]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/bluetooth/hci_event.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:


5935f748c0f9a6fe71cb3c0fe8baeaedb7019c37
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / hci_event.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #include "a2mp.h"
34 #include "amp.h"
35
36 /* Handle HCI Event packets */
37
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 {
40 __u8 status = *((__u8 *) skb->data);
41
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
43
44 if (status)
45 return;
46
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
50
51 hci_conn_check_pending(hdev);
52 }
53
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 {
56 __u8 status = *((__u8 *) skb->data);
57
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
59
60 if (status)
61 return;
62
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
64 }
65
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 {
68 __u8 status = *((__u8 *) skb->data);
69
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
71
72 if (status)
73 return;
74
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76
77 hci_conn_check_pending(hdev);
78 }
79
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
81 struct sk_buff *skb)
82 {
83 BT_DBG("%s", hdev->name);
84 }
85
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 {
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
90
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
92
93 if (rp->status)
94 return;
95
96 hci_dev_lock(hdev);
97
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
99 if (conn) {
100 if (rp->role)
101 conn->link_mode &= ~HCI_LM_MASTER;
102 else
103 conn->link_mode |= HCI_LM_MASTER;
104 }
105
106 hci_dev_unlock(hdev);
107 }
108
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 {
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
113
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
115
116 if (rp->status)
117 return;
118
119 hci_dev_lock(hdev);
120
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 if (conn)
123 conn->link_policy = __le16_to_cpu(rp->policy);
124
125 hci_dev_unlock(hdev);
126 }
127
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 {
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
132 void *sent;
133
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135
136 if (rp->status)
137 return;
138
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
140 if (!sent)
141 return;
142
143 hci_dev_lock(hdev);
144
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146 if (conn)
147 conn->link_policy = get_unaligned_le16(sent + 2);
148
149 hci_dev_unlock(hdev);
150 }
151
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
153 struct sk_buff *skb)
154 {
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163 }
164
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
166 struct sk_buff *skb)
167 {
168 __u8 status = *((__u8 *) skb->data);
169 void *sent;
170
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
172
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
174 if (!sent)
175 return;
176
177 if (!status)
178 hdev->link_policy = get_unaligned_le16(sent);
179 }
180
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 {
183 __u8 status = *((__u8 *) skb->data);
184
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
186
187 clear_bit(HCI_RESET, &hdev->flags);
188
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
198
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
201
202 hdev->ssp_debug_mode = 0;
203 }
204
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206 {
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
209
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
215
216 hci_dev_lock(hdev);
217
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223 hci_dev_unlock(hdev);
224 }
225
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 {
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
229
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
231
232 if (rp->status)
233 return;
234
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 }
238
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
240 {
241 __u8 status = *((__u8 *) skb->data);
242 void *sent;
243
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
245
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 if (!sent)
248 return;
249
250 if (!status) {
251 __u8 param = *((__u8 *) sent);
252
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
255 else
256 clear_bit(HCI_AUTH, &hdev->flags);
257 }
258
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
261 }
262
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 {
265 __u8 status = *((__u8 *) skb->data);
266 void *sent;
267
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
269
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
273
274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
282 }
283
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 {
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
288 void *sent;
289
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
291
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 if (!sent)
294 return;
295
296 param = *((__u8 *) sent);
297
298 hci_dev_lock(hdev);
299
300 if (status) {
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
303 goto done;
304 }
305
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
308 */
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
310
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
320
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
323 if (!old_pscan)
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
