search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 3.12.28
[linux/fpc-iii.git] / net / bluetooth / hci_event.c
blob729f516ecd63c5766ac9147f11b085ac2f1e5f90
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39 __u8 status = *((__u8 *) skb->data);
40
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43 if (status)
44 return;
45
46 clear_bit(HCI_INQUIRY, &hdev->flags);
47 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
48 wake_up_bit(&hdev->flags, HCI_INQUIRY);
49
50 hci_dev_lock(hdev);
51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
52 hci_dev_unlock(hdev);
53
54 hci_conn_check_pending(hdev);
55 }
56
57 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
58 {
59 __u8 status = *((__u8 *) skb->data);
60
61 BT_DBG("%s status 0x%2.2x", hdev->name, status);
62
63 if (status)
64 return;
65
66 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
67 }
68
69 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70 {
71 __u8 status = *((__u8 *) skb->data);
72
73 BT_DBG("%s status 0x%2.2x", hdev->name, status);
74
75 if (status)
76 return;
77
78 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
79
80 hci_conn_check_pending(hdev);
81 }
82
83 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
84 struct sk_buff *skb)
85 {
86 BT_DBG("%s", hdev->name);
87 }
88
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90 {
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
107 }
108
109 hci_dev_unlock(hdev);
110 }
111
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113 {
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129 }
130
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
132 {
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
135 void *sent;
136
137 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
138
139 if (rp->status)
140 return;
141
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = get_unaligned_le16(sent + 2);
151
152 hci_dev_unlock(hdev);
153 }
154
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
156 struct sk_buff *skb)
157 {
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166 }
167
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
169 struct sk_buff *skb)
170 {
171 __u8 status = *((__u8 *) skb->data);
172 void *sent;
173
174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
175
176 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 if (!sent)
178 return;
179
180 if (!status)
181 hdev->link_policy = get_unaligned_le16(sent);
182 }
183
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185 {
186 __u8 status = *((__u8 *) skb->data);
187
188 BT_DBG("%s status 0x%2.2x", hdev->name, status);
189
190 clear_bit(HCI_RESET, &hdev->flags);
191
192 /* Reset all non-persistent flags */
193 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
194
195 hdev->discovery.state = DISCOVERY_STOPPED;
196 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
197 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
198
199 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
200 hdev->adv_data_len = 0;
201 }
202
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204 {
205 __u8 status = *((__u8 *) skb->data);
206 void *sent;
207
208 BT_DBG("%s status 0x%2.2x", hdev->name, status);
209
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
211 if (!sent)
212 return;
213
214 hci_dev_lock(hdev);
215
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
218 else if (!status)
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
220
221 hci_dev_unlock(hdev);
222 }
223
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 {
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 }
236
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238 {
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%2.2x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
255 }
256
257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259 }
260
261 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
262 {
263 __u8 status = *((__u8 *) skb->data);
264 void *sent;
265
266 BT_DBG("%s status 0x%2.2x", hdev->name, status);
267
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
269 if (!sent)
270 return;
271
272 if (!status) {
273 __u8 param = *((__u8 *) sent);
274
275 if (param)
276 set_bit(HCI_ENCRYPT, &hdev->flags);
277 else
278 clear_bit(HCI_ENCRYPT, &hdev->flags);
279 }
280 }
281
282 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283 {
284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
286 void *sent;
287
288 BT_DBG("%s status 0x%2.2x", hdev->name, status);
289
290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
291 if (!sent)
292 return;
293
294 param = *((__u8 *) sent);
295
296 hci_dev_lock(hdev);
297
298 if (status) {
299 mgmt_write_scan_failed(hdev, param, status);
300 hdev->discov_timeout = 0;
301 goto done;
302 }
303
304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
309 if (!old_iscan)
310 mgmt_discoverable(hdev, 1);
311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
314 to);
315 }
316 } else if (old_iscan)
317 mgmt_discoverable(hdev, 0);
318
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
321 if (!old_pscan)
322 mgmt_connectable(hdev, 1);
323 } else if (old_pscan)
324 mgmt_connectable(hdev, 0);
325
326 done:
327 hci_dev_unlock(hdev);
328 }
329
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331 {
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
333
334 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
335
336 if (rp->status)
337 return;
338
339 memcpy(hdev->dev_class, rp->dev_class, 3);
340
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343 }
344
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346 {
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
349
350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
351
352 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
353 if (!sent)
354 return;
355
356 hci_dev_lock(hdev);
357
358 if (status == 0)
359 memcpy(hdev->dev_class, sent, 3);
360
361 if (test_bit(HCI_MGMT, &hdev->dev_flags))
362 mgmt_set_class_of_dev_complete(hdev, sent, status);
363
364 hci_dev_unlock(hdev);
365 }
366
367 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368 {
369 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
370 __u16 setting;
371
372 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
373
374 if (rp->status)
375 return;
376
377 setting = __le16_to_cpu(rp->voice_setting);
378
379 if (hdev->voice_setting == setting)
380 return;
381
382 hdev->voice_setting = setting;
383
384 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
385
386 if (hdev->notify)
387 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
388 }
389
390 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
391 struct sk_buff *skb)
392 {
393 __u8 status = *((__u8 *) skb->data);
394 __u16 setting;
395 void *sent;
396
397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
398
399 if (status)
400 return;
401
402 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
403 if (!sent)
404 return;
405
406 setting = get_unaligned_le16(sent);
407
408 if (hdev->voice_setting == setting)
409 return;
410
411 hdev->voice_setting = setting;
412
413 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
414
415 if (hdev->notify)
416 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
417 }
418
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420 {
421 __u8 status = *((__u8 *) skb->data);
422 struct hci_cp_write_ssp_mode *sent;
423
424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
425
426 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
427 if (!sent)
428 return;
429
430 if (!status) {
431 if (sent->mode)
432 hdev->features[1][0] |= LMP_HOST_SSP;
433 else
434 hdev->features[1][0] &= ~LMP_HOST_SSP;
435 }
436
437 if (test_bit(HCI_MGMT, &hdev->dev_flags))
438 mgmt_ssp_enable_complete(hdev, sent->mode, status);
439 else if (!status) {
440 if (sent->mode)
441 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
442 else
443 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
444 }
445 }
446
447 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
448 {
449 struct hci_rp_read_local_version *rp = (void *) skb->data;
450
451 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
452
453 if (rp->status)
454 return;
455
456 hdev->hci_ver = rp->hci_ver;
457 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
458 hdev->lmp_ver = rp->lmp_ver;
459 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
460 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
461
462 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
463 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
464 }
465
466 static void hci_cc_read_local_commands(struct hci_dev *hdev,
467 struct sk_buff *skb)
468 {
469 struct hci_rp_read_local_commands *rp = (void *) skb->data;
470
471 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
472
473 if (!rp->status)
474 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
475 }
476
477 static void hci_cc_read_local_features(struct hci_dev *hdev,
478 struct sk_buff *skb)
479 {
480 struct hci_rp_read_local_features *rp = (void *) skb->data;
481
482 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
483
484 if (rp->status)
485 return;
486
487 memcpy(hdev->features, rp->features, 8);
488
489 /* Adjust default settings according to features
490 * supported by device. */
491
492 if (hdev->features[0][0] & LMP_3SLOT)
493 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
494
495 if (hdev->features[0][0] & LMP_5SLOT)
496 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
497
498 if (hdev->features[0][1] & LMP_HV2) {
499 hdev->pkt_type |= (HCI_HV2);
500 hdev->esco_type |= (ESCO_HV2);
501 }
502
503 if (hdev->features[0][1] & LMP_HV3) {
504 hdev->pkt_type |= (HCI_HV3);
505 hdev->esco_type |= (ESCO_HV3);
506 }
507
508 if (lmp_esco_capable(hdev))
509 hdev->esco_type |= (ESCO_EV3);
510
511 if (hdev->features[0][4] & LMP_EV4)
512 hdev->esco_type |= (ESCO_EV4);
513
514 if (hdev->features[0][4] & LMP_EV5)
515 hdev->esco_type |= (ESCO_EV5);
516
517 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
518 hdev->esco_type |= (ESCO_2EV3);
519
520 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
521 hdev->esco_type |= (ESCO_3EV3);
522
523 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
524 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
525
526 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
527 hdev->features[0][0], hdev->features[0][1],
528 hdev->features[0][2], hdev->features[0][3],
529 hdev->features[0][4], hdev->features[0][5],
530 hdev->features[0][6], hdev->features[0][7]);
531 }
532
533 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
534 struct sk_buff *skb)
535 {
536 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
537
538 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
539
540 if (rp->status)
541 return;
542
543 hdev->max_page = rp->max_page;
544
545 if (rp->page < HCI_MAX_PAGES)
546 memcpy(hdev->features[rp->page], rp->features, 8);
547 }
548
549 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
550 struct sk_buff *skb)
551 {
552 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
553
554 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
555
556 if (!rp->status)
557 hdev->flow_ctl_mode = rp->mode;
558 }
559
560 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
561 {
562 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
563
564 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
565
566 if (rp->status)
567 return;
568
569 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
570 hdev->sco_mtu = rp->sco_mtu;
571 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
572 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
573
574 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
575 hdev->sco_mtu = 64;
576 hdev->sco_pkts = 8;
577 }
578
579 hdev->acl_cnt = hdev->acl_pkts;
580 hdev->sco_cnt = hdev->sco_pkts;
581
582 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
583 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
584 }
585
586 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
587 {
588 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
589
590 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
591
592 if (!rp->status)
593 bacpy(&hdev->bdaddr, &rp->bdaddr);
594 }
595
596 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
597 struct sk_buff *skb)
598 {
599 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
600
601 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
602
603 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
604 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
