%s link key not found for %pMR", hdev
->name
,
3735 BT_DBG("%s found key type %u for %pMR", hdev
->name
, key
->type
,
3738 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3740 clear_bit(HCI_CONN_NEW_LINK_KEY
, &conn
->flags
);
3742 if ((key
->type
== HCI_LK_UNAUTH_COMBINATION_P192
||
3743 key
->type
== HCI_LK_UNAUTH_COMBINATION_P256
) &&
3744 conn
->auth_type
!= 0xff && (conn
->auth_type
& 0x01)) {
3745 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
3749 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
3750 (conn
->pending_sec_level
== BT_SECURITY_HIGH
||
3751 conn
->pending_sec_level
== BT_SECURITY_FIPS
)) {
3752 BT_DBG("%s ignoring key unauthenticated for high security",
3757 conn_set_key(conn
, key
->type
, key
->pin_len
);
3760 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3761 memcpy(cp
.link_key
, key
->val
, HCI_LINK_KEY_SIZE
);
3763 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
3765 hci_dev_unlock(hdev
);
3770 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
3771 hci_dev_unlock(hdev
);
3774 static void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3776 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
3777 struct hci_conn
*conn
;
3778 struct link_key
*key
;
3782 BT_DBG("%s", hdev
->name
);
3786 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3790 hci_conn_hold(conn
);
3791 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3792 hci_conn_drop(conn
);
3794 set_bit(HCI_CONN_NEW_LINK_KEY
, &conn
->flags
);
3795 conn_set_key(conn
, ev
->key_type
, conn
->pin_length
);
3797 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
3800 key
= hci_add_link_key(hdev
, conn
, &ev
->bdaddr
, ev
->link_key
,
3801 ev
->key_type
, pin_len
, &persistent
);
3805 /* Update connection information since adding the key will have
3806 * fixed up the type in the case of changed combination keys.
3808 if (ev
->key_type
== HCI_LK_CHANGED_COMBINATION
)
3809 conn_set_key(conn
, key
->type
, key
->pin_len
);
3811 mgmt_new_link_key(hdev
, key
, persistent
);
3813 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3814 * is set. If it's not set simply remove the key from the kernel
3815 * list (we've still notified user space about it but with
3816 * store_hint being 0).
3818 if (key
->type
== HCI_LK_DEBUG_COMBINATION
&&
3819 !hci_dev_test_flag(hdev
, HCI_KEEP_DEBUG_KEYS
)) {
3820 list_del_rcu(&key
->list
);
3821 kfree_rcu(key
, rcu
);
3826 clear_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3828 set_bit(HCI_CONN_FLUSH_KEY
, &conn
->flags
);
3831 hci_dev_unlock(hdev
);
3834 static void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3836 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
3837 struct hci_conn
*conn
;
3839 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3843 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3844 if (conn
&& !ev
->status
) {
3845 struct inquiry_entry
*ie
;
3847 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3849 ie
->data
.clock_offset
= ev
->clock_offset
;
3850 ie
->timestamp
= jiffies
;
3854 hci_dev_unlock(hdev
);
3857 static void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3859 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
3860 struct hci_conn
*conn
;
3862 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3866 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3867 if (conn
&& !ev
->status
)
3868 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
3870 hci_dev_unlock(hdev
);
3873 static void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3875 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
3876 struct inquiry_entry
*ie
;
3878 BT_DBG("%s", hdev
->name
);
3882 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3884 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
3885 ie
->timestamp
= jiffies
;
3888 hci_dev_unlock(hdev
);
3891 static void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
,
3892 struct sk_buff
*skb
)
3894 struct inquiry_data data
;
3895 int num_rsp
= *((__u8
*) skb
->data
);
3897 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3902 if (hci_dev_test_flag(hdev
, HCI_PERIODIC_INQ
))
3907 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
3908 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
3909 info
= (void *) (skb
->data
+ 1);
3911 for (; num_rsp
; num_rsp
--, info
++) {
3914 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3915 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3916 data
.pscan_period_mode
= info
->pscan_period_mode
;
3917 data
.pscan_mode
= info
->pscan_mode
;
3918 memcpy(data
.dev_class
, info
->dev_class
, 3);
3919 data
.clock_offset
= info
->clock_offset
;
3920 data
.rssi
= info
->rssi
;
3921 data
.ssp_mode
= 0x00;
3923 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3925 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3926 info
->dev_class
, info
->rssi
,
3927 flags
, NULL
, 0, NULL
, 0);
3930 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
3932 for (; num_rsp
; num_rsp
--, info
++) {
3935 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3936 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3937 data
.pscan_period_mode
= info
->pscan_period_mode
;
3938 data
.pscan_mode
= 0x00;
3939 memcpy(data
.dev_class
, info
->dev_class
, 3);
3940 data
.clock_offset
= info
->clock_offset
;
3941 data
.rssi
= info
->rssi
;
3942 data
.ssp_mode
= 0x00;
3944 flags
= hci_inquiry_cache_update(hdev
, &data
, false);
3946 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3947 info
->dev_class
, info
->rssi
,
3948 flags
, NULL
, 0, NULL
, 0);
3952 hci_dev_unlock(hdev
);
3955 static void hci_remote_ext_features_evt(struct hci_dev
*hdev
,
3956 struct sk_buff
*skb
)
3958 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
3959 struct hci_conn
*conn
;
3961 BT_DBG("%s", hdev
->name
);
3965 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3969 if (ev
->page
< HCI_MAX_PAGES
)
3970 memcpy(conn
->features
[ev
->page
], ev
->features
, 8);
3972 if (!ev
->status
&& ev
->page
== 0x01) {
3973 struct inquiry_entry
*ie
;
3975 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3977 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3979 if (ev
->features
[0] & LMP_HOST_SSP
) {
3980 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3982 /* It is mandatory by the Bluetooth specification that
3983 * Extended Inquiry Results are only used when Secure
3984 * Simple Pairing is enabled, but some devices violate
3987 * To make these devices work, the internal SSP
3988 * enabled flag needs to be cleared if the remote host
3989 * features do not indicate SSP support */
3990 clear_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3993 if (ev
->features
[0] & LMP_HOST_SC
)
3994 set_bit(HCI_CONN_SC_ENABLED
, &conn
->flags
);
3997 if (conn
->state
!= BT_CONFIG
)
4000 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
4001 struct hci_cp_remote_name_req cp
;
4002 memset(&cp
, 0, sizeof(cp
));
4003 bacpy(&cp
.bdaddr
, &conn
->dst
);
4004 cp
.pscan_rep_mode
= 0x02;
4005 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
4006 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
4007 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
4009 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
4010 conn
->state
= BT_CONNECTED
;
4011 hci_connect_cfm(conn
, ev
->status
);
4012 hci_conn_drop(conn
);
4016 hci_dev_unlock(hdev
);
4019 static void hci_sync_conn_complete_evt(struct hci_dev
*hdev
,
4020 struct sk_buff
*skb
)
4022 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
4023 struct hci_conn
*conn
;
4025 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4029 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
4031 if (ev
->link_type
== ESCO_LINK
)
4034 /* When the link type in the event indicates SCO connection
4035 * and lookup of the connection object fails, then check
4036 * if an eSCO connection object exists.
4038 * The core limits the synchronous connections to either
4039 * SCO or eSCO. The eSCO connection is preferred and tried
4040 * to be setup first and until successfully established,
4041 * the link type will be hinted as eSCO.