327
328 done:
329 hci_dev_unlock(hdev);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
337
338 if (rp->status)
339 return;
340
341 memcpy(hdev->dev_class, rp->dev_class, 3);
342
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
351
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
357
358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
367 }
368
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 {
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
381 if (hdev->voice_setting == setting)
382 return;
383
384 hdev->voice_setting = setting;
385
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387
388 if (hdev->notify)
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 }
391
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 struct sk_buff *skb)
394 {
395 __u8 status = *((__u8 *) skb->data);
396 __u16 setting;
397 void *sent;
398
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
400
401 if (status)
402 return;
403
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 if (!sent)
406 return;
407
408 setting = get_unaligned_le16(sent);
409
410 if (hdev->voice_setting == setting)
411 return;
412
413 hdev->voice_setting = setting;
414
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416
417 if (hdev->notify)
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 }
420
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423 {
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 }
435
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 {
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
440
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
442
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
444 if (!sent)
445 return;
446
447 if (!status) {
448 if (sent->mode)
449 hdev->features[1][0] |= LMP_HOST_SSP;
450 else
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
452 }
453
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456 else if (!status) {
457 if (sent->mode)
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 else
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 }
462 }
463
464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
465 {
466 struct hci_rp_read_local_version *rp = (void *) skb->data;
467
468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
469
470 if (rp->status)
471 return;
472
473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
474 hdev->hci_ver = rp->hci_ver;
475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
476 hdev->lmp_ver = rp->lmp_ver;
477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
479 }
480 }
481
482 static void hci_cc_read_local_commands(struct hci_dev *hdev,
483 struct sk_buff *skb)
484 {
485 struct hci_rp_read_local_commands *rp = (void *) skb->data;
486
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
488
489 if (!rp->status)
490 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
491 }
492
493 static void hci_cc_read_local_features(struct hci_dev *hdev,
494 struct sk_buff *skb)
495 {
496 struct hci_rp_read_local_features *rp = (void *) skb->data;
497
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
499
500 if (rp->status)
501 return;
502
503 memcpy(hdev->features, rp->features, 8);
504
505 /* Adjust default settings according to features
506 * supported by device. */
507
508 if (hdev->features[0][0] & LMP_3SLOT)
509 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
510
511 if (hdev->features[0][0] & LMP_5SLOT)
512 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
513
514 if (hdev->features[0][1] & LMP_HV2) {
515 hdev->pkt_type |= (HCI_HV2);
516 hdev->esco_type |= (ESCO_HV2);
517 }
518
519 if (hdev->features[0][1] & LMP_HV3) {
520 hdev->pkt_type |= (HCI_HV3);
521 hdev->esco_type |= (ESCO_HV3);
522 }
523
524 if (lmp_esco_capable(hdev))
525 hdev->esco_type |= (ESCO_EV3);
526
527 if (hdev->features[0][4] & LMP_EV4)
528 hdev->esco_type |= (ESCO_EV4);
529
530 if (hdev->features[0][4] & LMP_EV5)
531 hdev->esco_type |= (ESCO_EV5);
532
533 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
534 hdev->esco_type |= (ESCO_2EV3);
535
536 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
537 hdev->esco_type |= (ESCO_3EV3);
538
539 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
540 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
541
542 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
543 hdev->features[0][0], hdev->features[0][1],
544 hdev->features[0][2], hdev->features[0][3],
545 hdev->features[0][4], hdev->features[0][5],
546 hdev->features[0][6], hdev->features[0][7]);
547 }
548
549 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
550 struct sk_buff *skb)
551 {
552 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
553
554 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
555
556 if (rp->status)
557 return;
558
559 if (hdev->max_page < rp->max_page)
560 hdev->max_page = rp->max_page;
561
562 if (rp->page < HCI_MAX_PAGES)
563 memcpy(hdev->features[rp->page], rp->features, 8);
564 }
565
566 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
567 struct sk_buff *skb)
568 {
569 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
570
571 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
572
573 if (!rp->status)
574 hdev->flow_ctl_mode = rp->mode;
575 }
576
577 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
578 {
579 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
580
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
582
583 if (rp->status)
584 return;
585
586 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
587 hdev->sco_mtu = rp->sco_mtu;
588 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