605 hdev->page_scan_window = __le16_to_cpu(rp->window);
606 }
607 }
608
609 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
610 struct sk_buff *skb)
611 {
612 u8 status = *((u8 *) skb->data);
613 struct hci_cp_write_page_scan_activity *sent;
614
615 BT_DBG("%s status 0x%2.2x", hdev->name, status);
616
617 if (status)
618 return;
619
620 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
621 if (!sent)
622 return;
623
624 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
625 hdev->page_scan_window = __le16_to_cpu(sent->window);
626 }
627
628 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
629 struct sk_buff *skb)
630 {
631 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
632
633 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
634
635 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
636 hdev->page_scan_type = rp->type;
637 }
638
639 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
640 struct sk_buff *skb)
641 {
642 u8 status = *((u8 *) skb->data);
643 u8 *type;
644
645 BT_DBG("%s status 0x%2.2x", hdev->name, status);
646
647 if (status)
648 return;
649
650 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
651 if (type)
652 hdev->page_scan_type = *type;
653 }
654
655 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
656 struct sk_buff *skb)
657 {
658 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
659
660 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
661
662 if (rp->status)
663 return;
664
665 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
666 hdev->block_len = __le16_to_cpu(rp->block_len);
667 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
668
669 hdev->block_cnt = hdev->num_blocks;
670
671 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
672 hdev->block_cnt, hdev->block_len);
673 }
674
675 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
676 struct sk_buff *skb)
677 {
678 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
679
680 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
681
682 if (rp->status)
683 goto a2mp_rsp;
684
685 hdev->amp_status = rp->amp_status;
686 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
687 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
688 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
689 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
690 hdev->amp_type = rp->amp_type;
691 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
692 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
693 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
694 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
695
696 a2mp_rsp:
697 a2mp_send_getinfo_rsp(hdev);
698 }
699
700 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
701 struct sk_buff *skb)
702 {
703 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
704 struct amp_assoc *assoc = &hdev->loc_assoc;
705 size_t rem_len, frag_len;
706
707 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
708
709 if (rp->status)
710 goto a2mp_rsp;
711
712 frag_len = skb->len - sizeof(*rp);
713 rem_len = __le16_to_cpu(rp->rem_len);
714
715 if (rem_len > frag_len) {
716 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
717
718 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
719 assoc->offset += frag_len;
720
721 /* Read other fragments */
722 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
723
724 return;
725 }
726
727 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
728 assoc->len = assoc->offset + rem_len;
729 assoc->offset = 0;
730
731 a2mp_rsp:
732 /* Send A2MP Rsp when all fragments are received */
733 a2mp_send_getampassoc_rsp(hdev, rp->status);
734 a2mp_send_create_phy_link_req(hdev, rp->status);
735 }
736
737 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
738 struct sk_buff *skb)
739 {
740 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
741
742 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
743
744 if (!rp->status)
745 hdev->inq_tx_power = rp->tx_power;
746 }
747
748 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
749 {
750 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
751 struct hci_cp_pin_code_reply *cp;
752 struct hci_conn *conn;
753
754 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
755
756 hci_dev_lock(hdev);
757
758 if (test_bit(HCI_MGMT, &hdev->dev_flags))
759 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
760
761 if (rp->status)
762 goto unlock;
763
764 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
765 if (!cp)
766 goto unlock;
767
768 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
769 if (conn)
770 conn->pin_length = cp->pin_len;
771
772 unlock:
773 hci_dev_unlock(hdev);
774 }
775
776 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
777 {
778 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
779
780 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
781
782 hci_dev_lock(hdev);
783
784 if (test_bit(HCI_MGMT, &hdev->dev_flags))
785 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
786 rp->status);
787
788 hci_dev_unlock(hdev);
789 }
790
791 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
792 struct sk_buff *skb)
793 {
794 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
795
796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797
798 if (rp->status)
799 return;
800
801 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
802 hdev->le_pkts = rp->le_max_pkt;
803
804 hdev->le_cnt = hdev->le_pkts;
805
806 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
807 }
808
809 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
810 struct sk_buff *skb)
811 {
812 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815
816 if (!rp->status)
817 memcpy(hdev->le_features, rp->features, 8);
818 }
819
820 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
821 struct sk_buff *skb)
822 {
823 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
824
825 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
826
827 if (!rp->status)
828 hdev->adv_tx_power = rp->tx_power;
829 }
830
831 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
832 {
833 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
834
835 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
836
837 hci_dev_lock(hdev);
838
839 if (test_bit(HCI_MGMT, &hdev->dev_flags))
840 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
841 rp->status);
842
843 hci_dev_unlock(hdev);
844 }
845
846 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
847 struct sk_buff *skb)
848 {
849 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
850
851 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
852
853 hci_dev_lock(hdev);
854
855 if (test_bit(HCI_MGMT, &hdev->dev_flags))
856 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
857 ACL_LINK, 0, rp->status);
858
859 hci_dev_unlock(hdev);
860 }
861
862 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
863 {
864 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
865
866 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
867
868 hci_dev_lock(hdev);
869
870 if (test_bit(HCI_MGMT, &hdev->dev_flags))
871 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
872 0, rp->status);
873
874 hci_dev_unlock(hdev);
875 }
876
877 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
878 struct sk_buff *skb)
879 {
880 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
881
882 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
883
884 hci_dev_lock(hdev);
885
886 if (test_bit(HCI_MGMT, &hdev->dev_flags))
887 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
888 ACL_LINK, 0, rp->status);
889
890 hci_dev_unlock(hdev);
891 }
892
893 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
894 struct sk_buff *skb)
895 {
896 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899
900 hci_dev_lock(hdev);
901 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
902 rp->randomizer, rp->status);
903 hci_dev_unlock(hdev);
904 }
905
906 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
907 {
908 __u8 *sent, status = *((__u8 *) skb->data);
909
910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
911
912 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
913 if (!sent)
914 return;
915
916 hci_dev_lock(hdev);
917
918 if (!status) {
919 if (*sent)
920 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
921 else
922 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
923 }
924
925 if (!test_bit(HCI_INIT, &hdev->flags)) {
926 struct hci_request req;
927
928 hci_req_init(&req, hdev);
929 hci_update_ad(&req);
930 hci_req_run(&req, NULL);
931 }
932
933 hci_dev_unlock(hdev);
934 }
935
936 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
937 struct sk_buff *skb)
938 {
939 struct hci_cp_le_set_scan_enable *cp;
940 __u8 status = *((__u8 *) skb->data);
941
942 BT_DBG("%s status 0x%2.2x", hdev->name, status);
943
944 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
945 if (!cp)
946 return;
947
948 if (status)
949 return;
950
951 switch (cp->enable) {
952 case LE_SCAN_ENABLE:
953 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
954 break;
955
956 case LE_SCAN_DISABLE:
957 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
958 break;
959
960 default:
961 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
962 break;
963 }
964 }
965
966 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
967 struct sk_buff *skb)
968 {
969 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
970
971 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
972
973 if (!rp->status)
974 hdev->le_white_list_size = rp->size;
975 }
976
977 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
978 struct sk_buff *skb)
979 {
980 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
981
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
983
984 if (!rp->status)
985 memcpy(hdev->le_states, rp->le_states, 8);
986 }
987
988 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
989 struct sk_buff *skb)
990 {
991 struct hci_cp_write_le_host_supported *sent;
992 __u8 status = *((__u8 *) skb->data);
993
994 BT_DBG("%s status 0x%2.2x", hdev->name, status);
995
996 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
997 if (!sent)
998 return;
999
1000 if (!status) {
1001 if (sent->le)
1002 hdev->features[1][0] |= LMP_HOST_LE;
1003 else
1004 hdev->features[1][0] &= ~LMP_HOST_LE;
1005
1006 if (sent->simul)
1007 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1008 else
1009 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1010 }
1011
1012 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1013 !test_bit(HCI_INIT, &hdev->flags))
1014 mgmt_le_enable_complete(hdev, sent->le, status);
1015 }
1016
1017 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1018 struct sk_buff *skb)
1019 {
1020 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1021
1022 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1023 hdev->name, rp->status, rp->phy_handle);
1024
1025 if (rp->status)
1026 return;
1027
1028 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1029 }
1030
1031 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1032 {
1033 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1034
1035 if (status) {
1036 hci_conn_check_pending(hdev);
1037 return;
1038 }
1039
1040 set_bit(HCI_INQUIRY, &hdev->flags);
1041 }
1042
1043 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1044 {
1045 struct hci_cp_create_conn *cp;
1046 struct hci_conn *conn;
1047
1048 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1049
1050 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1051 if (!cp)
1052 return;
1053
1054 hci_dev_lock(hdev);
1055
1056 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1057
1058 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1059
1060 if (status) {
1061 if (conn && conn->state == BT_CONNECT) {
1062 if (status != 0x0c || conn->attempt > 2) {
1063 conn->state = BT_CLOSED;
1064 hci_proto_connect_cfm(conn, status);
1065 hci_conn_del(conn);
1066 } else
1067 conn->state = BT_CONNECT2;
1068 }
1069 } else {
1070 if (!conn) {
1071 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1072 if (conn) {
1073 conn->out = true;
1074 conn->link_mode |= HCI_LM_MASTER;
1075 } else
1076 BT_ERR("No memory for new connection");
1077 }
1078 }
1079
1080 hci_dev_unlock(hdev);
1081 }
1082
1083 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1084 {
1085 struct hci_cp_add_sco *cp;
1086 struct hci_conn *acl, *sco;
1087 __u16 handle;
1088
1089 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1090
1091 if (!status)
1092 return;
1093