4043 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
4048 switch (ev
->status
) {
4050 conn
->handle
= __le16_to_cpu(ev
->handle
);
4051 conn
->state
= BT_CONNECTED
;
4052 conn
->type
= ev
->link_type
;
4054 hci_debugfs_create_conn(conn
);
4055 hci_conn_add_sysfs(conn
);
4058 case 0x10: /* Connection Accept Timeout */
4059 case 0x0d: /* Connection Rejected due to Limited Resources */
4060 case 0x11: /* Unsupported Feature or Parameter Value */
4061 case 0x1c: /* SCO interval rejected */
4062 case 0x1a: /* Unsupported Remote Feature */
4063 case 0x1f: /* Unspecified error */
4064 case 0x20: /* Unsupported LMP Parameter value */
4066 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
4067 (hdev
->esco_type
& EDR_ESCO_MASK
);
4068 if (hci_setup_sync(conn
, conn
->link
->handle
))
4074 conn
->state
= BT_CLOSED
;
4078 hci_connect_cfm(conn
, ev
->status
);
4083 hci_dev_unlock(hdev
);
4086 static inline size_t eir_get_length(u8
*eir
, size_t eir_len
)
4090 while (parsed
< eir_len
) {
4091 u8 field_len
= eir
[0];
4096 parsed
+= field_len
+ 1;
4097 eir
+= field_len
+ 1;
4103 static void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
,
4104 struct sk_buff
*skb
)
4106 struct inquiry_data data
;
4107 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
4108 int num_rsp
= *((__u8
*) skb
->data
);
4111 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
4116 if (hci_dev_test_flag(hdev
, HCI_PERIODIC_INQ
))
4121 for (; num_rsp
; num_rsp
--, info
++) {
4125 bacpy(&data
.bdaddr
, &info
->bdaddr
);
4126 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
4127 data
.pscan_period_mode
= info
->pscan_period_mode
;
4128 data
.pscan_mode
= 0x00;
4129 memcpy(data
.dev_class
, info
->dev_class
, 3);
4130 data
.clock_offset
= info
->clock_offset
;
4131 data
.rssi
= info
->rssi
;
4132 data
.ssp_mode
= 0x01;
4134 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
4135 name_known
= eir_get_data(info
->data
,
4137 EIR_NAME_COMPLETE
, NULL
);
4141 flags
= hci_inquiry_cache_update(hdev
, &data
, name_known
);
4143 eir_len
= eir_get_length(info
->data
, sizeof(info
->data
));
4145 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
4146 info
->dev_class
, info
->rssi
,
4147 flags
, info
->data
, eir_len
, NULL
, 0);
4150 hci_dev_unlock(hdev
);
4153 static void hci_key_refresh_complete_evt(struct hci_dev
*hdev
,
4154 struct sk_buff
*skb
)
4156 struct hci_ev_key_refresh_complete
*ev
= (void *) skb
->data
;
4157 struct hci_conn
*conn
;
4159 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev
->name
, ev
->status
,
4160 __le16_to_cpu(ev
->handle
));
4164 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4168 /* For BR/EDR the necessary steps are taken through the
4169 * auth_complete event.
4171 if (conn
->type
!= LE_LINK
)
4175 conn
->sec_level
= conn
->pending_sec_level
;
4177 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
4179 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
4180 hci_disconnect(conn
, HCI_ERROR_AUTH_FAILURE
);
4181 hci_conn_drop(conn
);
4185 if (conn
->state
== BT_CONFIG
) {
4187 conn
->state
= BT_CONNECTED
;
4189 hci_connect_cfm(conn
, ev
->status
);
4190 hci_conn_drop(conn
);
4192 hci_auth_cfm(conn
, ev
->status
);
4194 hci_conn_hold(conn
);
4195 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
4196 hci_conn_drop(conn
);
4200 hci_dev_unlock(hdev
);
4203 static u8
hci_get_auth_req(struct hci_conn
*conn
)
4205 /* If remote requests no-bonding follow that lead */
4206 if (conn
->remote_auth
== HCI_AT_NO_BONDING
||
4207 conn
->remote_auth
== HCI_AT_NO_BONDING_MITM
)
4208 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
4210 /* If both remote and local have enough IO capabilities, require
4213 if (conn
->remote_cap
!= HCI_IO_NO_INPUT_OUTPUT
&&
4214 conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
)
4215 return conn
->remote_auth
| 0x01;
4217 /* No MITM protection possible so ignore remote requirement */
4218 return (conn
->remote_auth
& ~0x01) | (conn
->auth_type
& 0x01);
4221 static u8
bredr_oob_data_present(struct hci_conn
*conn
)
4223 struct hci_dev
*hdev
= conn
->hdev
;
4224 struct oob_data
*data
;
4226 data
= hci_find_remote_oob_data(hdev
, &conn
->dst
, BDADDR_BREDR
);
4230 if (bredr_sc_enabled(hdev
)) {
4231 /* When Secure Connections is enabled, then just
4232 * return the present value stored with the OOB
4233 * data. The stored value contains the right present
4234 * information. However it can only be trusted when
4235 * not in Secure Connection Only mode.
4237 if (!hci_dev_test_flag(hdev
, HCI_SC_ONLY
))
4238 return data
->present
;
4240 /* When Secure Connections Only mode is enabled, then
4241 * the P-256 values are required. If they are not
4242 * available, then do not declare that OOB data is
4245 if (!memcmp(data
->rand256
, ZERO_KEY
, 16) ||
4246 !memcmp(data
->hash256
, ZERO_KEY
, 16))
4252 /* When Secure Connections is not enabled or actually
4253 * not supported by the hardware, then check that if
4254 * P-192 data values are present.
4256 if (!memcmp(data
->rand192
, ZERO_KEY
, 16) ||
4257 !memcmp(data
->hash192
, ZERO_KEY
, 16))
4263 static void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4265 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
4266 struct hci_conn
*conn
;
4268 BT_DBG("%s", hdev
->name
);
4272 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4276 hci_conn_hold(conn
);
4278 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
4281 /* Allow pairing if we're pairable, the initiators of the
4282 * pairing or if the remote is not requesting bonding.
4284 if (hci_dev_test_flag(hdev
, HCI_BONDABLE
) ||
4285 test_bit(HCI_CONN_AUTH_INITIATOR
, &conn
->flags
) ||
4286 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
4287 struct hci_cp_io_capability_reply cp
;
4289 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4290 /* Change the IO capability from KeyboardDisplay
4291 * to DisplayYesNo as it is not supported by BT spec. */
4292 cp
.capability
= (conn
->io_capability
== 0x04) ?
4293 HCI_IO_DISPLAY_YESNO
: conn
->io_capability
;
4295 /* If we are initiators, there is no remote information yet */
4296 if (conn
->remote_auth
== 0xff) {
4297 /* Request MITM protection if our IO caps allow it
4298 * except for the no-bonding case.
4300 if (conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
&&
4301 conn
->auth_type
!= HCI_AT_NO_BONDING
)
4302 conn
->auth_type
|= 0x01;
4304 conn
->auth_type
= hci_get_auth_req(conn
);
4307 /* If we're not bondable, force one of the non-bondable
4308 * authentication requirement values.