589 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
590
591 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
592 hdev->sco_mtu = 64;
593 hdev->sco_pkts = 8;
594 }
595
596 hdev->acl_cnt = hdev->acl_pkts;
597 hdev->sco_cnt = hdev->sco_pkts;
598
599 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
600 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
601 }
602
603 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
604 {
605 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
606
607 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
608
609 if (!rp->status)
610 bacpy(&hdev->bdaddr, &rp->bdaddr);
611 }
612
613 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
614 struct sk_buff *skb)
615 {
616 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
617
618 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
619
620 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
621 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
622 hdev->page_scan_window = __le16_to_cpu(rp->window);
623 }
624 }
625
626 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
627 struct sk_buff *skb)
628 {
629 u8 status = *((u8 *) skb->data);
630 struct hci_cp_write_page_scan_activity *sent;
631
632 BT_DBG("%s status 0x%2.2x", hdev->name, status);
633
634 if (status)
635 return;
636
637 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
638 if (!sent)
639 return;
640
641 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
642 hdev->page_scan_window = __le16_to_cpu(sent->window);
643 }
644
645 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
646 struct sk_buff *skb)
647 {
648 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
649
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
653 hdev->page_scan_type = rp->type;
654 }
655
656 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
657 struct sk_buff *skb)
658 {
659 u8 status = *((u8 *) skb->data);
660 u8 *type;
661
662 BT_DBG("%s status 0x%2.2x", hdev->name, status);
663
664 if (status)
665 return;
666
667 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
668 if (type)
669 hdev->page_scan_type = *type;
670 }
671
672 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
673 struct sk_buff *skb)
674 {
675 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
676
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
678
679 if (rp->status)
680 return;
681
682 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
683 hdev->block_len = __le16_to_cpu(rp->block_len);
684 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
685
686 hdev->block_cnt = hdev->num_blocks;
687
688 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
689 hdev->block_cnt, hdev->block_len);
690 }
691
692 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
693 struct sk_buff *skb)
694 {
695 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
696
697 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
698
699 if (rp->status)
700 goto a2mp_rsp;
701
702 hdev->amp_status = rp->amp_status;
703 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
704 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
705 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
706 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
707 hdev->amp_type = rp->amp_type;
708 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
709 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
710 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
711 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
712
713 a2mp_rsp:
714 a2mp_send_getinfo_rsp(hdev);
715 }
716
717 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
718 struct sk_buff *skb)
719 {
720 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
721 struct amp_assoc *assoc = &hdev->loc_assoc;
722 size_t rem_len, frag_len;
723
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
725
726 if (rp->status)
727 goto a2mp_rsp;
728
729 frag_len = skb->len - sizeof(*rp);
730 rem_len = __le16_to_cpu(rp->rem_len);
731
732 if (rem_len > frag_len) {
733 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
734
735 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
736 assoc->offset += frag_len;
737
738 /* Read other fragments */
739 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
740
741 return;
742 }
743
744 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
745 assoc->len = assoc->offset + rem_len;
746 assoc->offset = 0;
747
748 a2mp_rsp:
749 /* Send A2MP Rsp when all fragments are received */
750 a2mp_send_getampassoc_rsp(hdev, rp->status);
751 a2mp_send_create_phy_link_req(hdev, rp->status);
752 }
753
754 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
755 struct sk_buff *skb)
756 {
757 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
758
759 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
760
761 if (!rp->status)
762 hdev->inq_tx_power = rp->tx_power;
763 }
764
765 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
766 {
767 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
768 struct hci_cp_pin_code_reply *cp;
769 struct hci_conn *conn;
770
771 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
772
773 hci_dev_lock(hdev);
774
775 if (test_bit(HCI_MGMT, &hdev->dev_flags))
776 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
777
778 if (rp->status)
779 goto unlock;
780
781 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
782 if (!cp)
783 goto unlock;
784
785 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
786 if (conn)
787 conn->pin_length = cp->pin_len;
788
789 unlock:
790 hci_dev_unlock(hdev);
791 }
792
793 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