1094 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1095 if (!cp)
1096 return;
1097
1098 handle = __le16_to_cpu(cp->handle);
1099
1100 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1101
1102 hci_dev_lock(hdev);
1103
1104 acl = hci_conn_hash_lookup_handle(hdev, handle);
1105 if (acl) {
1106 sco = acl->link;
1107 if (sco) {
1108 sco->state = BT_CLOSED;
1109
1110 hci_proto_connect_cfm(sco, status);
1111 hci_conn_del(sco);
1112 }
1113 }
1114
1115 hci_dev_unlock(hdev);
1116 }
1117
1118 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1119 {
1120 struct hci_cp_auth_requested *cp;
1121 struct hci_conn *conn;
1122
1123 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1124
1125 if (!status)
1126 return;
1127
1128 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1129 if (!cp)
1130 return;
1131
1132 hci_dev_lock(hdev);
1133
1134 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1135 if (conn) {
1136 if (conn->state == BT_CONFIG) {
1137 hci_proto_connect_cfm(conn, status);
1138 hci_conn_drop(conn);
1139 }
1140 }
1141
1142 hci_dev_unlock(hdev);
1143 }
1144
1145 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1146 {
1147 struct hci_cp_set_conn_encrypt *cp;
1148 struct hci_conn *conn;
1149
1150 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1151
1152 if (!status)
1153 return;
1154
1155 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1156 if (!cp)
1157 return;
1158
1159 hci_dev_lock(hdev);
1160
1161 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1162 if (conn) {
1163 if (conn->state == BT_CONFIG) {
1164 hci_proto_connect_cfm(conn, status);
1165 hci_conn_drop(conn);
1166 }
1167 }
1168
1169 hci_dev_unlock(hdev);
1170 }
1171
1172 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1173 struct hci_conn *conn)
1174 {
1175 if (conn->state != BT_CONFIG || !conn->out)
1176 return 0;
1177
1178 if (conn->pending_sec_level == BT_SECURITY_SDP)
1179 return 0;
1180
1181 /* Only request authentication for SSP connections or non-SSP
1182 * devices with sec_level HIGH or if MITM protection is requested */
1183 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1184 conn->pending_sec_level != BT_SECURITY_HIGH)
1185 return 0;
1186
1187 return 1;
1188 }
1189
1190 static int hci_resolve_name(struct hci_dev *hdev,
1191 struct inquiry_entry *e)
1192 {
1193 struct hci_cp_remote_name_req cp;
1194
1195 memset(&cp, 0, sizeof(cp));
1196
1197 bacpy(&cp.bdaddr, &e->data.bdaddr);
1198 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1199 cp.pscan_mode = e->data.pscan_mode;
1200 cp.clock_offset = e->data.clock_offset;
1201
1202 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1203 }
1204
1205 static bool hci_resolve_next_name(struct hci_dev *hdev)
1206 {
1207 struct discovery_state *discov = &hdev->discovery;
1208 struct inquiry_entry *e;
1209
1210 if (list_empty(&discov->resolve))
1211 return false;
1212
1213 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1214 if (!e)
1215 return false;
1216
1217 if (hci_resolve_name(hdev, e) == 0) {
1218 e->name_state = NAME_PENDING;
1219 return true;
1220 }
1221
1222 return false;
1223 }
1224
1225 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1226 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1227 {
1228 struct discovery_state *discov = &hdev->discovery;
1229 struct inquiry_entry *e;
1230
1231 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1232 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1233 name_len, conn->dev_class);
1234
1235 if (discov->state == DISCOVERY_STOPPED)
1236 return;
1237
1238 if (discov->state == DISCOVERY_STOPPING)
1239 goto discov_complete;
1240
1241 if (discov->state != DISCOVERY_RESOLVING)
1242 return;
1243
1244 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1245 /* If the device was not found in a list of found devices names of which
1246 * are pending. there is no need to continue resolving a next name as it
1247 * will be done upon receiving another Remote Name Request Complete
1248 * Event */
1249 if (!e)
1250 return;
1251
1252 list_del(&e->list);
1253 if (name) {
1254 e->name_state = NAME_KNOWN;
1255 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1256 e->data.rssi, name, name_len);
1257 } else {
1258 e->name_state = NAME_NOT_KNOWN;
1259 }
1260
1261 if (hci_resolve_next_name(hdev))
1262 return;
1263
1264 discov_complete:
1265 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1266 }
1267
1268 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1269 {
1270 struct hci_cp_remote_name_req *cp;
1271 struct hci_conn *conn;
1272
1273 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1274
1275 /* If successful wait for the name req complete event before
1276 * checking for the need to do authentication */
1277 if (!status)
1278 return;
1279
1280 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1281 if (!cp)
1282 return;
1283
1284 hci_dev_lock(hdev);
1285
1286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1287
1288 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1289 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1290
1291 if (!conn)
1292 goto unlock;
1293
1294 if (!hci_outgoing_auth_needed(hdev, conn))
1295 goto unlock;
1296
1297 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1298 struct hci_cp_auth_requested cp;
1299 cp.handle = __cpu_to_le16(conn->handle);
1300 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1301 }
1302
1303 unlock:
1304 hci_dev_unlock(hdev);
1305 }
1306
1307 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1308 {
1309 struct hci_cp_read_remote_features *cp;
1310 struct hci_conn *conn;
1311
1312 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1313
1314 if (!status)
1315 return;
1316
1317 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1318 if (!cp)
1319 return;
1320
1321 hci_dev_lock(hdev);
1322
1323 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1324 if (conn) {
1325 if (conn->state == BT_CONFIG) {
1326 hci_proto_connect_cfm(conn, status);
1327 hci_conn_drop(conn);
1328 }
1329 }
1330
1331 hci_dev_unlock(hdev);
1332 }
1333
1334 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1335 {
1336 struct hci_cp_read_remote_ext_features *cp;
1337 struct hci_conn *conn;
1338
1339 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1340
1341 if (!status)
1342 return;
1343
1344 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1345 if (!cp)
1346 return;
1347
1348 hci_dev_lock(hdev);
1349
1350 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1351 if (conn) {
1352 if (conn->state == BT_CONFIG) {
1353 hci_proto_connect_cfm(conn, status);
1354 hci_conn_drop(conn);
1355 }
1356 }
1357
1358 hci_dev_unlock(hdev);
1359 }
1360
1361 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1362 {
1363 struct hci_cp_setup_sync_conn *cp;
1364 struct hci_conn *acl, *sco;
1365 __u16 handle;
1366
1367 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1368
1369 if (!status)
1370 return;
1371
1372 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1373 if (!cp)
1374 return;
1375
1376 handle = __le16_to_cpu(cp->handle);
1377
1378 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1379
1380 hci_dev_lock(hdev);
1381
1382 acl = hci_conn_hash_lookup_handle(hdev, handle);
1383 if (acl) {
1384 sco = acl->link;
1385 if (sco) {
1386 sco->state = BT_CLOSED;
1387
1388 hci_proto_connect_cfm(sco, status);
1389 hci_conn_del(sco);
1390 }
1391 }
1392
1393 hci_dev_unlock(hdev);
1394 }
1395
1396 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1397 {
1398 struct hci_cp_sniff_mode *cp;
1399 struct hci_conn *conn;
1400
1401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1402
1403 if (!status)
1404 return;
1405
1406 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1407 if (!cp)
1408 return;
1409
1410 hci_dev_lock(hdev);
1411
1412 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1413 if (conn) {
1414 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1415
1416 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1417 hci_sco_setup(conn, status);
1418 }
1419
1420 hci_dev_unlock(hdev);
1421 }
1422
1423 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1424 {
1425 struct hci_cp_exit_sniff_mode *cp;
1426 struct hci_conn *conn;
1427
1428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1429
1430 if (!status)
1431 return;
1432
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1434 if (!cp)
1435 return;
1436
1437 hci_dev_lock(hdev);
1438
1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1440 if (conn) {
1441 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1442
1443 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1444 hci_sco_setup(conn, status);
1445 }
1446
1447 hci_dev_unlock(hdev);
1448 }
1449
1450 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1451 {
1452 struct hci_cp_disconnect *cp;
1453 struct hci_conn *conn;
1454
1455 if (!status)
1456 return;
1457
1458 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1459 if (!cp)
1460 return;
1461
1462 hci_dev_lock(hdev);
1463
1464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1465 if (conn)
1466 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1467 conn->dst_type, status);
1468
1469 hci_dev_unlock(hdev);
1470 }
1471
1472 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1473 {
1474 struct hci_conn *conn;
1475
1476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1477
1478 if (status) {
1479 hci_dev_lock(hdev);
1480
1481 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1482 if (!conn) {
1483 hci_dev_unlock(hdev);
1484 return;
1485 }
1486
1487 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1488
1489 conn->state = BT_CLOSED;
1490 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1491 conn->dst_type, status);
1492 hci_proto_connect_cfm(conn, status);
1493 hci_conn_del(conn);
1494
1495 hci_dev_unlock(hdev);
1496 }
1497 }
1498
1499 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1500 {
1501 struct hci_cp_create_phy_link *cp;
1502
1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1504
1505 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1506 if (!cp)
1507 return;
1508
1509 hci_dev_lock(hdev);
1510
1511 if (status) {
1512 struct hci_conn *hcon;
1513
1514 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1515 if (hcon)
1516 hci_conn_del(hcon);
1517 } else {
1518 amp_write_remote_assoc(hdev, cp->phy_handle);
1519 }
1520
1521 hci_dev_unlock(hdev);
1522 }
1523
1524 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1525 {
1526 struct hci_cp_accept_phy_link *cp;
1527
1528 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1529
1530 if (status)
1531 return;
1532
1533 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1534 if (!cp)
1535 return;
1536
1537 amp_write_remote_assoc(hdev, cp->phy_handle);
1538 }
1539
1540 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1541 {
1542 __u8 status = *((__u8 *) skb->data);
1543 struct discovery_state *discov = &hdev->discovery;
1544 struct inquiry_entry *e;
1545
1546 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1547
1548 hci_conn_check_pending(hdev);
1549
1550 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1551 return;
1552
1553 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1554 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1555
1556 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1557 return;
1558
1559 hci_dev_lock(hdev);
1560
1561 if (discov->state != DISCOVERY_FINDING)
1562 goto unlock;
1563
1564 if (list_empty(&discov->resolve)) {
1565 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1566 goto unlock;
1567 }
1568
1569 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1570 if (e && hci_resolve_name(hdev, e) == 0) {
1571 e->name_state = NAME_PENDING;
1572 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1573 } else {
1574 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1575 }
1576
1577 unlock:
1578 hci_dev_unlock(hdev);
1579 }
1580
1581 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1582 {
1583 struct inquiry_data data;
1584 struct inquiry_info *info = (void *) (skb->data + 1);
1585 int num_rsp = *((__u8 *) skb->data);
1586
1587 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1588
1589 if (!num_rsp)
1590 return;
1591
1592 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1593 return;
1594
1595 hci_dev_lock(hdev);
1596
1597 for (; num_rsp; num_rsp--, info++) {
1598 bool name_known, ssp;
1599
1600 bacpy(&data.bdaddr, &info->bdaddr);
1601 data.pscan_rep_mode = info->pscan_rep_mode;
1602 data.pscan_period_mode = info->pscan_period_mode;
1603 data.pscan_mode = info->pscan_mode;
1604 memcpy(data.dev_class, info->dev_class, 3);