4310 if (!hci_dev_test_flag(hdev
, HCI_BONDABLE
))
4311 conn
->auth_type
&= HCI_AT_NO_BONDING_MITM
;
4313 cp
.authentication
= conn
->auth_type
;
4314 cp
.oob_data
= bredr_oob_data_present(conn
);
4316 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
4319 struct hci_cp_io_capability_neg_reply cp
;
4321 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4322 cp
.reason
= HCI_ERROR_PAIRING_NOT_ALLOWED
;
4324 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
4329 hci_dev_unlock(hdev
);
4332 static void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4334 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
4335 struct hci_conn
*conn
;
4337 BT_DBG("%s", hdev
->name
);
4341 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4345 conn
->remote_cap
= ev
->capability
;
4346 conn
->remote_auth
= ev
->authentication
;
4349 hci_dev_unlock(hdev
);
4352 static void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
4353 struct sk_buff
*skb
)
4355 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
4356 int loc_mitm
, rem_mitm
, confirm_hint
= 0;
4357 struct hci_conn
*conn
;
4359 BT_DBG("%s", hdev
->name
);
4363 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
4366 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4370 loc_mitm
= (conn
->auth_type
& 0x01);
4371 rem_mitm
= (conn
->remote_auth
& 0x01);
4373 /* If we require MITM but the remote device can't provide that
4374 * (it has NoInputNoOutput) then reject the confirmation
4375 * request. We check the security level here since it doesn't
4376 * necessarily match conn->auth_type.
4378 if (conn
->pending_sec_level
> BT_SECURITY_MEDIUM
&&
4379 conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) {
4380 BT_DBG("Rejecting request: remote device can't provide MITM");
4381 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
4382 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
4386 /* If no side requires MITM protection; auto-accept */
4387 if ((!loc_mitm
|| conn
->remote_cap
== HCI_IO_NO_INPUT_OUTPUT
) &&
4388 (!rem_mitm
|| conn
->io_capability
== HCI_IO_NO_INPUT_OUTPUT
)) {
4390 /* If we're not the initiators request authorization to
4391 * proceed from user space (mgmt_user_confirm with
4392 * confirm_hint set to 1). The exception is if neither
4393 * side had MITM or if the local IO capability is
4394 * NoInputNoOutput, in which case we do auto-accept
4396 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) &&
4397 conn
->io_capability
!= HCI_IO_NO_INPUT_OUTPUT
&&
4398 (loc_mitm
|| rem_mitm
)) {
4399 BT_DBG("Confirming auto-accept as acceptor");
4404 BT_DBG("Auto-accept of user confirmation with %ums delay",
4405 hdev
->auto_accept_delay
);
4407 if (hdev
->auto_accept_delay
> 0) {
4408 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
4409 queue_delayed_work(conn
->hdev
->workqueue
,
4410 &conn
->auto_accept_work
, delay
);
4414 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
4415 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
4420 mgmt_user_confirm_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0,
4421 le32_to_cpu(ev
->passkey
), confirm_hint
);
4424 hci_dev_unlock(hdev
);
4427 static void hci_user_passkey_request_evt(struct hci_dev
*hdev
,
4428 struct sk_buff
*skb
)
4430 struct hci_ev_user_passkey_req
*ev
= (void *) skb
->data
;
4432 BT_DBG("%s", hdev
->name
);
4434 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
4435 mgmt_user_passkey_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0);
4438 static void hci_user_passkey_notify_evt(struct hci_dev
*hdev
,
4439 struct sk_buff
*skb
)
4441 struct hci_ev_user_passkey_notify
*ev
= (void *) skb
->data
;
4442 struct hci_conn
*conn
;
4444 BT_DBG("%s", hdev
->name
);
4446 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4450 conn
->passkey_notify
= __le32_to_cpu(ev
->passkey
);
4451 conn
->passkey_entered
= 0;
4453 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
4454 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
4455 conn
->dst_type
, conn
->passkey_notify
,
4456 conn
->passkey_entered
);
4459 static void hci_keypress_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4461 struct hci_ev_keypress_notify
*ev
= (void *) skb
->data
;
4462 struct hci_conn
*conn
;
4464 BT_DBG("%s", hdev
->name
);
4466 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4471 case HCI_KEYPRESS_STARTED
:
4472 conn
->passkey_entered
= 0;
4475 case HCI_KEYPRESS_ENTERED
:
4476 conn
->passkey_entered
++;
4479 case HCI_KEYPRESS_ERASED
:
4480 conn
->passkey_entered
--;
4483 case HCI_KEYPRESS_CLEARED
:
4484 conn
->passkey_entered
= 0;
4487 case HCI_KEYPRESS_COMPLETED
:
4491 if (hci_dev_test_flag(hdev
, HCI_MGMT
))
4492 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
4493 conn
->dst_type
, conn
->passkey_notify
,
4494 conn
->passkey_entered
);
4497 static void hci_simple_pair_complete_evt(struct hci_dev
*hdev
,
4498 struct sk_buff
*skb
)
4500 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
4501 struct hci_conn
*conn
;
4503 BT_DBG("%s", hdev
->name
);
4507 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4511 /* Reset the authentication requirement to unknown */
4512 conn
->remote_auth
= 0xff;
4514 /* To avoid duplicate auth_failed events to user space we check
4515 * the HCI_CONN_AUTH_PEND flag which will be set if we
4516 * initiated the authentication. A traditional auth_complete
4517 * event gets always produced as initiator and is also mapped to
4518 * the mgmt_auth_failed event */
4519 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) && ev
->status
)
4520 mgmt_auth_failed(conn
, ev
->status
);
4522 hci_conn_drop(conn
);
4525 hci_dev_unlock(hdev
);
4528 static void hci_remote_host_features_evt(struct hci_dev
*hdev
,
4529 struct sk_buff
*skb
)
4531 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
4532 struct inquiry_entry
*ie
;
4533 struct hci_conn
*conn
;
4535 BT_DBG("%s", hdev
->name
);
4539 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
4541 memcpy(conn
->features
[1], ev
->features
, 8);
4543 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
4545 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
4547 hci_dev_unlock(hdev
);
4550 static void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
4551 struct sk_buff
*skb
)
4553 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
4554 struct oob_data
*data
;
4556 BT_DBG("%s", hdev
->name
);
4560 if (!hci_dev_test_flag(hdev
, HCI_MGMT
))
4563 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
, BDADDR_BREDR
);
4565 struct hci_cp_remote_oob_data_neg_reply cp
;
4567 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4568 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
,
4573 if (bredr_sc_enabled(hdev
)) {
4574 struct hci_cp_remote_oob_ext_data_reply cp
;
4576 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4577 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
)) {
4578 memset(cp
.hash192
, 0, sizeof(cp
.hash192
));
4579 memset(cp
.rand192
, 0, sizeof(cp
.rand192
));
4581 memcpy(cp
.hash192
, data
->hash192
, sizeof(cp
.hash192
));
4582 memcpy(cp
.rand192
, data
->rand192
, sizeof(cp
.rand192
));
4584 memcpy(cp
.hash256
, data
->hash256
, sizeof(cp
.hash256
));
4585 memcpy(cp
.rand256
, data
->rand256
, sizeof(cp