794 {
795 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
796
797 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
798
799 hci_dev_lock(hdev);
800
801 if (test_bit(HCI_MGMT, &hdev->dev_flags))
802 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
803 rp->status);
804
805 hci_dev_unlock(hdev);
806 }
807
808 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
809 struct sk_buff *skb)
810 {
811 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
812
813 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
814
815 if (rp->status)
816 return;
817
818 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
819 hdev->le_pkts = rp->le_max_pkt;
820
821 hdev->le_cnt = hdev->le_pkts;
822
823 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
824 }
825
826 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
827 struct sk_buff *skb)
828 {
829 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
830
831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
832
833 if (!rp->status)
834 memcpy(hdev->le_features, rp->features, 8);
835 }
836
837 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
838 struct sk_buff *skb)
839 {
840 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
841
842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
843
844 if (!rp->status)
845 hdev->adv_tx_power = rp->tx_power;
846 }
847
848 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
849 {
850 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
851
852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853
854 hci_dev_lock(hdev);
855
856 if (test_bit(HCI_MGMT, &hdev->dev_flags))
857 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
858 rp->status);
859
860 hci_dev_unlock(hdev);
861 }
862
863 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
864 struct sk_buff *skb)
865 {
866 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
867
868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869
870 hci_dev_lock(hdev);
871
872 if (test_bit(HCI_MGMT, &hdev->dev_flags))
873 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
874 ACL_LINK, 0, rp->status);
875
876 hci_dev_unlock(hdev);
877 }
878
879 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
880 {
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882
883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
884
885 hci_dev_lock(hdev);
886
887 if (test_bit(HCI_MGMT, &hdev->dev_flags))
888 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
889 0, rp->status);
890
891 hci_dev_unlock(hdev);
892 }
893
894 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
895 struct sk_buff *skb)
896 {
897 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898
899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
900
901 hci_dev_lock(hdev);
902
903 if (test_bit(HCI_MGMT, &hdev->dev_flags))
904 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
905 ACL_LINK, 0, rp->status);
906
907 hci_dev_unlock(hdev);
908 }
909
910 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
911 struct sk_buff *skb)
912 {
913 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
914
915 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
916
917 hci_dev_lock(hdev);
918 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
919 rp->randomizer, rp->status);
920 hci_dev_unlock(hdev);
921 }
922
923 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
924 {
925 __u8 *sent, status = *((__u8 *) skb->data);
926
927 BT_DBG("%s status 0x%2.2x", hdev->name, status);
928
929 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
930 if (!sent)
931 return;
932
933 hci_dev_lock(hdev);
934
935 if (!status) {
936 if (*sent)
937 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
938 else
939 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
940 }
941
942 hci_dev_unlock(hdev);
943 }
944
945 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
946 struct sk_buff *skb)
947 {
948 struct hci_cp_le_set_scan_enable *cp;
949 __u8 status = *((__u8 *) skb->data);
950
951 BT_DBG("%s status 0x%2.2x", hdev->name, status);
952
953 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
954 if (!cp)
955 return;
956
957 if (status)
958 return;
959
960 switch (cp->enable) {
961 case LE_SCAN_ENABLE:
962 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
963 break;
964
965 case LE_SCAN_DISABLE:
966 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
967 break;
968
969 default:
970 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
971 break;
972 }
973 }
974
975 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
976 struct sk_buff *skb)
977 {
978 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
979
980 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
981
982 if (!rp->status)
983 hdev->le_white_list_size = rp->size;
984 }
985
986 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
987 struct sk_buff *skb)
988 {
989 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
990
991 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
992
993 if (!rp->status)
994 memcpy(hdev->le_states, rp->le_states, 8);
995 }
996
997 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
998 struct sk_buff *skb)
999 {
1000 struct hci_cp_write_le_host_supported *sent;
1001 __u8 status = *((__u8 *) skb->data);
1002
1003 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1004
1005 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1006 if (!sent)
1007 return;
1008
1009 if (!status) {
1010 if (sent->le) {
1011 hdev->features[1][0] |= LMP_HOST_LE;
1012 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1013 } else {
1014 hdev->features[1][0] &= ~LMP_HOST_LE;