1605 data.clock_offset = info->clock_offset;
1606 data.rssi = 0x00;
1607 data.ssp_mode = 0x00;
1608
1609 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1610 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1611 info->dev_class, 0, !name_known, ssp, NULL,
1612 0);
1613 }
1614
1615 hci_dev_unlock(hdev);
1616 }
1617
1618 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1619 {
1620 struct hci_ev_conn_complete *ev = (void *) skb->data;
1621 struct hci_conn *conn;
1622
1623 BT_DBG("%s", hdev->name);
1624
1625 hci_dev_lock(hdev);
1626
1627 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1628 if (!conn) {
1629 if (ev->link_type != SCO_LINK)
1630 goto unlock;
1631
1632 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1633 if (!conn)
1634 goto unlock;
1635
1636 conn->type = SCO_LINK;
1637 }
1638
1639 if (!ev->status) {
1640 conn->handle = __le16_to_cpu(ev->handle);
1641
1642 if (conn->type == ACL_LINK) {
1643 conn->state = BT_CONFIG;
1644 hci_conn_hold(conn);
1645
1646 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1647 !hci_find_link_key(hdev, &ev->bdaddr))
1648 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1649 else
1650 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1651 } else
1652 conn->state = BT_CONNECTED;
1653
1654 hci_conn_add_sysfs(conn);
1655
1656 if (test_bit(HCI_AUTH, &hdev->flags))
1657 conn->link_mode |= HCI_LM_AUTH;
1658
1659 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1660 conn->link_mode |= HCI_LM_ENCRYPT;
1661
1662 /* Get remote features */
1663 if (conn->type == ACL_LINK) {
1664 struct hci_cp_read_remote_features cp;
1665 cp.handle = ev->handle;
1666 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1667 sizeof(cp), &cp);
1668 }
1669
1670 /* Set packet type for incoming connection */
1671 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1672 struct hci_cp_change_conn_ptype cp;
1673 cp.handle = ev->handle;
1674 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1675 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1676 &cp);
1677 }
1678 } else {
1679 conn->state = BT_CLOSED;
1680 if (conn->type == ACL_LINK)
1681 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1682 conn->dst_type, ev->status);
1683 }
1684
1685 if (conn->type == ACL_LINK)
1686 hci_sco_setup(conn, ev->status);
1687
1688 if (ev->status) {
1689 hci_proto_connect_cfm(conn, ev->status);
1690 hci_conn_del(conn);
1691 } else if (ev->link_type != ACL_LINK)
1692 hci_proto_connect_cfm(conn, ev->status);
1693
1694 unlock:
1695 hci_dev_unlock(hdev);
1696
1697 hci_conn_check_pending(hdev);
1698 }
1699
1700 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1701 {
1702 struct hci_ev_conn_request *ev = (void *) skb->data;
1703 int mask = hdev->link_mode;
1704 __u8 flags = 0;
1705
1706 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1707 ev->link_type);
1708
1709 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1710 &flags);
1711
1712 if ((mask & HCI_LM_ACCEPT) &&
1713 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1714 /* Connection accepted */
1715 struct inquiry_entry *ie;
1716 struct hci_conn *conn;
1717
1718 hci_dev_lock(hdev);
1719
1720 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1721 if (ie)
1722 memcpy(ie->data.dev_class, ev->dev_class, 3);
1723
1724 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1725 &ev->bdaddr);
1726 if (!conn) {
1727 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1728 if (!conn) {
1729 BT_ERR("No memory for new connection");
1730 hci_dev_unlock(hdev);
1731 return;
1732 }
1733 }
1734
1735 memcpy(conn->dev_class, ev->dev_class, 3);
1736
1737 hci_dev_unlock(hdev);
1738
1739 if (ev->link_type == ACL_LINK ||
1740 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1741 struct hci_cp_accept_conn_req cp;
1742 conn->state = BT_CONNECT;
1743
1744 bacpy(&cp.bdaddr, &ev->bdaddr);
1745
1746 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1747 cp.role = 0x00; /* Become master */
1748 else
1749 cp.role = 0x01; /* Remain slave */
1750
1751 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1752 &cp);
1753 } else if (!(flags & HCI_PROTO_DEFER)) {
1754 struct hci_cp_accept_sync_conn_req cp;
1755 conn->state = BT_CONNECT;
1756
1757 bacpy(&cp.bdaddr, &ev->bdaddr);
1758 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1759
1760 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1761 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1762 cp.max_latency = __constant_cpu_to_le16(0xffff);
1763 cp.content_format = cpu_to_le16(hdev->voice_setting);
1764 cp.retrans_effort = 0xff;
1765
1766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1767 sizeof(cp), &cp);
1768 } else {
1769 conn->state = BT_CONNECT2;
1770 hci_proto_connect_cfm(conn, 0);
1771 }
1772 } else {
1773 /* Connection rejected */
1774 struct hci_cp_reject_conn_req cp;
1775
1776 bacpy(&cp.bdaddr, &ev->bdaddr);
1777 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1778 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1779 }
1780 }
1781
1782 static u8 hci_to_mgmt_reason(u8 err)
1783 {
1784 switch (err) {
1785 case HCI_ERROR_CONNECTION_TIMEOUT:
1786 return MGMT_DEV_DISCONN_TIMEOUT;
1787 case HCI_ERROR_REMOTE_USER_TERM:
1788 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1789 case HCI_ERROR_REMOTE_POWER_OFF:
1790 return MGMT_DEV_DISCONN_REMOTE;
1791 case HCI_ERROR_LOCAL_HOST_TERM:
1792 return MGMT_DEV_DISCONN_LOCAL_HOST;
1793 default:
1794 return MGMT_DEV_DISCONN_UNKNOWN;
1795 }
1796 }
1797
1798 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1799 {
1800 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1801 struct hci_conn *conn;
1802
1803 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1804
1805 hci_dev_lock(hdev);
1806
1807 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1808 if (!conn)
1809 goto unlock;
1810
1811 if (ev->status == 0)
1812 conn->state = BT_CLOSED;
1813
1814 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1815 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1816 if (ev->status) {
1817 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1818 conn->dst_type, ev->status);
1819 } else {
1820 u8 reason = hci_to_mgmt_reason(ev->reason);
1821
1822 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1823 conn->dst_type, reason);
1824 }
1825 }
1826
1827 if (ev->status == 0) {
1828 if (conn->type == ACL_LINK && conn->flush_key)
1829 hci_remove_link_key(hdev, &conn->dst);
1830 hci_proto_disconn_cfm(conn, ev->reason);
1831 hci_conn_del(conn);
1832 }
1833
1834 unlock:
1835 hci_dev_unlock(hdev);
1836 }
1837
1838 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1839 {
1840 struct hci_ev_auth_complete *ev = (void *) skb->data;
1841 struct hci_conn *conn;
1842
1843 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1844
1845 hci_dev_lock(hdev);
1846
1847 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1848 if (!conn)
1849 goto unlock;
1850
1851 if (!ev->status) {
1852 if (!hci_conn_ssp_enabled(conn) &&
1853 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1854 BT_INFO("re-auth of legacy device is not possible.");
1855 } else {
1856 conn->link_mode |= HCI_LM_AUTH;
1857 conn->sec_level = conn->pending_sec_level;
1858 }
1859 } else {
1860 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1861 ev->status);
1862 }
1863
1864 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1865 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1866
1867 if (conn->state == BT_CONFIG) {
1868 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1869 struct hci_cp_set_conn_encrypt cp;
1870 cp.handle = ev->handle;
1871 cp.encrypt = 0x01;
1872 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1873 &cp);
1874 } else {
1875 conn->state = BT_CONNECTED;
1876 hci_proto_connect_cfm(conn, ev->status);
1877 hci_conn_drop(conn);
1878 }
1879 } else {
1880 hci_auth_cfm(conn, ev->status);
1881
1882 hci_conn_hold(conn);
1883 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1884 hci_conn_drop(conn);
1885 }
1886
1887 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1888 if (!ev->status) {
1889 struct hci_cp_set_conn_encrypt cp;
1890 cp.handle = ev->handle;
1891 cp.encrypt = 0x01;
1892 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1893 &cp);
1894 } else {
1895 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1896 hci_encrypt_cfm(conn, ev->status, 0x00);
1897 }
1898 }
1899
1900 unlock:
1901 hci_dev_unlock(hdev);
1902 }
1903
1904 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1905 {
1906 struct hci_ev_remote_name *ev = (void *) skb->data;
1907 struct hci_conn *conn;
1908
1909 BT_DBG("%s", hdev->name);
1910
1911 hci_conn_check_pending(hdev);
1912
1913 hci_dev_lock(hdev);
1914
1915 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1916
1917 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1918 goto check_auth;
1919
1920 if (ev->status == 0)
1921 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1922 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1923 else
1924 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1925
1926 check_auth:
1927 if (!conn)
1928 goto unlock;
1929
1930 if (!hci_outgoing_auth_needed(hdev, conn))
1931 goto unlock;
1932
1933 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1934 struct hci_cp_auth_requested cp;
1935 cp.handle = __cpu_to_le16(conn->handle);
1936 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1937 }
1938
1939 unlock:
1940 hci_dev_unlock(hdev);
1941 }
1942
1943 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1944 {
1945 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1946 struct hci_conn *conn;
1947
1948 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1949
1950 hci_dev_lock(hdev);
1951
1952 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1953 if (conn) {
1954 if (!ev->status) {
1955 if (ev->encrypt) {
1956 /* Encryption implies authentication */
1957 conn->link_mode |= HCI_LM_AUTH;
1958 conn->link_mode |= HCI_LM_ENCRYPT;
1959 conn->sec_level = conn->pending_sec_level;
1960 } else
1961 conn->link_mode &= ~HCI_LM_ENCRYPT;
1962 }
1963
1964 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1965
1966 if (ev->status && conn->state == BT_CONNECTED) {
1967 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1968 hci_conn_drop(conn);
1969 goto unlock;
1970 }
1971
1972 if (conn->state == BT_CONFIG) {
1973 if (!ev->status)
1974 conn->state = BT_CONNECTED;
1975
1976 hci_proto_connect_cfm(conn, ev->status);
1977 hci_conn_drop(conn);
1978 } else
1979 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1980 }
1981
1982 unlock:
1983 hci_dev_unlock(hdev);
1984 }
1985
1986 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1987 struct sk_buff *skb)
1988 {
1989 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1990 struct hci_conn *conn;
1991
1992 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1993
1994 hci_dev_lock(hdev);
1995
1996 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1997 if (conn) {
1998 if (!ev->status)
1999 conn->link_mode |= HCI_LM_SECURE;
2000
2001 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2002
2003 hci_key_change_cfm(conn, ev->status);
2004 }
2005
2006 hci_dev_unlock(hdev);
2007 }
2008
2009 static void hci_remote_features_evt(struct hci_dev *hdev,
2010 struct sk_buff *skb)
2011 {
2012 struct hci_ev_remote_features *ev = (void *) skb->data;
2013 struct hci_conn *conn;
2014
2015 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2016
2017 hci_dev_lock(hdev);
2018
2019 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2020 if (!conn)
2021 goto unlock;
2022
2023 if (!ev->status)
2024 memcpy(conn->features[0], ev->features, 8);
2025
2026 if (conn->state != BT_CONFIG)
2027 goto unlock;
2028
2029 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2030 struct hci_cp_read_remote_ext_features cp;
2031 cp.handle = ev->handle;
2032 cp.page = 0x01;
2033 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2034 sizeof(cp), &cp);
2035 goto unlock;
2036 }
2037
2038 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2039 struct hci_cp_remote_name_req cp;
2040 memset(&cp, 0, sizeof(cp));
2041 bacpy(&cp.bdaddr, &conn->dst);
2042 cp.pscan_rep_mode = 0x02;
2043 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2044 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2045 mgmt_device_connected(hdev, &conn->dst, conn->type,
2046 conn->dst_type, 0, NULL, 0,
2047 conn->dev_class);
2048
2049 if (!hci_outgoing_auth_needed(hdev, conn)) {
2050 conn->state = BT_CONNECTED;
2051 hci_proto_connect_cfm(conn, ev->status);
2052 hci_conn_drop(conn);
2053 }
2054
2055 unlock:
2056 hci_dev_unlock(hdev);
2057 }
2058
2059 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2060 {
2061 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2062 u8 status = skb->data[sizeof(*ev)];
2063 __u16 opcode;
2064
2065 skb_pull(skb, sizeof(*ev));
2066
2067 opcode = __le16_to_cpu(ev->opcode);
2068
2069 switch (opcode) {
2070 case HCI_OP_INQUIRY_CANCEL:
2071 hci_cc_inquiry_cancel(hdev, skb);
2072 break;
2073
2074 case HCI_OP_PERIODIC_INQ:
2075 hci_cc_periodic_inq(hdev, skb);
2076 break;
2077
2078 case HCI_OP_EXIT_PERIODIC_INQ:
2079 hci_cc_exit_periodic_inq(hdev, skb);
2080 break;
2081
2082 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2083 hci_cc_remote_name_req_cancel(hdev, skb);
2084 break;
2085
2086 case HCI_OP_ROLE_DISCOVERY:
2087 hci_cc_role_discovery(hdev, skb);
2088 break;
2089
2090 case HCI_OP_READ_LINK_POLICY:
2091 hci_cc_read_link_policy(hdev, skb);
2092 break;
2093
2094 case HCI_OP_WRITE_LINK_POLICY:
2095 hci_cc_write_link_policy(hdev, skb);
2096 break;
2097
2098 case HCI_OP_READ_DEF_LINK_POLICY:
2099 hci_cc_read_def_link_policy(hdev, skb);
2100 break;
2101
2102 case HCI_OP_WRITE_DEF_LINK_POLICY:
2103 hci_cc_write_def_link_policy(hdev, skb);
2104 break;
2105
2106 case HCI_OP_RESET:
2107 hci_cc_reset(hdev, skb);
2108 break;
2109
2110 case HCI_OP_WRITE_LOCAL_NAME:
2111 hci_cc_write_local_name(hdev, skb);
2112 break;
2113
2114 case HCI_OP_READ_LOCAL_NAME:
2115 hci_cc_read_local_name(hdev, skb);
2116 break;
2117
2118 case HCI_OP_WRITE_AUTH_ENABLE:
2119 hci_cc_write_auth_enable(hdev, skb);
2120 break;
2121
2122 case HCI_OP_WRITE_ENCRYPT_MODE:
2123 hci_cc_write_encrypt_mode(hdev, skb);
2124 break;
2125
2126 case HCI_OP_WRITE_SCAN_ENABLE:
2127 hci_cc_write_scan_enable(hdev, skb);
2128 break;
2129
2130 case HCI_OP_READ_CLASS_OF_DEV:
2131 hci_cc_read_class_of_dev(hdev, skb);
2132 break;
2133
2134 case HCI_OP_WRITE_CLASS_OF_DEV:
2135 hci_cc_write_class_of_dev(hdev, skb);
2136 break;
2137
2138 case HCI_OP_READ_VOICE_SETTING:
2139 hci_cc_read_voice_setting(hdev, skb);
2140 break;
2141
2142 case HCI_OP_WRITE_VOICE_SETTING:
2143 hci_cc_write_voice_setting(hdev, skb);
2144 break;
2145
2146 case HCI_OP_WRITE_SSP_MODE:
2147 hci_cc_write_ssp_mode(hdev, skb);
2148 break;
2149
2150 case HCI_OP_READ_LOCAL_VERSION:
2151 hci_cc_read_local_version(hdev, skb);
2152 break;
2153
2154 case HCI_OP_READ_LOCAL_COMMANDS:
2155 hci_cc_read_local_commands(hdev, skb);
2156 break;
2157
2158 case HCI_OP_READ_LOCAL_FEATURES:
2159 hci_cc_read_local_features(hdev, skb);
2160 break;
2161
2162 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2163 hci_cc_read_local_ext_features(hdev, skb);
2164 break;
2165
2166 case HCI_OP_READ_BUFFER_SIZE:
2167 hci_cc_read_buffer_size(hdev, skb);
2168 break;
2169
2170 case HCI_OP_READ_BD_ADDR:
2171 hci_cc_read_bd_addr(hdev, skb);
2172 break;
2173
2174 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2175 hci_cc_read_page_scan_activity(hdev, skb);
2176 break;
2177
2178 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2179 hci_cc_write_page_scan_activity(hdev, skb);
2180 break;
2181
2182 case HCI_OP_READ_PAGE_SCAN_TYPE:
2183 hci_cc_read_page_scan_type(hdev, skb);
2184 break;
2185
2186 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2187 hci_cc_write_page_scan_type(hdev, skb);
2188 break;
2189
2190 case HCI_OP_READ_DATA_BLOCK_SIZE:
2191 hci_cc_read_data_block_size(hdev, skb);
2192 break;
2193
2194 case HCI_OP_READ_FLOW_CONTROL_MODE:
2195 hci_cc_read_flow_control_mode(hdev, skb);
2196 break;
2197
2198 case HCI_OP_READ_LOCAL_AMP_INFO:
2199 hci_cc_read_local_amp_info(hdev, skb);
2200 break;
2201
2202 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2203 hci_cc_read_local_amp_assoc(hdev, skb);
2204 break;
2205
2206 case HCI_OP_READ_INQ_RSP_TX_POWER:
2207 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2208 break;
2209
2210 case HCI_OP_PIN_CODE_REPLY:
2211 hci_cc_pin_code_reply(hdev, skb);
2212 break;
2213
2214 case HCI_OP_PIN_CODE_NEG_REPLY:
2215 hci_cc_pin_code_neg_reply(hdev, skb);
2216 break;
2217
2218 case HCI_OP_READ_LOCAL_OOB_DATA:
2219 hci_cc_read_local_oob_data_reply(hdev, skb);
2220 break;
2221
2222 case HCI_OP_LE_READ_BUFFER_SIZE:
2223 hci_cc_le_read_buffer_size(hdev, skb);
2224 break;
2225
2226 case HCI_OP_LE_READ_LOCAL_FEATURES:
2227 hci_cc_le_read_local_features(hdev, skb);
2228 break;
2229
2230 case HCI_OP_LE_READ_ADV_TX_POWER:
2231 hci_cc_le_read_adv_tx_power(hdev, skb);
2232 break;
2233
2234 case HCI_OP_USER_CONFIRM_REPLY:
2235 hci_cc_user_confirm_reply(hdev, skb);
2236 break;
2237
2238 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2239 hci_cc_user_confirm_neg_reply(hdev, skb);
2240 break;
2241
2242 case HCI_OP_USER_PASSKEY_REPLY:
2243 hci_cc_user_passkey_reply(hdev, skb);
2244 break;
2245
2246 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2247 hci_cc_user_passkey_neg_reply(hdev, skb);
2248 break;
2249
2250 case HCI_OP_LE_SET_ADV_ENABLE:
2251 hci_cc_le_set_adv_enable(hdev, skb);
2252 break;
2253
2254 case HCI_OP_LE_SET_SCAN_ENABLE:
2255 hci_cc_le_set_scan_enable(hdev, skb);
2256 break;
2257
2258 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2259 hci_cc_le_read_white_list_size(hdev, skb);
2260 break;
2261
2262 case HCI_OP_LE_READ_SUPPORTED_STATES:
2263 hci_cc_le_read_supported_states(hdev, skb);
2264 break;
2265
2266 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2267 hci_cc_write_le_host_supported(hdev, skb);
2268 break;
2269
2270 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2271 hci_cc_write_remote_amp_assoc(hdev, skb);
2272 break;
2273
2274 default:
2275 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2276 break;
2277 }
2278
2279 if (opcode != HCI_OP_NOP)
2280 del_timer(&hdev->cmd_timer);
2281
2282 hci_req_cmd_complete(hdev, opcode, status);
2283
2284 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2285 atomic_set(&hdev->cmd_cnt, 1);
2286 if (!skb_queue_empty(&hdev->cmd_q))
2287 queue_work(hdev->workqueue, &hdev->cmd_work);
2288 }
2289 }
2290
2291 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2292 {
2293 struct hci_ev_cmd_status *ev = (void *) skb->data;
2294 __u16 opcode;
2295
2296 skb_pull(skb, sizeof(*ev));
2297
2298 opcode = __le16_to_cpu(ev->opcode);
2299
2300 switch (opcode) {
2301 case HCI_OP_INQUIRY:
2302 hci_cs_inquiry(hdev, ev->status);
2303 break;
2304
2305 case HCI_OP_CREATE_CONN:
2306 hci_cs_create_conn(hdev, ev->status);
2307 break;
2308
2309 case HCI_OP_ADD_SCO:
2310 hci_cs_add_sco(hdev, ev->status);
2311 break;
2312
2313 case HCI_OP_AUTH_REQUESTED:
2314 hci_cs_auth_requested(hdev, ev->status);
2315 break;
2316
2317 case HCI_OP_SET_CONN_ENCRYPT:
2318 hci_cs_set_conn_encrypt(hdev, ev->status);
2319 break;
2320
2321 case HCI_OP_REMOTE_NAME_REQ:
2322 hci_cs_remote_name_req(hdev, ev->status);
2323 break;
2324
2325 case HCI_OP_READ_REMOTE_FEATURES:
2326 hci_cs_read_remote_features(hdev, ev->status);
2327 break;
2328
2329 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2330 hci_cs_read_remote_ext_features(hdev, ev->status);
2331 break;
2332
2333 case HCI_OP_SETUP_SYNC_CONN:
2334 hci_cs_setup_sync_conn(hdev, ev->status);
2335 break;
2336
2337 case HCI_OP_SNIFF_MODE:
2338 hci_cs_sniff_mode(hdev, ev->status);
2339 break;
2340
2341 case HCI_OP_EXIT_SNIFF_MODE:
2342 hci_cs_exit_sniff_mode(hdev, ev->status);
2343 break;
2344
2345 case HCI_OP_DISCONNECT:
2346 hci_cs_disconnect(hdev, ev->status);
2347 break;
2348
2349 case HCI_OP_LE_CREATE_CONN:
2350 hci_cs_le_create_conn(hdev, ev->status);
2351 break;
2352
2353 case HCI_OP_CREATE_PHY_LINK:
2354 hci_cs_create_phylink(hdev, ev->status);
2355 break;
2356
2357 case HCI_OP_ACCEPT_PHY_LINK:
2358 hci_cs_accept_phylink(hdev, ev->status);
2359 break;
2360
2361 default:
2362 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2363 break;
2364 }
2365
2366 if (opcode != HCI_OP_NOP)
2367 del_timer(&hdev->cmd_timer);
2368
2369 if (ev->status ||
2370 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2371 hci_req_cmd_complete(hdev, opcode, ev->status);
2372
2373 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2374 atomic_set(&hdev->cmd_cnt, 1);
2375 if (!skb_queue_empty(&hdev->cmd_q))
2376 queue_work(hdev->workqueue, &hdev->cmd_work);
2377 }
2378 }
2379
2380 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2381 {
2382 struct hci_ev_role_change *ev = (void *) skb->data;
2383 struct hci_conn *conn;
2384
2385 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2386
2387 hci_dev_lock(hdev);
2388
2389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2390 if (conn) {
2391 if (!ev->status) {
2392 if (ev->role)
2393 conn->link_mode &= ~HCI_LM_MASTER;
2394 else
2395 conn->link_mode |= HCI_LM_MASTER;
2396 }
2397
2398 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2399
2400 hci_role_switch_cfm(conn, ev->status, ev->role);
2401 }
2402
2403 hci_dev_unlock(hdev);
2404 }
2405
2406 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2407 {
2408 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2409 int i;
2410
2411 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2412 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2413 return;
2414 }
2415
2416 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2417 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2418 BT_DBG("%s bad parameters", hdev->name);
2419 return;
2420 }
2421
2422 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2423
2424 for (i = 0; i < ev->num_hndl; i++) {
2425 struct hci_comp_pkts_info *info = &ev->handles[i];
2426 struct hci_conn *conn;
2427 __u16 handle, count;
2428
2429 handle = __le16_to_cpu(info->handle);
2430 count = __le16_to_cpu(info->count);
2431
2432 conn = hci_conn_hash_lookup_handle(hdev, handle);
2433 if (!conn)
2434 continue;
2435
2436 conn->sent -= count;
2437
2438 switch (conn->type) {
2439 case ACL_LINK:
2440 hdev->acl_cnt += count;
2441 if (hdev->acl_cnt > hdev->acl_pkts)
2442 hdev->acl_cnt = hdev->acl_pkts;
2443 break;
2444
2445 case LE_LINK:
2446 if (hdev->le_pkts) {
2447 hdev->le_cnt += count;
2448 if (hdev->le_cnt > hdev->le_pkts)
2449 hdev->le_cnt = hdev->le_pkts;
2450 } else {
2451 hdev->acl_cnt += count;
2452 if (hdev->acl_cnt > hdev->acl_pkts)
2453 hdev->acl_cnt = hdev->acl_pkts;
2454 }
2455 break;
2456
2457 case SCO_LINK:
2458 hdev->sco_cnt += count;
2459 if (hdev->sco_cnt > hdev->sco_pkts)
2460 hdev->sco_cnt = hdev->sco_pkts;
2461 break;
2462
2463 default:
2464 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2465 break;
2466 }
2467 }
2468
2469 queue_work(hdev->workqueue, &hdev->tx_work);
2470 }
2471
2472 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2473 __u16 handle)
2474 {
2475 struct hci_chan *chan;
2476
2477 switch (hdev->dev_type) {
2478 case HCI_BREDR:
2479 return hci_conn_hash_lookup_handle(hdev, handle);
2480 case HCI_AMP:
2481 chan = hci_chan_lookup_handle(hdev, handle);
2482 if (chan)
2483 return chan->conn;
2484 break;
2485 default:
2486 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2487 break;
2488 }
2489
2490 return NULL;
2491 }
2492
2493 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2494 {
2495 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2496 int i;
2497
2498 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2499 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2500 return;
2501 }
2502
2503 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2504 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2505 BT_DBG("%s bad parameters", hdev->name);
2506 return;
2507 }
2508
2509 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2510 ev->num_hndl);
2511
2512 for (i = 0; i < ev->num_hndl; i++) {
2513 struct hci_comp_blocks_info *info = &ev->handles[i];
2514 struct hci_conn *conn = NULL;
2515 __u16 handle, block_count;
2516
2517 handle = __le16_to_cpu(info->handle);
2518 block_count = __le16_to_cpu(info->blocks);
2519
2520 conn = __hci_conn_lookup_handle(hdev, handle);
2521 if (!conn)
2522 continue;
2523
2524 conn->sent -= block_count;
2525
2526 switch (conn->type) {
2527 case ACL_LINK:
2528 case AMP_LINK:
2529 hdev->block_cnt += block_count;
2530 if (hdev->block_cnt > hdev->num_blocks)
2531 hdev->block_cnt = hdev->num_blocks;
2532 break;
2533
2534 default:
2535 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2536 break;
2537 }
2538 }
2539
2540 queue_work(hdev->workqueue, &hdev->tx_work);
2541 }
2542
2543 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2544 {
2545 struct hci_ev_mode_change *ev = (void *) skb->data;
2546 struct hci_conn *conn;
2547
2548 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2549
2550 hci_dev_lock(hdev);
2551