.rand256
));
4587 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY
,
4590 struct hci_cp_remote_oob_data_reply cp
;
4592 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
4593 memcpy(cp
.hash
, data
->hash192
, sizeof(cp
.hash
));
4594 memcpy(cp
.rand
, data
->rand192
, sizeof(cp
.rand
));
4596 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
,
4601 hci_dev_unlock(hdev
);
4604 #if IS_ENABLED(CONFIG_BT_HS)
4605 static void hci_chan_selected_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4607 struct hci_ev_channel_selected
*ev
= (void *)skb
->data
;
4608 struct hci_conn
*hcon
;
4610 BT_DBG("%s handle 0x%2.2x", hdev
->name
, ev
->phy_handle
);
4612 skb_pull(skb
, sizeof(*ev
));
4614 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4618 amp_read_loc_assoc_final_data(hdev
, hcon
);
4621 static void hci_phy_link_complete_evt(struct hci_dev
*hdev
,
4622 struct sk_buff
*skb
)
4624 struct hci_ev_phy_link_complete
*ev
= (void *) skb
->data
;
4625 struct hci_conn
*hcon
, *bredr_hcon
;
4627 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev
->name
, ev
->phy_handle
,
4632 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4634 hci_dev_unlock(hdev
);
4640 hci_dev_unlock(hdev
);
4644 bredr_hcon
= hcon
->amp_mgr
->l2cap_conn
->hcon
;
4646 hcon
->state
= BT_CONNECTED
;
4647 bacpy(&hcon
->dst
, &bredr_hcon
->dst
);
4649 hci_conn_hold(hcon
);
4650 hcon
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
4651 hci_conn_drop(hcon
);
4653 hci_debugfs_create_conn(hcon
);
4654 hci_conn_add_sysfs(hcon
);
4656 amp_physical_cfm(bredr_hcon
, hcon
);
4658 hci_dev_unlock(hdev
);
4661 static void hci_loglink_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4663 struct hci_ev_logical_link_complete
*ev
= (void *) skb
->data
;
4664 struct hci_conn
*hcon
;
4665 struct hci_chan
*hchan
;
4666 struct amp_mgr
*mgr
;
4668 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4669 hdev
->name
, le16_to_cpu(ev
->handle
), ev
->phy_handle
,
4672 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4676 /* Create AMP hchan */
4677 hchan
= hci_chan_create(hcon
);
4681 hchan
->handle
= le16_to_cpu(ev
->handle
);
4683 BT_DBG("hcon %p mgr %p hchan %p", hcon
, hcon
->amp_mgr
, hchan
);
4685 mgr
= hcon
->amp_mgr
;
4686 if (mgr
&& mgr
->bredr_chan
) {
4687 struct l2cap_chan
*bredr_chan
= mgr
->bredr_chan
;
4689 l2cap_chan_lock(bredr_chan
);
4691 bredr_chan
->conn
->mtu
= hdev
->block_mtu
;
4692 l2cap_logical_cfm(bredr_chan
, hchan
, 0);
4693 hci_conn_hold(hcon
);
4695 l2cap_chan_unlock(bredr_chan
);
4699 static void hci_disconn_loglink_complete_evt(struct hci_dev
*hdev
,
4700 struct sk_buff
*skb
)
4702 struct hci_ev_disconn_logical_link_complete
*ev
= (void *) skb
->data
;
4703 struct hci_chan
*hchan
;
4705 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev
->name
,
4706 le16_to_cpu(ev
->handle
), ev
->status
);
4713 hchan
= hci_chan_lookup_handle(hdev
, le16_to_cpu(ev
->handle
));
4717 amp_destroy_logical_link(hchan
, ev
->reason
);
4720 hci_dev_unlock(hdev
);
4723 static void hci_disconn_phylink_complete_evt(struct hci_dev
*hdev
,
4724 struct sk_buff
*skb
)
4726 struct hci_ev_disconn_phy_link_complete
*ev
= (void *) skb
->data
;
4727 struct hci_conn
*hcon
;
4729 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4736 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
4738 hcon
->state
= BT_CLOSED
;
4742 hci_dev_unlock(hdev
);
4746 static void le_conn_complete_evt(struct hci_dev
*hdev
, u8 status
,
4747 bdaddr_t
*bdaddr
, u8 bdaddr_type
, u8 role
, u16 handle
,
4748 u16 interval
, u16 latency
, u16 supervision_timeout
)
4750 struct hci_conn_params
*params
;
4751 struct hci_conn
*conn
;
4752 struct smp_irk
*irk
;
4757 /* All controllers implicitly stop advertising in the event of a
4758 * connection, so ensure that the state bit is cleared.
4760 hci_dev_clear_flag(hdev
, HCI_LE_ADV
);
4762 conn
= hci_lookup_le_connect(hdev
);
4764 conn
= hci_conn_add(hdev
, LE_LINK
, bdaddr
, role
);
4766 bt_dev_err(hdev
, "no memory for new connection");
4770 conn
->dst_type
= bdaddr_type
;
4772 /* If we didn't have a hci_conn object previously
4773 * but we're in master role this must be something
4774 * initiated using a white list. Since white list based
4775 * connections are not "first class citizens" we don't
4776 * have full tracking of them. Therefore, we go ahead
4777 * with a "best effort" approach of determining the
4778 * initiator address based on the HCI_PRIVACY flag.
4781 conn
->resp_addr_type
= bdaddr_type
;
4782 bacpy(&conn
->resp_addr
, bdaddr
);
4783 if (hci_dev_test_flag(hdev
, HCI_PRIVACY
)) {
4784 conn
->init_addr_type
= ADDR_LE_DEV_RANDOM
;
4785 bacpy(&conn
->init_addr
, &hdev
->rpa
);
4787 hci_copy_identity_address(hdev
,
4789 &conn
->init_addr_type
);
4793 cancel_delayed_work(&conn
->le_conn_timeout
);
4797 /* Set the responder (our side) address type based on
4798 * the advertising address type.
4800 conn
->resp_addr_type
= hdev
->adv_addr_type
;
4801 if (hdev
->adv_addr_type
== ADDR_LE_DEV_RANDOM
)
4802 bacpy(&conn
->resp_addr
, &hdev
->random_addr
);
4804 bacpy(&conn
->resp_addr
, &hdev
->bdaddr
);
4806 conn
->init_addr_type
= bdaddr_type
;
4807 bacpy(&conn
->init_addr
, bdaddr
);
4809 /* For incoming connections, set the default minimum
4810 * and maximum connection interval. They will be used
4811 * to check if the parameters are in range and if not
4812 * trigger the connection update procedure.
4814 conn
->le_conn_min_interval
= hdev
->le_conn_min_interval
;
4815 conn
->le_conn_max_interval
= hdev
->le_conn_max_interval
;
4818 /* Lookup the identity address from the stored connection
4819 * address and address type.
4821 * When establishing connections to an identity address, the
4822 * connection procedure will store the resolvable random
4823 * address first. Now if it can be converted back into the
4824 * identity address, start using the identity address from
4827 irk
= hci_get_irk(hdev
, &conn
->dst
, conn
->dst_type
);
4829 bacpy(&conn
->dst
, &irk
->bdaddr
);
4830 conn
->dst_type
= irk
->addr_type
;
4834 hci_le_conn_failed(conn
, status
);
4838 if (conn
->dst_type
== ADDR_LE_DEV_PUBLIC
)
4839 addr_type
= BDADDR_LE_PUBLIC
;
4841 addr_type
= BDADDR_LE_RANDOM
;
4843 /* Drop the connection if the device is blocked */
4844 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, &conn
->dst
, addr_type
)) {
4845 hci_conn_drop(conn
);
4849 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
4850 mgmt_device_connected(hdev
, conn
, 0, NULL
, 0);
4852 conn
->sec_level
= BT_SECURITY_LOW
;
4853 conn
->handle
= handle
;
4854 conn
->state
= BT_CONFIG
;
4856 conn
->le_conn_interval
= interval
;
4857 conn
->le_conn_latency
= latency
;
4858 conn
->le_supv_timeout
= supervision_timeout
;
4860 hci_debugfs_create_conn(conn
);
4861 hci_conn_add_sysfs(conn
);
4864 /* The remote features procedure is defined for master
4865 * role only. So only in case of an initiated connection
4866 * request the remote features.
4868 * If the local controller supports slave-initiated features
4869 * exchange, then requesting the remote features in slave
4870 * role is possible. Otherwise just transition into the
4871 * connected state without requesting the remote features.