1015 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1016 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1017 }
1018
1019 if (sent->simul)
1020 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1021 else
1022 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1023 }
1024 }
1025
1026 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1027 struct sk_buff *skb)
1028 {
1029 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1030
1031 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1032 hdev->name, rp->status, rp->phy_handle);
1033
1034 if (rp->status)
1035 return;
1036
1037 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1038 }
1039
1040 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1041 {
1042 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1043
1044 if (status) {
1045 hci_conn_check_pending(hdev);
1046 return;
1047 }
1048
1049 set_bit(HCI_INQUIRY, &hdev->flags);
1050 }
1051
1052 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1053 {
1054 struct hci_cp_create_conn *cp;
1055 struct hci_conn *conn;
1056
1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1058
1059 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1060 if (!cp)
1061 return;
1062
1063 hci_dev_lock(hdev);
1064
1065 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1066
1067 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1068
1069 if (status) {
1070 if (conn && conn->state == BT_CONNECT) {
1071 if (status != 0x0c || conn->attempt > 2) {
1072 conn->state = BT_CLOSED;
1073 hci_proto_connect_cfm(conn, status);
1074 hci_conn_del(conn);
1075 } else
1076 conn->state = BT_CONNECT2;
1077 }
1078 } else {
1079 if (!conn) {
1080 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1081 if (conn) {
1082 conn->out = true;
1083 conn->link_mode |= HCI_LM_MASTER;
1084 } else
1085 BT_ERR("No memory for new connection");
1086 }
1087 }
1088
1089 hci_dev_unlock(hdev);
1090 }
1091
1092 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1093 {
1094 struct hci_cp_add_sco *cp;
1095 struct hci_conn *acl, *sco;
1096 __u16 handle;
1097
1098 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1099
1100 if (!status)
1101 return;
1102
1103 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1104 if (!cp)
1105 return;
1106
1107 handle = __le16_to_cpu(cp->handle);
1108
1109 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1110
1111 hci_dev_lock(hdev);
1112
1113 acl = hci_conn_hash_lookup_handle(hdev, handle);
1114 if (acl) {
1115 sco = acl->link;
1116 if (sco) {
1117 sco->state = BT_CLOSED;
1118
1119 hci_proto_connect_cfm(sco, status);
1120 hci_conn_del(sco);
1121 }
1122 }
1123
1124 hci_dev_unlock(hdev);
1125 }
1126
1127 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1128 {
1129 struct hci_cp_auth_requested *cp;
1130 struct hci_conn *conn;
1131
1132 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1133
1134 if (!status)
1135 return;
1136
1137 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1138 if (!cp)
1139 return;
1140
1141 hci_dev_lock(hdev);
1142
1143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1144 if (conn) {
1145 if (conn->state == BT_CONFIG) {
1146 hci_proto_connect_cfm(conn, status);
1147 hci_conn_drop(conn);
1148 }
1149 }
1150
1151 hci_dev_unlock(hdev);
1152 }
1153
1154 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1155 {
1156 struct hci_cp_set_conn_encrypt *cp;
1157 struct hci_conn *conn;
1158
1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1160
1161 if (!status)
1162 return;
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1171 if (conn) {
1172 if (conn->state == BT_CONFIG) {
1173 hci_proto_connect_cfm(conn, status);
1174 hci_conn_drop(conn);
1175 }
1176 }
1177
1178 hci_dev_unlock(hdev);
1179 }
1180
1181 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1182 struct hci_conn *conn)
1183 {
1184 if (conn->state != BT_CONFIG || !conn->out)
1185 return 0;
1186
1187 if (conn->pending_sec_level == BT_SECURITY_SDP)
1188 return 0;
1189
1190 /* Only request authentication for SSP connections or non-SSP
1191 * devices with sec_level HIGH or if MITM protection is requested */
1192 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1193 conn->pending_sec_level != BT_SECURITY_HIGH)
1194 return 0;
1195
1196 return 1;
1197 }
1198
1199 static int hci_resolve_name(struct hci_dev *hdev,
1200 struct inquiry_entry *e)
1201 {
1202 struct hci_cp_remote_name_req cp;
1203
1204 memset(&cp, 0, sizeof(cp));
1205
1206 bacpy(&cp.bdaddr, &e->data.bdaddr);
1207 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1208 cp.pscan_mode = e->data.pscan_mode;
1209 cp.clock_offset = e->data.clock_offset;
1210
1211 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1212 }
1213
1214 static bool hci_resolve_next_name(struct hci_dev *hdev)
1215 {
1216 struct discovery_state *discov = &hdev->discovery;
1217 struct inquiry_entry *e;
1218
1219 if (list_empty(&discov->resolve))
1220 return false;
1221
1222 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1223 if (!e)
1224 return false;
1225
1226 if (hci_resolve_name(hdev, e) == 0) {
1227 e->name_state = NAME_PENDING;
1228 return true;
1229 }
1230
1231 return false;
1232 }
1233
1234 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1235 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1236 {
1237 struct discovery_state *discov = &hdev->discovery;
1238 struct inquiry_entry *e;
1239
1240 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1241 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1242 name_len, conn->dev_class);
1243
1244 if (discov->state == DISCOVERY_STOPPED)
1245 return;
1246