2552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2553 if (conn) {
2554 conn->mode = ev->mode;
2555 conn->interval = __le16_to_cpu(ev->interval);
2556
2557 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2558 &conn->flags)) {
2559 if (conn->mode == HCI_CM_ACTIVE)
2560 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2561 else
2562 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2563 }
2564
2565 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2566 hci_sco_setup(conn, ev->status);
2567 }
2568
2569 hci_dev_unlock(hdev);
2570 }
2571
2572 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2573 {
2574 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2575 struct hci_conn *conn;
2576
2577 BT_DBG("%s", hdev->name);
2578
2579 hci_dev_lock(hdev);
2580
2581 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2582 if (!conn)
2583 goto unlock;
2584
2585 if (conn->state == BT_CONNECTED) {
2586 hci_conn_hold(conn);
2587 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2588 hci_conn_drop(conn);
2589 }
2590
2591 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2592 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2593 sizeof(ev->bdaddr), &ev->bdaddr);
2594 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2595 u8 secure;
2596
2597 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2598 secure = 1;
2599 else
2600 secure = 0;
2601
2602 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2603 }
2604
2605 unlock:
2606 hci_dev_unlock(hdev);
2607 }
2608
2609 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2610 {
2611 struct hci_ev_link_key_req *ev = (void *) skb->data;
2612 struct hci_cp_link_key_reply cp;
2613 struct hci_conn *conn;
2614 struct link_key *key;
2615
2616 BT_DBG("%s", hdev->name);
2617
2618 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2619 return;
2620
2621 hci_dev_lock(hdev);
2622
2623 key = hci_find_link_key(hdev, &ev->bdaddr);
2624 if (!key) {
2625 BT_DBG("%s link key not found for %pMR", hdev->name,
2626 &ev->bdaddr);
2627 goto not_found;
2628 }
2629
2630 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2631 &ev->bdaddr);
2632
2633 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2634 key->type == HCI_LK_DEBUG_COMBINATION) {
2635 BT_DBG("%s ignoring debug key", hdev->name);
2636 goto not_found;
2637 }
2638
2639 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2640 if (conn) {
2641 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2642 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2643 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2644 goto not_found;
2645 }
2646
2647 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2648 conn->pending_sec_level == BT_SECURITY_HIGH) {
2649 BT_DBG("%s ignoring key unauthenticated for high security",
2650 hdev->name);
2651 goto not_found;
2652 }
2653
2654 conn->key_type = key->type;
2655 conn->pin_length = key->pin_len;
2656 }
2657
2658 bacpy(&cp.bdaddr, &ev->bdaddr);
2659 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2660
2661 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2662
2663 hci_dev_unlock(hdev);
2664
2665 return;
2666
2667 not_found:
2668 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2669 hci_dev_unlock(hdev);
2670 }
2671
2672 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2673 {
2674 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2675 struct hci_conn *conn;
2676 u8 pin_len = 0;
2677
2678 BT_DBG("%s", hdev->name);
2679
2680 hci_dev_lock(hdev);
2681
2682 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2683 if (conn) {
2684 hci_conn_hold(conn);
2685 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2686 pin_len = conn->pin_length;
2687
2688 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2689 conn->key_type = ev->key_type;
2690
2691 hci_conn_drop(conn);
2692 }
2693
2694 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2695 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2696 ev->key_type, pin_len);
2697
2698 hci_dev_unlock(hdev);
2699 }
2700
2701 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2702 {
2703 struct hci_ev_clock_offset *ev = (void *) skb->data;
2704 struct hci_conn *conn;
2705
2706 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2707
2708 hci_dev_lock(hdev);
2709
2710 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2711 if (conn && !ev->status) {
2712 struct inquiry_entry *ie;
2713
2714 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2715 if (ie) {
2716 ie->data.clock_offset = ev->clock_offset;
2717 ie->timestamp = jiffies;
2718 }
2719 }
2720
2721 hci_dev_unlock(hdev);
2722 }
2723
2724 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2725 {
2726 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2727 struct hci_conn *conn;
2728
2729 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2730
2731 hci_dev_lock(hdev);
2732
2733 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2734 if (conn && !ev->status)
2735 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2736
2737 hci_dev_unlock(hdev);
2738 }
2739
2740 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2741 {
2742 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2743 struct inquiry_entry *ie;
2744
2745 BT_DBG("%s", hdev->name);
2746
2747 hci_dev_lock(hdev);
2748
2749 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2750 if (ie) {
2751 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2752 ie->timestamp = jiffies;
2753 }
2754
2755 hci_dev_unlock(hdev);
2756 }
2757
2758 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2759 struct sk_buff *skb)
2760 {
2761 struct inquiry_data data;
2762 int num_rsp = *((__u8 *) skb->data);
2763 bool name_known, ssp;
2764
2765 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2766
2767 if (!num_rsp)
2768 return;
2769
2770 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2771 return;
2772
2773 hci_dev_lock(hdev);
2774
2775 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2776 struct inquiry_info_with_rssi_and_pscan_mode *info;
2777 info = (void *) (skb->data + 1);
2778
2779 for (; num_rsp; num_rsp--, info++) {
2780 bacpy(&data.bdaddr, &info->bdaddr);
2781 data.pscan_rep_mode = info->pscan_rep_mode;
2782 data.pscan_period_mode = info->pscan_period_mode;
2783 data.pscan_mode = info->pscan_mode;
2784 memcpy(data.dev_class, info->dev_class, 3);
2785 data.clock_offset = info->clock_offset;
2786 data.rssi = info->rssi;
2787 data.ssp_mode = 0x00;
2788
2789 name_known = hci_inquiry_cache_update(hdev, &data,
2790 false, &ssp);
2791 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2792 info->dev_class, info->rssi,
2793 !name_known, ssp, NULL, 0);
2794 }
2795 } else {
2796 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2797
2798 for (; num_rsp; num_rsp--, info++) {
2799 bacpy(&data.bdaddr, &info->bdaddr);
2800 data.pscan_rep_mode = info->pscan_rep_mode;
2801 data.pscan_period_mode = info->pscan_period_mode;
2802 data.pscan_mode = 0x00;
2803 memcpy(data.dev_class, info->dev_class, 3);
2804 data.clock_offset = info->clock_offset;
2805 data.rssi = info->rssi;
2806 data.ssp_mode = 0x00;
2807 name_known = hci_inquiry_cache_update(hdev, &data,
2808 false, &ssp);
2809 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2810 info->dev_class, info->rssi,
2811 !name_known, ssp, NULL, 0);
2812 }
2813 }
2814
2815 hci_dev_unlock(hdev);
2816 }
2817
2818 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2819 struct sk_buff *skb)
2820 {
2821 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2822 struct hci_conn *conn;
2823
2824 BT_DBG("%s", hdev->name);
2825
2826 hci_dev_lock(hdev);
2827
2828 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2829 if (!conn)
2830 goto unlock;
2831
2832 if (ev->page < HCI_MAX_PAGES)
2833 memcpy(conn->features[ev->page], ev->features, 8);
2834
2835 if (!ev->status && ev->page == 0x01) {
2836 struct inquiry_entry *ie;
2837
2838 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2839 if (ie)
2840 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2841
2842 if (ev->features[0] & LMP_HOST_SSP) {
2843 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2844 } else {
2845 /* It is mandatory by the Bluetooth specification that
2846 * Extended Inquiry Results are only used when Secure
2847 * Simple Pairing is enabled, but some devices violate
2848 * this.
2849 *
2850 * To make these devices work, the internal SSP
2851 * enabled flag needs to be cleared if the remote host
2852 * features do not indicate SSP support */
2853 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2854 }
2855 }
2856
2857 if (conn->state != BT_CONFIG)
2858 goto unlock;
2859
2860 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2861 struct hci_cp_remote_name_req cp;
2862 memset(&cp, 0, sizeof(cp));
2863 bacpy(&cp.bdaddr, &conn->dst);
2864 cp.pscan_rep_mode = 0x02;
2865 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2866 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2867 mgmt_device_connected(hdev, &conn->dst, conn->type,
2868 conn->dst_type, 0, NULL, 0,
2869 conn->dev_class);
2870
2871 if (!hci_outgoing_auth_needed(hdev, conn)) {
2872 conn->state = BT_CONNECTED;
2873 hci_proto_connect_cfm(conn, ev->status);
2874 hci_conn_drop(conn);
2875 }
2876
2877 unlock:
2878 hci_dev_unlock(hdev);
2879 }
2880
2881 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2882 struct sk_buff *skb)
2883 {
2884 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2885 struct hci_conn *conn;
2886
2887 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2888
2889 hci_dev_lock(hdev);
2890
2891 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2892 if (!conn) {
2893 if (ev->link_type == ESCO_LINK)
2894 goto unlock;
2895
2896 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2897 if (!conn)
2898 goto unlock;
2899
2900 conn->type = SCO_LINK;
2901 }
2902
2903 switch (ev->status) {
2904 case 0x00:
2905 conn->handle = __le16_to_cpu(ev->handle);
2906 conn->state = BT_CONNECTED;
2907
2908 hci_conn_add_sysfs(conn);
2909 break;
2910
2911 case 0x0d: /* Connection Rejected due to Limited Resources */
2912 case 0x11: /* Unsupported Feature or Parameter Value */
2913 case 0x1c: /* SCO interval rejected */
2914 case 0x1a: /* Unsupported Remote Feature */
2915 case 0x1f: /* Unspecified error */
2916 if (conn->out) {
2917 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2918 (hdev->esco_type & EDR_ESCO_MASK);
2919 if (hci_setup_sync(conn, conn->link->handle))
2920 goto unlock;
2921 }
2922 /* fall through */
2923
2924 default:
2925 conn->state = BT_CLOSED;
2926 break;
2927 }
2928
2929 hci_proto_connect_cfm(conn, ev->status);
2930 if (ev->status)
2931 hci_conn_del(conn);
2932
2933 unlock:
2934 hci_dev_unlock(hdev);
2935 }
2936
2937 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2938 struct sk_buff *skb)
2939 {
2940 struct inquiry_data data;
2941 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2942 int num_rsp = *((__u8 *) skb->data);
2943 size_t eir_len;
2944
2945 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2946
2947 if (!num_rsp)
2948 return;
2949
2950 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2951 return;
2952
2953 hci_dev_lock(hdev);
2954
2955 for (; num_rsp; num_rsp--, info++) {
2956 bool name_known, ssp;
2957
2958 bacpy(&data.bdaddr, &info->bdaddr);
2959 data.pscan_rep_mode = info->pscan_rep_mode;
2960 data.pscan_period_mode = info->pscan_period_mode;
2961 data.pscan_mode = 0x00;
2962 memcpy(data.dev_class, info->dev_class, 3);
2963 data.clock_offset = info->clock_offset;
2964 data.rssi = info->rssi;
2965 data.ssp_mode = 0x01;
2966
2967 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2968 name_known = eir_has_data_type(info->data,
2969 sizeof(info->data),
2970 EIR_NAME_COMPLETE);
2971 else
2972 name_known = true;
2973
2974 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2975 &ssp);
2976 eir_len = eir_get_length(info->data, sizeof(info->data));
2977 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2978 info->dev_class, info->rssi, !name_known,
2979 ssp, info->data, eir_len);
2980 }
2981
2982 hci_dev_unlock(hdev);
2983 }
2984
2985 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2986 struct sk_buff *skb)
2987 {
2988 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2989 struct hci_conn *conn;
2990
2991 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2992 __le16_to_cpu(ev->handle));
2993
2994 hci_dev_lock(hdev);
2995
2996 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2997 if (!conn)
2998 goto unlock;
2999
3000 /* For BR/EDR the necessary steps are taken through the
3001 * auth_complete event.