4874 (hdev
->le_features
[0] & HCI_LE_SLAVE_FEATURES
)) {
4875 struct hci_cp_le_read_remote_features cp
;
4877 cp
.handle
= __cpu_to_le16(conn
->handle
);
4879 hci_send_cmd(hdev
, HCI_OP_LE_READ_REMOTE_FEATURES
,
4882 hci_conn_hold(conn
);
4884 conn
->state
= BT_CONNECTED
;
4885 hci_connect_cfm(conn
, status
);
4888 hci_connect_cfm(conn
, status
);
4891 params
= hci_pend_le_action_lookup(&hdev
->pend_le_conns
, &conn
->dst
,
4894 list_del_init(¶ms
->action
);
4896 hci_conn_drop(params
->conn
);
4897 hci_conn_put(params
->conn
);
4898 params
->conn
= NULL
;
4903 hci_update_background_scan(hdev
);
4904 hci_dev_unlock(hdev
);
4907 static void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
4909 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
4911 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4913 le_conn_complete_evt(hdev
, ev
->status
, &ev
->bdaddr
, ev
->bdaddr_type
,
4914 ev
->role
, le16_to_cpu(ev
->handle
),
4915 le16_to_cpu(ev
->interval
),
4916 le16_to_cpu(ev
->latency
),
4917 le16_to_cpu(ev
->supervision_timeout
));
4920 static void hci_le_enh_conn_complete_evt(struct hci_dev
*hdev
,
4921 struct sk_buff
*skb
)
4923 struct hci_ev_le_enh_conn_complete
*ev
= (void *) skb
->data
;
4925 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4927 le_conn_complete_evt(hdev
, ev
->status
, &ev
->bdaddr
, ev
->bdaddr_type
,
4928 ev
->role
, le16_to_cpu(ev
->handle
),
4929 le16_to_cpu(ev
->interval
),
4930 le16_to_cpu(ev
->latency
),
4931 le16_to_cpu(ev
->supervision_timeout
));
4934 static void hci_le_conn_update_complete_evt(struct hci_dev
*hdev
,
4935 struct sk_buff
*skb
)
4937 struct hci_ev_le_conn_update_complete
*ev
= (void *) skb
->data
;
4938 struct hci_conn
*conn
;
4940 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
4947 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
4949 conn
->le_conn_interval
= le16_to_cpu(ev
->interval
);
4950 conn
->le_conn_latency
= le16_to_cpu(ev
->latency
);
4951 conn
->le_supv_timeout
= le16_to_cpu(ev
->supervision_timeout
);
4954 hci_dev_unlock(hdev
);
4957 /* This function requires the caller holds hdev->lock */
4958 static struct hci_conn
*check_pending_le_conn(struct hci_dev
*hdev
,
4960 u8 addr_type
, u8 adv_type
,
4961 bdaddr_t
*direct_rpa
)
4963 struct hci_conn
*conn
;
4964 struct hci_conn_params
*params
;
4966 /* If the event is not connectable don't proceed further */
4967 if (adv_type
!= LE_ADV_IND
&& adv_type
!= LE_ADV_DIRECT_IND
)
4970 /* Ignore if the device is blocked */
4971 if (hci_bdaddr_list_lookup(&hdev
->blacklist
, addr
, addr_type
))
4974 /* Most controller will fail if we try to create new connections
4975 * while we have an existing one in slave role.
4977 if (hdev
->conn_hash
.le_num_slave
> 0)
4980 /* If we're not connectable only connect devices that we have in
4981 * our pend_le_conns list.
4983 params
= hci_pend_le_action_lookup(&hdev
->pend_le_conns
, addr
,
4988 if (!params
->explicit_connect
) {
4989 switch (params
->auto_connect
) {
4990 case HCI_AUTO_CONN_DIRECT
:
4991 /* Only devices advertising with ADV_DIRECT_IND are
4992 * triggering a connection attempt. This is allowing
4993 * incoming connections from slave devices.
4995 if (adv_type
!= LE_ADV_DIRECT_IND
)
4998 case HCI_AUTO_CONN_ALWAYS
:
4999 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
5000 * are triggering a connection attempt. This means
5001 * that incoming connectioms from slave device are
5002 * accepted and also outgoing connections to slave
5003 * devices are established when found.
5011 conn
= hci_connect_le(hdev
, addr
, addr_type
, BT_SECURITY_LOW
,
5012 HCI_LE_AUTOCONN_TIMEOUT
, HCI_ROLE_MASTER
,
5014 if (!IS_ERR(conn
)) {
5015 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
5016 * by higher layer that tried to connect, if no then
5017 * store the pointer since we don't really have any
5018 * other owner of the object besides the params that
5019 * triggered it. This way we can abort the connection if
5020 * the parameters get removed and keep the reference
5021 * count consistent once the connection is established.
5024 if (!params
->explicit_connect
)
5025 params
->conn
= hci_conn_get(conn
);
5030 switch (PTR_ERR(conn
)) {
5032 /* If hci_connect() returns -EBUSY it means there is already
5033 * an LE connection attempt going on. Since controllers don't
5034 * support more than one connection attempt at the time, we
5035 * don't consider this an error case.
5039 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn
));
5046 static void process_adv_report(struct hci_dev
*hdev
, u8 type
, bdaddr_t
*bdaddr
,
5047 u8 bdaddr_type
, bdaddr_t
*direct_addr
,
5048 u8 direct_addr_type
, s8 rssi
, u8
*data
, u8 len
)
5050 struct discovery_state
*d
= &hdev
->discovery
;
5051 struct smp_irk
*irk
;
5052 struct hci_conn
*conn
;
5059 case LE_ADV_DIRECT_IND
:
5060 case LE_ADV_SCAN_IND
:
5061 case LE_ADV_NONCONN_IND
:
5062 case LE_ADV_SCAN_RSP
:
5065 bt_dev_err_ratelimited(hdev
, "unknown advertising packet "
5066 "type: 0x%02x", type
);
5070 /* Find the end of the data in case the report contains padded zero
5071 * bytes at the end causing an invalid length value.
5073 * When data is NULL, len is 0 so there is no need for extra ptr
5074 * check as 'ptr < data + 0' is already false in such case.
5076 for (ptr
= data
; ptr
< data
+ len
&& *ptr
; ptr
+= *ptr
+ 1) {
5077 if (ptr
+ 1 + *ptr
> data
+ len
)
5081 real_len
= ptr
- data
;
5083 /* Adjust for actual length */
5084 if (len
!= real_len
) {
5085 bt_dev_err_ratelimited(hdev
, "advertising data len corrected");
5089 /* If the direct address is present, then this report is from
5090 * a LE Direct Advertising Report event. In that case it is
5091 * important to see if the address is matching the local
5092 * controller address.
5095 /* Only resolvable random addresses are valid for these
5096 * kind of reports and others can be ignored.
5098 if (!hci_bdaddr_is_rpa(direct_addr
, direct_addr_type
))
5101 /* If the controller is not using resolvable random
5102 * addresses, then this report can be ignored.
5104 if (!hci_dev_test_flag(hdev
, HCI_PRIVACY
))
5107 /* If the local IRK of the controller does not match
5108 * with the resolvable random address provided, then
5109 * this report can be ignored.
5111 if (!smp_irk_matches(hdev
, hdev
->irk
, direct_addr
))
5115 /* Check if we need to convert to identity address */
5116 irk
= hci_get_irk(hdev
, bdaddr
, bdaddr_type
);
5118 bdaddr
= &irk
->bdaddr
;
5119 bdaddr_type
= irk
->addr_type
;
5122 /* Check if we have been requested to connect to this device.
5124 * direct_addr is set only for directed advertising reports (it is NULL
5125 * for advertising reports) and is already verified to be RPA above.
5127 conn
= check_pending_le_conn(hdev
, bdaddr
, bdaddr_type
, type
,
5129 if (conn
&& type
== LE_ADV_IND
) {
5130 /* Store report for later inclusion by
5131 * mgmt_device_connected
5133 memcpy(conn
->le_adv_data
, data
, len
);
5134 conn
->le_adv_data_len
= len
;
5137 /* Passive scanning shouldn't trigger any device found events,
5138 * except for devices marked as CONN_REPORT for which we do send
5139 * device found events.
5141 if (hdev
->le_scan_type
== LE_SCAN_PASSIVE
) {
5142 if (type
== LE_ADV_DIRECT_IND
)
5145 if (!hci_pend_le_action_lookup(&hdev
->pend_le_reports
,
5146 bdaddr
, bdaddr_type
))
5149 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
)
5150 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
5153 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
5154 rssi
, flags
, data
, len
, NULL
, 0);
5158 /* When receiving non-connectable or scannable undirected
5159 * advertising reports, this means that the remote device is
5160 * not connectable and then clearly indicate this in the
5161 * device found event.
5163 * When receiving a scan response, then there is no way to
5164 * know if the remote device is connectable or not. However
5165 * since scan responses are merged with a previously seen
5166 * advertising report, the flags field from that report
5169 * In the really unlikely case that a controller get confused
5170 * and just sends a scan response event, then it is marked as
5171 * not connectable as well.
5173 if (type
== LE_ADV_NONCONN_IND
|| type
== LE_ADV_SCAN_IND
||
5174 type
== LE_ADV_SCAN_RSP
)
5175 flags
= MGMT_DEV_FOUND_NOT_CONNECTABLE
;
5179 /* If there's nothing pending either store the data from this
5180 * event or send an immediate device found event if the data
5181 * should not be stored for later.
5183 if (!has_pending_adv_report(hdev
)) {
5184 /* If the report will trigger a SCAN_REQ store it for
5187 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
5188 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
5189 rssi
, flags
, data
, len
);
5193 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
5194 rssi
, flags
, data
, len
, NULL
, 0);
5198 /* Check if the pending report is for the same device as the new one */
5199 match
= (!bacmp(bdaddr
, &d
->last_adv_addr
) &&
5200 bdaddr_type
== d
->last_adv_addr_type
);
5202 /* If the pending data doesn't match this report or this isn't a
5203 * scan response (e.g. we got a duplicate ADV_IND) then force
5204 * sending of the pending data.
5206 if (type
!= LE_ADV_SCAN_RSP
|| !match
) {
5207 /* Send out whatever is in the cache, but skip duplicates */
5209 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
5210 d
->last_adv_addr_type
, NULL
,
5211 d
->last_adv_rssi
, d
->last_adv_flags
,
5213 d
->last_adv_data_len
, NULL
, 0);
5215 /* If the new report will trigger a SCAN_REQ store it for
5218 if (type
== LE_ADV_IND
|| type
== LE_ADV_SCAN_IND
) {
5219 store_pending_adv_report(hdev
, bdaddr
, bdaddr_type
,
5220 rssi
, flags
, data
, len
);
5224 /* The advertising reports cannot be merged, so clear
5225 * the pending report and send out a device found event.
5227 clear_pending_adv_report(hdev
);
5228 mgmt_device_found(hdev
, bdaddr
, LE_LINK
, bdaddr_type
, NULL
,
5229 rssi
, flags
, data
, len
, NULL
, 0);
5233 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5234 * the new event is a SCAN_RSP. We can therefore proceed with
5235 * sending a merged device found event.
5237 mgmt_device_found(hdev
, &d
->last_adv_addr
, LE_LINK
,
5238 d
->last_adv_addr_type
, NULL
, rssi
, d
->last_adv_flags
,
5239 d
->last_adv_data
, d
->last_adv_data_len
, data
, len
);
5240 clear_pending_adv_report(hdev
);
5243 static void hci_le_adv_report_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
5245 u8 num_reports
= skb
->data
[0];
5246 void *ptr
= &skb
->data
[1];
5250 while (num_reports
--) {
5251 struct hci_ev_le_advertising_info
*ev
= ptr
;
5254 if (ev
->length
<= HCI_MAX_AD_LENGTH
) {
5255 rssi
= ev
->data
[ev
->length
];
5256 process_adv_report(hdev
, ev
->evt_type
, &ev
->bdaddr
,
5257 ev
->bdaddr_type
, NULL
, 0, rssi
,
5258 ev
->data
, ev
->length
);
5260 bt_dev_err(hdev
, "Dropping invalid advertising data");
5263 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
5266 hci_dev_unlock(hdev
);
5269 static u8
ext_evt_type_to_legacy(u16 evt_type
)
5271 if (evt_type
& LE_EXT_ADV_LEGACY_PDU
) {
5273 case LE_LEGACY_ADV_IND
:
5275 case LE_LEGACY_ADV_DIRECT_IND
:
5276 return LE_ADV_DIRECT_IND
;
5277 case LE_LEGACY_ADV_SCAN_IND
:
5278 return LE_ADV_SCAN_IND
;
5279 case LE_LEGACY_NONCONN_IND
:
5280 return LE_ADV_NONCONN_IND
;
5281 case LE_LEGACY_SCAN_RSP_ADV
:
5282 case LE_LEGACY_SCAN_RSP_ADV_SCAN
:
5283 return LE_ADV_SCAN_RSP
;
5286 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5289 return LE_ADV_INVALID
;
5292 if (evt_type
& LE_EXT_ADV_CONN_IND
) {
5293 if (evt_type
& LE_EXT_ADV_DIRECT_IND
)
5294 return LE_ADV_DIRECT_IND
;
5299 if (evt_type
& LE_EXT_ADV_SCAN_RSP
)
5300 return LE_ADV_SCAN_RSP
;
5302 if (evt_type
& LE_EXT_ADV_SCAN_IND
)
5303 return LE_ADV_SCAN_IND
;
5305 if (evt_type
== LE_EXT_ADV_NON_CONN_IND
||
5306 evt_type
& LE_EXT_ADV_DIRECT_IND
)
5307 return LE_ADV_NONCONN_IND
;
5309 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5312 return LE_ADV_INVALID
;
5315 static void hci_le_ext_adv_report_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
5317 u8 num_reports
= skb
->data
[0];
5318 void *ptr
= &skb
->data
[1];
5322 while (num_reports
--) {
5323 struct hci_ev_le_ext_adv_report
*ev
= ptr
;
5327 evt_type
= __le16_to_cpu(ev
->evt_type
);
5328 legacy_evt_type
= ext_evt_type_to_legacy(evt_type
);
5329 if (legacy_evt_type
!= LE_ADV_INVALID
) {
5330 process_adv_report(hdev
, legacy_evt_type
, &ev
->bdaddr
,
5331 ev
->bdaddr_type
, NULL
, 0, ev
->rssi
,
5332 ev
->data
, ev
->length
);
5335 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
5338 hci_dev_unlock(hdev
);
5341 static void hci_le_remote_feat_complete_evt(struct hci_dev
*hdev
,
5342 struct sk_buff
*skb
)
5344 struct hci_ev_le_remote_feat_complete
*ev
= (void *)skb
->data
;
5345 struct hci_conn
*conn
;
5347 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
5351 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
5354 memcpy(conn
->features
[0], ev
->features
, 8);
5356 if (conn
->state
== BT_CONFIG
) {
5359 /* If the local controller supports slave-initiated
5360 * features exchange, but the remote controller does
5361 * not, then it is possible that the error code 0x1a
5362 * for unsupported remote feature gets returned.