3002 */
3003 if (conn->type != LE_LINK)
3004 goto unlock;
3005
3006 if (!ev->status)
3007 conn->sec_level = conn->pending_sec_level;
3008
3009 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3010
3011 if (ev->status && conn->state == BT_CONNECTED) {
3012 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3013 hci_conn_drop(conn);
3014 goto unlock;
3015 }
3016
3017 if (conn->state == BT_CONFIG) {
3018 if (!ev->status)
3019 conn->state = BT_CONNECTED;
3020
3021 hci_proto_connect_cfm(conn, ev->status);
3022 hci_conn_drop(conn);
3023 } else {
3024 hci_auth_cfm(conn, ev->status);
3025
3026 hci_conn_hold(conn);
3027 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3028 hci_conn_drop(conn);
3029 }
3030
3031 unlock:
3032 hci_dev_unlock(hdev);
3033 }
3034
3035 static u8 hci_get_auth_req(struct hci_conn *conn)
3036 {
3037 /* If remote requests dedicated bonding follow that lead */
3038 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3039 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3040 /* If both remote and local IO capabilities allow MITM
3041 * protection then require it, otherwise don't */
3042 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3043 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3044 return HCI_AT_DEDICATED_BONDING;
3045 else
3046 return HCI_AT_DEDICATED_BONDING_MITM;
3047 }
3048
3049 /* If remote requests no-bonding follow that lead */
3050 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3051 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3052 return conn->remote_auth | (conn->auth_type & 0x01);
3053
3054 return conn->auth_type;
3055 }
3056
3057 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3058 {
3059 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3060 struct hci_conn *conn;
3061
3062 BT_DBG("%s", hdev->name);
3063
3064 hci_dev_lock(hdev);
3065
3066 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3067 if (!conn)
3068 goto unlock;
3069
3070 hci_conn_hold(conn);
3071
3072 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3073 goto unlock;
3074
3075 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3076 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3077 struct hci_cp_io_capability_reply cp;
3078
3079 bacpy(&cp.bdaddr, &ev->bdaddr);
3080 /* Change the IO capability from KeyboardDisplay
3081 * to DisplayYesNo as it is not supported by BT spec. */
3082 cp.capability = (conn->io_capability == 0x04) ?
3083 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3084 conn->auth_type = hci_get_auth_req(conn);
3085 cp.authentication = conn->auth_type;
3086
3087 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3088 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3089 cp.oob_data = 0x01;
3090 else
3091 cp.oob_data = 0x00;
3092
3093 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3094 sizeof(cp), &cp);
3095 } else {
3096 struct hci_cp_io_capability_neg_reply cp;
3097
3098 bacpy(&cp.bdaddr, &ev->bdaddr);
3099 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3100
3101 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3102 sizeof(cp), &cp);
3103 }
3104
3105 unlock:
3106 hci_dev_unlock(hdev);
3107 }
3108
3109 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3110 {
3111 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3112 struct hci_conn *conn;
3113
3114 BT_DBG("%s", hdev->name);
3115
3116 hci_dev_lock(hdev);
3117
3118 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3119 if (!conn)
3120 goto unlock;
3121
3122 conn->remote_cap = ev->capability;
3123 conn->remote_auth = ev->authentication;
3124 if (ev->oob_data)
3125 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3126
3127 unlock:
3128 hci_dev_unlock(hdev);
3129 }
3130
3131 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3132 struct sk_buff *skb)
3133 {
3134 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3135 int loc_mitm, rem_mitm, confirm_hint = 0;
3136 struct hci_conn *conn;
3137
3138 BT_DBG("%s", hdev->name);
3139
3140 hci_dev_lock(hdev);
3141
3142 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3143 goto unlock;
3144
3145 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3146 if (!conn)
3147 goto unlock;
3148
3149 loc_mitm = (conn->auth_type & 0x01);
3150 rem_mitm = (conn->remote_auth & 0x01);
3151
3152 /* If we require MITM but the remote device can't provide that
3153 * (it has NoInputNoOutput) then reject the confirmation
3154 * request. The only exception is when we're dedicated bonding
3155 * initiators (connect_cfm_cb set) since then we always have the MITM
3156 * bit set. */
3157 if (!conn->connect_cfm_cb && loc_mitm &&
3158 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3159 BT_DBG("Rejecting request: remote device can't provide MITM");
3160 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3161 sizeof(ev->bdaddr), &ev->bdaddr);
3162 goto unlock;
3163 }
3164
3165 /* If no side requires MITM protection; auto-accept */
3166 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3167 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3168
3169 /* If we're not the initiators request authorization to
3170 * proceed from user space (mgmt_user_confirm with
3171 * confirm_hint set to 1). The exception is if neither
3172 * side had MITM in which case we do auto-accept.
3173 */
3174 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3175 (loc_mitm || rem_mitm)) {
3176 BT_DBG("Confirming auto-accept as acceptor");
3177 confirm_hint = 1;
3178 goto confirm;
3179 }
3180
3181 BT_DBG("Auto-accept of user confirmation with %ums delay",
3182 hdev->auto_accept_delay);
3183
3184 if (hdev->auto_accept_delay > 0) {
3185 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3186 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3187 goto unlock;
3188 }
3189
3190 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3191 sizeof(ev->bdaddr), &ev->bdaddr);
3192 goto unlock;
3193 }
3194
3195 confirm:
3196 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3197 confirm_hint);
3198
3199 unlock:
3200 hci_dev_unlock(hdev);
3201 }
3202
3203 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3204 struct sk_buff *skb)
3205 {
3206 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3207
3208 BT_DBG("%s", hdev->name);
3209
3210 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3211 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3212 }
3213
3214 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3215 struct sk_buff *skb)
3216 {
3217 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3218 struct hci_conn *conn;
3219
3220 BT_DBG("%s", hdev->name);
3221
3222 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3223 if (!conn)
3224 return;
3225
3226 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3227 conn->passkey_entered = 0;
3228
3229 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3230 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3231 conn->dst_type, conn->passkey_notify,
3232 conn->passkey_entered);
3233 }
3234
3235 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3236 {
3237 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3238 struct hci_conn *conn;
3239
3240 BT_DBG("%s", hdev->name);
3241
3242 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3243 if (!conn)
3244 return;
3245
3246 switch (ev->type) {
3247 case HCI_KEYPRESS_STARTED:
3248 conn->passkey_entered = 0;
3249 return;
3250
3251 case HCI_KEYPRESS_ENTERED:
3252 conn->passkey_entered++;
3253 break;
3254
3255 case HCI_KEYPRESS_ERASED:
3256 conn->passkey_entered--;
3257 break;
3258
3259 case HCI_KEYPRESS_CLEARED:
3260 conn->passkey_entered = 0;
3261 break;
3262
3263 case HCI_KEYPRESS_COMPLETED:
3264 return;
3265 }
3266
3267 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3268 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3269 conn->dst_type, conn->passkey_notify,
3270 conn->passkey_entered);
3271 }
3272
3273 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3274 struct sk_buff *skb)
3275 {
3276 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3277 struct hci_conn *conn;
3278
3279 BT_DBG("%s", hdev->name);
3280
3281 hci_dev_lock(hdev);
3282
3283 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3284 if (!conn)
3285 goto unlock;
3286
3287 /* To avoid duplicate auth_failed events to user space we check
3288 * the HCI_CONN_AUTH_PEND flag which will be set if we
3289 * initiated the authentication. A traditional auth_complete
3290 * event gets always produced as initiator and is also mapped to
3291 * the mgmt_auth_failed event */
3292 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3293 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3294 ev->status);
3295
3296 hci_conn_drop(conn);
3297
3298 unlock:
3299 hci_dev_unlock(hdev);
3300 }
3301
3302 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3303 struct sk_buff *skb)
3304 {
3305 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3306 struct inquiry_entry *ie;
3307 struct hci_conn *conn;
3308
3309 BT_DBG("%s", hdev->name);
3310
3311 hci_dev_lock(hdev);
3312
3313 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3314 if (conn)
3315 memcpy(conn->features[1], ev->features, 8);
3316
3317 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3318 if (ie)
3319 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3320
3321 hci_dev_unlock(hdev);
3322 }
3323
3324 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3325 struct sk_buff *skb)
3326 {
3327 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3328 struct oob_data *data;
3329
3330 BT_DBG("%s", hdev->name);
3331
3332 hci_dev_lock(hdev);
3333
3334 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3335 goto unlock;
3336
3337 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3338 if (data) {
3339 struct hci_cp_remote_oob_data_reply cp;
3340
3341 bacpy(&cp.bdaddr, &ev->bdaddr);
3342 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3343 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3344
3345 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3346 &cp);
3347 } else {
3348 struct hci_cp_remote_oob_data_neg_reply cp;
3349
3350 bacpy(&cp.bdaddr, &ev->bdaddr);
3351 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3352 &cp);
3353 }
3354
3355 unlock:
3356 hci_dev_unlock(hdev);
3357 }
3358
3359 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3360 struct sk_buff *skb)
3361 {
3362 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3363 struct hci_conn *hcon, *bredr_hcon;
3364
3365 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3366 ev->status);
3367
3368 hci_dev_lock(hdev);
3369
3370 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3371 if (!hcon) {
3372 hci_dev_unlock(hdev);
3373 return;
3374 }
3375
3376 if (ev->status) {
3377 hci_conn_del(hcon);
3378 hci_dev_unlock(hdev);
3379 return;
3380 }
3381
3382 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3383
3384 hcon->state = BT_CONNECTED;
3385 bacpy(&hcon->dst, &bredr_hcon->dst);
3386
3387 hci_conn_hold(hcon);
3388 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3389 hci_conn_drop(hcon);
3390
3391 hci_conn_add_sysfs(hcon);
3392
3393 amp_physical_cfm(bredr_hcon, hcon);
3394
3395 hci_dev_unlock(hdev);
3396 }
3397
3398 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3399 {