5364 * In this specific case, allow the connection to
5365 * transition into connected state and mark it as
5368 if ((hdev
->le_features
[0] & HCI_LE_SLAVE_FEATURES
) &&
5369 !conn
->out
&& ev
->status
== 0x1a)
5372 status
= ev
->status
;
5374 conn
->state
= BT_CONNECTED
;
5375 hci_connect_cfm(conn
, status
);
5376 hci_conn_drop(conn
);
5380 hci_dev_unlock(hdev
);
5383 static void hci_le_ltk_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
5385 struct hci_ev_le_ltk_req
*ev
= (void *) skb
->data
;
5386 struct hci_cp_le_ltk_reply cp
;
5387 struct hci_cp_le_ltk_neg_reply neg
;
5388 struct hci_conn
*conn
;
5389 struct smp_ltk
*ltk
;
5391 BT_DBG("%s handle 0x%4.4x", hdev
->name
, __le16_to_cpu(ev
->handle
));
5395 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
5399 ltk
= hci_find_ltk(hdev
, &conn
->dst
, conn
->dst_type
, conn
->role
);
5403 if (smp_ltk_is_sc(ltk
)) {
5404 /* With SC both EDiv and Rand are set to zero */
5405 if (ev
->ediv
|| ev
->rand
)
5408 /* For non-SC keys check that EDiv and Rand match */
5409 if (ev
->ediv
!= ltk
->ediv
|| ev
->rand
!= ltk
->rand
)
5413 memcpy(cp
.ltk
, ltk
->val
, ltk
->enc_size
);
5414 memset(cp
.ltk
+ ltk
->enc_size
, 0, sizeof(cp
.ltk
) - ltk
->enc_size
);
5415 cp
.handle
= cpu_to_le16(conn
->handle
);
5417 conn
->pending_sec_level
= smp_ltk_sec_level(ltk
);
5419 conn
->enc_key_size
= ltk
->enc_size
;
5421 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
5423 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5424 * temporary key used to encrypt a connection following
5425 * pairing. It is used during the Encrypted Session Setup to
5426 * distribute the keys. Later, security can be re-established
5427 * using a distributed LTK.
5429 if (ltk
->type
== SMP_STK
) {
5430 set_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
5431 list_del_rcu(<k
->list
);
5432 kfree_rcu(ltk
, rcu
);
5434 clear_bit(HCI_CONN_STK_ENCRYPT
, &conn
->flags
);
5437 hci_dev_unlock(hdev
);
5442 neg
.handle
= ev
->handle
;
5443 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(neg
), &neg
);
5444 hci_dev_unlock(hdev
);
5447 static void send_conn_param_neg_reply(struct hci_dev
*hdev
, u16 handle
,
5450 struct hci_cp_le_conn_param_req_neg_reply cp
;
5452 cp
.handle
= cpu_to_le16(handle
);
5455 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY
, sizeof(cp
),
5459 static void hci_le_remote_conn_param_req_evt(struct hci_dev
*hdev
,
5460 struct sk_buff
*skb
)
5462 struct hci_ev_le_remote_conn_param_req
*ev
= (void *) skb
->data
;
5463 struct hci_cp_le_conn_param_req_reply cp
;
5464 struct hci_conn
*hcon
;
5465 u16 handle
, min
, max
, latency
, timeout
;
5467 handle
= le16_to_cpu(ev
->handle
);
5468 min
= le16_to_cpu(ev
->interval_min
);
5469 max
= le16_to_cpu(ev
->interval_max
);
5470 latency
= le16_to_cpu(ev
->latency
);
5471 timeout
= le16_to_cpu(ev
->timeout
);
5473 hcon
= hci_conn_hash_lookup_handle(hdev
, handle
);
5474 if (!hcon
|| hcon
->state
!= BT_CONNECTED
)
5475 return send_conn_param_neg_reply(hdev
, handle
,
5476 HCI_ERROR_UNKNOWN_CONN_ID
);
5478 if (hci_check_conn_params(min
, max
, latency
, timeout
))
5479 return send_conn_param_neg_reply(hdev
, handle
,
5480 HCI_ERROR_INVALID_LL_PARAMS
);
5482 if (hcon
->role
== HCI_ROLE_MASTER
) {
5483 struct hci_conn_params
*params
;
5488 params
= hci_conn_params_lookup(hdev
, &hcon
->dst
,
5491 params
->conn_min_interval
= min
;
5492 params
->conn_max_interval
= max
;
5493 params
->conn_latency
= latency
;
5494 params
->supervision_timeout
= timeout
;
5500 hci_dev_unlock(hdev
);
5502 mgmt_new_conn_param(hdev
, &hcon
->dst
, hcon
->dst_type
,
5503 store_hint
, min
, max
, latency
, timeout
);
5506 cp
.handle
= ev
->handle
;
5507 cp
.interval_min
= ev
->interval_min
;
5508 cp
.interval_max
= ev
->interval_max
;
5509 cp
.latency
= ev
->latency
;
5510 cp
.timeout
= ev
->timeout
;
5514 hci_send_cmd(hdev
, HCI_OP_LE_CONN_PARAM_REQ_REPLY
, sizeof(cp
), &cp
);
5517 static void hci_le_direct_adv_report_evt(struct hci_dev
*hdev
,
5518 struct sk_buff
*skb
)
5520 u8 num_reports
= skb
->data
[0];
5521 void *ptr
= &skb
->data
[1];
5525 while (num_reports
--) {
5526 struct hci_ev_le_direct_adv_info
*ev
= ptr
;
5528 process_adv_report(hdev
, ev
->evt_type
, &ev
->bdaddr
,
5529 ev
->bdaddr_type
, &ev
->direct_addr
,
5530 ev
->direct_addr_type
, ev
->rssi
, NULL
, 0);
5535 hci_dev_unlock(hdev
);
5538 static void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
5540 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
5542 skb_pull(skb
, sizeof(*le_ev
));
5544 switch (le_ev
->subevent
) {
5545 case HCI_EV_LE_CONN_COMPLETE
:
5546 hci_le_conn_complete_evt(hdev
, skb
);
5549 case HCI_EV_LE_CONN_UPDATE_COMPLETE
:
5550 hci_le_conn_update_complete_evt(hdev
, skb
);
5553 case HCI_EV_LE_ADVERTISING_REPORT
:
5554 hci_le_adv_report_evt(hdev
, skb
);
5557 case HCI_EV_LE_REMOTE_FEAT_COMPLETE
:
5558 hci_le_remote_feat_complete_evt(hdev
, skb
);
5561 case HCI_EV_LE_LTK_REQ
:
5562 hci_le_ltk_request_evt(hdev
, skb
);
5565 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ
:
5566 hci_le_remote_conn_param_req_evt(hdev
, skb
);
5569 case HCI_EV_LE_DIRECT_ADV_REPORT
:
5570 hci_le_direct_adv_report_evt(hdev
, skb
);
5573 case HCI_EV_LE_EXT_ADV_REPORT
:
5574 hci_le_ext_adv_report_evt(hdev
, skb
);
5577 case HCI_EV_LE_ENHANCED_CONN_COMPLETE
:
5578 hci_le_enh_conn_complete_evt(hdev
, skb
);
5586 static bool hci_get_cmd_complete(struct hci_dev
*hdev
, u16 opcode
,
5587 u8 event
, struct sk_buff
*skb
)
5589 struct hci_ev_cmd_complete
*ev
;
5590 struct hci_event_hdr
*hdr
;
5595 if (skb
->len
< sizeof(*hdr
)) {
5596 bt_dev_err(hdev
, "too short HCI event");
5600 hdr
= (void *) skb
->data
;
5601 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
5604 if (hdr
->evt
!= event
)
5609 if (hdr
->evt
!= HCI_EV_CMD_COMPLETE
) {
5610 bt_dev_err(hdev
, "last event is not cmd complete (0x%2.2x)",
5615 if (skb
->len
< sizeof(*ev
)) {
5616 bt_dev_err(hdev
, "too short cmd_complete event");
5620 ev
= (void *) skb
->data
;
5621 skb_pull(skb
, sizeof(*ev
));
5623 if (opcode
!= __le16_to_cpu(ev
->opcode
)) {
5624 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode
,
5625 __le16_to_cpu(ev
->opcode
));
5632 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
5634 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
5635 hci_req_complete_t req_complete
= NULL
;
5636 hci_req_complete_skb_t req_complete_skb
= NULL
;
5637 struct sk_buff
*orig_skb
= NULL
;
5638 u8 status
= 0, event
= hdr
->evt
, req_evt
= 0;
5639 u16 opcode
= HCI_OP_NOP
;
5641 if (hdev
->sent_cmd
&& bt_cb(hdev
->sent_cmd
)->hci
.req_event
== event
) {
5642 struct hci_command_hdr
*cmd_hdr
= (void *) hdev
->sent_cmd
->data
;
5643 opcode
= __le16_to_cpu(cmd_hdr
->opcode
);
5644 hci_req_cmd_complete(hdev
, opcode
, status
, &req_complete
,
5649 /* If it looks like we might end up having to call
5650 * req_complete_skb, store a pristine copy of the skb since the
5651 * various handlers may modify the original one through
5652 * skb_pull() calls, etc.
5654 if (req_complete_skb
|| event
== HCI_EV_CMD_STATUS
||
5655 event
== HCI_EV_CMD_COMPLETE
)
5656 orig_skb
= skb_clone(skb
, GFP_KERNEL
);
5658 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
5661 case HCI_EV_INQUIRY_COMPLETE
:
5662 hci_inquiry_complete_evt(hdev
, skb
);
5665 case HCI_EV_INQUIRY_RESULT
:
5666 hci_inquiry_result_evt(hdev
, skb
);
5669 case HCI_EV_CONN_COMPLETE
:
5670 hci_conn_complete_evt(hdev
, skb
);
5673 case HCI_EV_CONN_REQUEST
:
5674 hci_conn_request_evt(hdev
, skb
);
5677 case HCI_EV_DISCONN_COMPLETE
:
5678 hci_disconn_complete_evt(hdev
, skb
);
5681 case HCI_EV_AUTH_COMPLETE
:
5682 hci_auth_complete_evt(hdev
, skb
);
5685 case HCI_EV_REMOTE_NAME
:
5686 hci_remote_name_evt(hdev
, skb
);
5689 case HCI_EV_ENCRYPT_CHANGE
:
5690 hci_encrypt_change_evt(hdev
, skb
);
5693 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
5694 hci_change_link_key_complete_evt(hdev
, skb
);
5697 case HCI_EV_REMOTE_FEATURES
:
5698 hci_remote_features_evt(hdev
, skb
);
5701 case HCI_EV_CMD_COMPLETE
:
5702 hci_cmd_complete_evt(hdev
, skb
, &opcode
, &status
,
5703 &req_complete
, &req_complete_skb
);
5706 case HCI_EV_CMD_STATUS
:
5707 hci_cmd_status_evt(hdev
, skb
, &opcode
, &status
, &req_complete
,
5711 case HCI_EV_HARDWARE_ERROR
:
5712 hci_hardware_error_evt(hdev
, skb
);
5715 case HCI_EV_ROLE_CHANGE
:
5716 hci_role_change_evt(hdev
, skb
);
5719 case HCI_EV_NUM_COMP_PKTS
:
5720 hci_num_comp_pkts_evt(hdev
, skb
);
5723 case HCI_EV_MODE_CHANGE
:
5724 hci_mode_change_evt(hdev
, skb
);
5727 case HCI_EV_PIN_CODE_REQ
:
5728 hci_pin_code_request_evt(hdev
, skb
);
5731 case HCI_EV_LINK_KEY_REQ
:
5732 hci_link_key_request_evt(hdev
, skb
);
5735 case HCI_EV_LINK_KEY_NOTIFY
:
5736 hci_link_key_notify_evt(hdev
, skb
);
5739 case HCI_EV_CLOCK_OFFSET
:
5740 hci_clock_offset_evt(hdev
, skb
);
5743 case HCI_EV_PKT_TYPE_CHANGE
:
5744 hci_pkt_type_change_evt(hdev
, skb
);
5747 case HCI_EV_PSCAN_REP_MODE
:
5748 hci_pscan_rep_mode_evt(hdev
, skb
);
5751 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
5752 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
5755 case HCI_EV_REMOTE_EXT_FEATURES
:
5756 hci_remote_ext_features_evt(hdev
, skb
);
5759 case HCI_EV_SYNC_CONN_COMPLETE
:
5760 hci_sync_conn_complete_evt(hdev
, skb
);
5763 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
5764 hci_extended_inquiry_result_evt(hdev
, skb
);
5767 case HCI_EV_KEY_REFRESH_COMPLETE
:
5768 hci_key_refresh_complete_evt(hdev
, skb
);
5771 case HCI_EV_IO_CAPA_REQUEST
:
5772 hci_io_capa_request_evt(hdev
, skb
);
5775 case HCI_EV_IO_CAPA_REPLY
:
5776 hci_io_capa_reply_evt(hdev
, skb
);
5779 case HCI_EV_USER_CONFIRM_REQUEST
:
5780 hci_user_confirm_request_evt(hdev
, skb
);
5783 case HCI_EV_USER_PASSKEY_REQUEST
:
5784 hci_user_passkey_request_evt(hdev
, skb
);
5787 case HCI_EV_USER_PASSKEY_NOTIFY
:
5788 hci_user_passkey_notify_evt(hdev
, skb
);
5791 case HCI_EV_KEYPRESS_NOTIFY
:
5792 hci_keypress_notify_evt(hdev
, skb
);
5795 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
5796 hci_simple_pair_complete_evt(hdev
, skb
);
5799 case HCI_EV_REMOTE_HOST_FEATURES
:
5800 hci_remote_host_features_evt(hdev
, skb
);
5803 case HCI_EV_LE_META
:
5804 hci_le_meta_evt(hdev
, skb
);
5807 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
5808 hci_remote_oob_data_request_evt(hdev
, skb
);
5811 #if IS_ENABLED(CONFIG_BT_HS)
5812 case HCI_EV_CHANNEL_SELECTED
:
5813 hci_chan_selected_evt(hdev
, skb
);
5816 case HCI_EV_PHY_LINK_COMPLETE
:
5817 hci_phy_link_complete_evt(hdev
, skb
);
5820 case HCI_EV_LOGICAL_LINK_COMPLETE
:
5821 hci_loglink_complete_evt(hdev
, skb
);
5824 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE
:
5825 hci_disconn_loglink_complete_evt(hdev
, skb
);
5828 case HCI_EV_DISCONN_PHY_LINK_COMPLETE
:
5829 hci_disconn_phylink_complete_evt(hdev
, skb
);
5833 case HCI_EV_NUM_COMP_BLOCKS
:
5834 hci_num_comp_blocks_evt(hdev
, skb
);
5838 BT_DBG("%s event 0x%2.2x", hdev
->name
, event
);
5843 req_complete(hdev
, status
, opcode
);
5844 } else if (req_complete_skb
) {
5845 if (!hci_get_cmd_complete(hdev
, opcode
, req_evt
, orig_skb
)) {
5846 kfree_skb(orig_skb
);
5849 req_complete_skb(hdev
, status
, opcode
, orig_skb
);
5852 kfree_skb(orig_skb
);
5854 hdev
->stat
.evt_rx
++;