3400 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3401 struct hci_conn *hcon;
3402 struct hci_chan *hchan;
3403 struct amp_mgr *mgr;
3404
3405 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3406 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3407 ev->status);
3408
3409 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3410 if (!hcon)
3411 return;
3412
3413 /* Create AMP hchan */
3414 hchan = hci_chan_create(hcon);
3415 if (!hchan)
3416 return;
3417
3418 hchan->handle = le16_to_cpu(ev->handle);
3419
3420 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3421
3422 mgr = hcon->amp_mgr;
3423 if (mgr && mgr->bredr_chan) {
3424 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3425
3426 l2cap_chan_lock(bredr_chan);
3427
3428 bredr_chan->conn->mtu = hdev->block_mtu;
3429 l2cap_logical_cfm(bredr_chan, hchan, 0);
3430 hci_conn_hold(hcon);
3431
3432 l2cap_chan_unlock(bredr_chan);
3433 }
3434 }
3435
3436 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3437 struct sk_buff *skb)
3438 {
3439 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3440 struct hci_chan *hchan;
3441
3442 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3443 le16_to_cpu(ev->handle), ev->status);
3444
3445 if (ev->status)
3446 return;
3447
3448 hci_dev_lock(hdev);
3449
3450 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3451 if (!hchan)
3452 goto unlock;
3453
3454 amp_destroy_logical_link(hchan, ev->reason);
3455
3456 unlock:
3457 hci_dev_unlock(hdev);
3458 }
3459
3460 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3461 struct sk_buff *skb)
3462 {
3463 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3464 struct hci_conn *hcon;
3465
3466 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3467
3468 if (ev->status)
3469 return;
3470
3471 hci_dev_lock(hdev);
3472
3473 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3474 if (hcon) {
3475 hcon->state = BT_CLOSED;
3476 hci_conn_del(hcon);
3477 }
3478
3479 hci_dev_unlock(hdev);
3480 }
3481
3482 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3483 {
3484 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3485 struct hci_conn *conn;
3486
3487 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3488
3489 hci_dev_lock(hdev);
3490
3491 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3492 if (!conn) {
3493 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3494 if (!conn) {
3495 BT_ERR("No memory for new connection");
3496 goto unlock;
3497 }
3498
3499 conn->dst_type = ev->bdaddr_type;
3500
3501 if (ev->role == LE_CONN_ROLE_MASTER) {
3502 conn->out = true;
3503 conn->link_mode |= HCI_LM_MASTER;
3504 }
3505 }
3506
3507 if (ev->status) {
3508 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3509 conn->dst_type, ev->status);
3510 hci_proto_connect_cfm(conn, ev->status);
3511 conn->state = BT_CLOSED;
3512 hci_conn_del(conn);
3513 goto unlock;
3514 }
3515
3516 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3517 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3518 conn->dst_type, 0, NULL, 0, NULL);
3519
3520 conn->sec_level = BT_SECURITY_LOW;
3521 conn->handle = __le16_to_cpu(ev->handle);
3522 conn->state = BT_CONNECTED;
3523
3524 hci_conn_add_sysfs(conn);
3525
3526 hci_proto_connect_cfm(conn, ev->status);
3527
3528 unlock:
3529 hci_dev_unlock(hdev);
3530 }
3531
3532 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3533 {
3534 u8 num_reports = skb->data[0];
3535 void *ptr = &skb->data[1];
3536 s8 rssi;
3537
3538 while (num_reports--) {
3539 struct hci_ev_le_advertising_info *ev = ptr;
3540
3541 rssi = ev->data[ev->length];
3542 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3543 NULL, rssi, 0, 1, ev->data, ev->length);
3544
3545 ptr += sizeof(*ev) + ev->length + 1;
3546 }
3547 }
3548
3549 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3550 {
3551 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3552 struct hci_cp_le_ltk_reply cp;
3553 struct hci_cp_le_ltk_neg_reply neg;
3554 struct hci_conn *conn;
3555 struct smp_ltk *ltk;
3556
3557 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3558
3559 hci_dev_lock(hdev);
3560
3561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3562 if (conn == NULL)
3563 goto not_found;
3564
3565 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3566 if (ltk == NULL)
3567 goto not_found;
3568
3569 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3570 cp.handle = cpu_to_le16(conn->handle);
3571
3572 if (ltk->authenticated)
3573 conn->pending_sec_level = BT_SECURITY_HIGH;
3574 else
3575 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3576
3577 conn->enc_key_size = ltk->enc_size;
3578
3579 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3580
3581 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
3582 * temporary key used to encrypt a connection following
3583 * pairing. It is used during the Encrypted Session Setup to
3584 * distribute the keys. Later, security can be re-established
3585 * using a distributed LTK.
3586 */
3587 if (ltk->type == HCI_SMP_STK_SLAVE) {
3588 list_del(&ltk->list);
3589 kfree(ltk);
3590 }
3591
3592 hci_dev_unlock(hdev);
3593
3594 return;
3595
3596 not_found:
3597 neg.handle = ev->handle;
3598 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3599 hci_dev_unlock(hdev);
3600 }
3601
3602 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3603 {
3604 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3605
3606 skb_pull(skb, sizeof(*le_ev));
3607
3608 switch (le_ev->subevent) {
3609 case HCI_EV_LE_CONN_COMPLETE:
3610 hci_le_conn_complete_evt(hdev, skb);
3611 break;
3612
3613 case HCI_EV_LE_ADVERTISING_REPORT:
3614 hci_le_adv_report_evt(hdev, skb);
3615 break;
3616
3617 case HCI_EV_LE_LTK_REQ:
3618 hci_le_ltk_request_evt(hdev, skb);
3619 break;
3620
3621 default:
3622 break;
3623 }
3624 }
3625
3626 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3627 {
3628 struct hci_ev_channel_selected *ev = (void *) skb->data;
3629 struct hci_conn *hcon;
3630
3631 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3632
3633 skb_pull(skb, sizeof(*ev));
3634
3635 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3636 if (!hcon)
3637 return;
3638
3639 amp_read_loc_assoc_final_data(hdev, hcon);
3640 }
3641
3642 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3643 {
3644 struct hci_event_hdr *hdr = (void *) skb->data;
3645 __u8 event = hdr->evt;
3646
3647 hci_dev_lock(hdev);
3648
3649 /* Received events are (currently) only needed when a request is
3650 * ongoing so avoid unnecessary memory allocation.
3651 */
3652 if (hdev->req_status == HCI_REQ_PEND) {
3653 kfree_skb(hdev->recv_evt);
3654 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3655 }
3656
3657 hci_dev_unlock(hdev);
3658
3659 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3660
3661 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3662 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3663 u16 opcode = __le16_to_cpu(hdr->opcode);
3664
3665 hci_req_cmd_complete(hdev, opcode, 0);
3666 }
3667
3668 switch (event) {
3669 case HCI_EV_INQUIRY_COMPLETE:
3670 hci_inquiry_complete_evt(hdev, skb);
3671 break;
3672
3673 case HCI_EV_INQUIRY_RESULT:
3674 hci_inquiry_result_evt(hdev, skb);
3675 break;
3676
3677 case HCI_EV_CONN_COMPLETE:
3678 hci_conn_complete_evt(hdev, skb);
3679 break;
3680
3681 case HCI_EV_CONN_REQUEST:
3682 hci_conn_request_evt(hdev, skb);
3683 break;
3684
3685 case HCI_EV_DISCONN_COMPLETE:
3686 hci_disconn_complete_evt(hdev, skb);
3687 break;
3688
3689 case HCI_EV_AUTH_COMPLETE:
3690 hci_auth_complete_evt(hdev, skb);
3691 break;
3692
3693 case HCI_EV_REMOTE_NAME:
3694 hci_remote_name_evt(hdev, skb);
3695 break;
3696
3697 case HCI_EV_ENCRYPT_CHANGE:
3698 hci_encrypt_change_evt(hdev, skb);
3699 break;
3700
3701 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3702 hci_change_link_key_complete_evt(hdev, skb);
3703 break;
3704
3705 case HCI_EV_REMOTE_FEATURES:
3706 hci_remote_features_evt(hdev, skb);
3707 break;
3708
3709 case HCI_EV_CMD_COMPLETE:
3710 hci_cmd_complete_evt(hdev, skb);
3711 break;
3712
3713 case HCI_EV_CMD_STATUS:
3714 hci_cmd_status_evt(hdev, skb);
3715 break;
3716
3717 case HCI_EV_ROLE_CHANGE:
3718 hci_role_change_evt(hdev, skb);
3719 break;
3720
3721 case HCI_EV_NUM_COMP_PKTS:
3722 hci_num_comp_pkts_evt(hdev, skb);
3723 break;
3724
3725 case HCI_EV_MODE_CHANGE:
3726 hci_mode_change_evt(hdev, skb);
3727 break;
3728
3729 case HCI_EV_PIN_CODE_REQ:
3730 hci_pin_code_request_evt(hdev, skb);
3731 break;
3732
3733 case HCI_EV_LINK_KEY_REQ:
3734 hci_link_key_request_evt(hdev, skb);
3735 break;
3736
3737 case HCI_EV_LINK_KEY_NOTIFY:
3738 hci_link_key_notify_evt(hdev, skb);
3739 break;
3740
3741 case HCI_EV_CLOCK_OFFSET:
3742 hci_clock_offset_evt(hdev, skb);
3743 break;
3744
3745 case HCI_EV_PKT_TYPE_CHANGE:
3746 hci_pkt_type_change_evt(hdev, skb);
3747 break;
3748
3749 case HCI_EV_PSCAN_REP_MODE:
3750 hci_pscan_rep_mode_evt(hdev, skb);
3751 break;
3752
3753 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3754 hci_inquiry_result_with_rssi_evt(hdev, skb);
3755 break;
3756
3757 case HCI_EV_REMOTE_EXT_FEATURES:
3758 hci_remote_ext_features_evt(hdev, skb);
3759 break;
3760
3761 case HCI_EV_SYNC_CONN_COMPLETE:
3762 hci_sync_conn_complete_evt(hdev, skb);
3763 break;
3764
3765 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3766 hci_extended_inquiry_result_evt(hdev, skb);
3767 break;
3768
3769 case HCI_EV_KEY_REFRESH_COMPLETE:
3770 hci_key_refresh_complete_evt(hdev, skb);
3771 break;
3772
3773 case HCI_EV_IO_CAPA_REQUEST:
3774 hci_io_capa_request_evt(hdev, skb);
3775 break;
3776
3777 case HCI_EV_IO_CAPA_REPLY:
3778 hci_io_capa_reply_evt(hdev, skb);
3779 break;
3780
3781 case HCI_EV_USER_CONFIRM_REQUEST:
3782 hci_user_confirm_request_evt(hdev, skb);
3783 break;
3784
3785 case HCI_EV_USER_PASSKEY_REQUEST:
3786 hci_user_passkey_request_evt(hdev, skb);
3787 break;
3788
3789 case HCI_EV_USER_PASSKEY_NOTIFY:
3790 hci_user_passkey_notify_evt(hdev, skb);
3791 break;
3792
3793 case HCI_EV_KEYPRESS_NOTIFY:
3794 hci_keypress_notify_evt(hdev, skb);
3795 break;
3796
3797 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3798 hci_simple_pair_complete_evt(hdev, skb);
3799 break;
3800
3801 case HCI_EV_REMOTE_HOST_FEATURES:
3802 hci_remote_host_features_evt(hdev, skb);
3803 break;
3804
3805 case HCI_EV_LE_META:
3806 hci_le_meta_evt(hdev, skb);
3807 break;
3808
3809 case HCI_EV_CHANNEL_SELECTED:
3810 hci_chan_selected_evt(hdev, skb);
3811 break;
3812
3813 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3814 hci_remote_oob_data_request_evt(hdev, skb);
3815 break;
3816
3817 case HCI_EV_PHY_LINK_COMPLETE:
3818 hci_phy_link_complete_evt(hdev, skb);
3819 break;
3820
3821 case HCI_EV_LOGICAL_LINK_COMPLETE:
3822 hci_loglink_complete_evt(hdev, skb);
3823 break;
3824
3825 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3826 hci_disconn_loglink_complete_evt(hdev, skb);
3827 break;
3828
3829 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3830 hci_disconn_phylink_complete_evt(hdev, skb);
3831 break;
3832
3833 case HCI_EV_NUM_COMP_BLOCKS:
3834 hci_num_comp_blocks_evt(hdev, skb);
3835 break;
3836
3837 default:
3838 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3839 break;
3840 }
3841
3842 kfree_skb(skb);
3843 hdev->stat.evt_rx++;
3844 }
Linux with added FPC-III support