1247 if (discov->state == DISCOVERY_STOPPING)
1248 goto discov_complete;
1249
1250 if (discov->state != DISCOVERY_RESOLVING)
1251 return;
1252
1253 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1254 /* If the device was not found in a list of found devices names of which
1255 * are pending. there is no need to continue resolving a next name as it
1256 * will be done upon receiving another Remote Name Request Complete
1257 * Event */
1258 if (!e)
1259 return;
1260
1261 list_del(&e->list);
1262 if (name) {
1263 e->name_state = NAME_KNOWN;
1264 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1265 e->data.rssi, name, name_len);
1266 } else {
1267 e->name_state = NAME_NOT_KNOWN;
1268 }
1269
1270 if (hci_resolve_next_name(hdev))
1271 return;
1272
1273 discov_complete:
1274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1275 }
1276
1277 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1278 {
1279 struct hci_cp_remote_name_req *cp;
1280 struct hci_conn *conn;
1281
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1283
1284 /* If successful wait for the name req complete event before
1285 * checking for the need to do authentication */
1286 if (!status)
1287 return;
1288
1289 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1290 if (!cp)
1291 return;
1292
1293 hci_dev_lock(hdev);
1294
1295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1296
1297 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1298 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1299
1300 if (!conn)
1301 goto unlock;
1302
1303 if (!hci_outgoing_auth_needed(hdev, conn))
1304 goto unlock;
1305
1306 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1307 struct hci_cp_auth_requested auth_cp;
1308
1309 auth_cp.handle = __cpu_to_le16(conn->handle);
1310 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1311 sizeof(auth_cp), &auth_cp);
1312 }
1313
1314 unlock:
1315 hci_dev_unlock(hdev);
1316 }
1317
1318 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1319 {
1320 struct hci_cp_read_remote_features *cp;
1321 struct hci_conn *conn;
1322
1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1324
1325 if (!status)
1326 return;
1327
1328 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1329 if (!cp)
1330 return;
1331
1332 hci_dev_lock(hdev);
1333
1334 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1335 if (conn) {
1336 if (conn->state == BT_CONFIG) {
1337 hci_proto_connect_cfm(conn, status);
1338 hci_conn_drop(conn);
1339 }
1340 }
1341
1342 hci_dev_unlock(hdev);
1343 }
1344
1345 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1346 {
1347 struct hci_cp_read_remote_ext_features *cp;
1348 struct hci_conn *conn;
1349
1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1351
1352 if (!status)
1353 return;
1354
1355 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1356 if (!cp)
1357 return;
1358
1359 hci_dev_lock(hdev);
1360
1361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1362 if (conn) {
1363 if (conn->state == BT_CONFIG) {
1364 hci_proto_connect_cfm(conn, status);
1365 hci_conn_drop(conn);
1366 }
1367 }
1368
1369 hci_dev_unlock(hdev);
1370 }
1371
1372 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1373 {
1374 struct hci_cp_setup_sync_conn *cp;
1375 struct hci_conn *acl, *sco;
1376 __u16 handle;
1377
1378 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1379
1380 if (!status)
1381 return;
1382
1383 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1384 if (!cp)
1385 return;
1386
1387 handle = __le16_to_cpu(cp->handle);
1388
1389 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1390
1391 hci_dev_lock(hdev);
1392
1393 acl = hci_conn_hash_lookup_handle(hdev, handle);
1394 if (acl) {
1395 sco = acl->link;
1396 if (sco) {
1397 sco->state = BT_CLOSED;
1398
1399 hci_proto_connect_cfm(sco, status);
1400 hci_conn_del(sco);
1401 }
1402 }
1403
1404 hci_dev_unlock(hdev);
1405 }
1406
1407 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1408 {
1409 struct hci_cp_sniff_mode *cp;
1410 struct hci_conn *conn;
1411
1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1413
1414 if (!status)
1415 return;
1416
1417 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1418 if (!cp)
1419 return;
1420
1421 hci_dev_lock(hdev);
1422
1423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1424 if (conn) {
1425 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1426
1427 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1428 hci_sco_setup(conn, status);
1429 }
1430
1431 hci_dev_unlock(hdev);
1432 }
1433
1434 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1435 {
1436 struct hci_cp_exit_sniff_mode *cp;
1437 struct hci_conn *conn;
1438
1439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1440
1441 if (!status)
1442 return;
1443
1444 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1445 if (!cp)
1446 return;
1447
1448 hci_dev_lock(hdev);
1449
1450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1451 if (conn) {
1452 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1453
1454 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1455 hci_sco_setup(conn, status);
1456 }
1457
1458 hci_dev_unlock(hdev);
1459 }
1460
1461 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1462 {
1463 struct hci_cp_disconnect *cp;
1464 struct hci_conn *conn;
1465
1466 if (!status)
1467 return;
1468
1469 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1470 if (!cp)
1471 return;
1472
1473 hci_dev_lock(hdev);
1474
1475 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1476 if (conn)
1477 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1478 conn->dst_type, status);
1479
1480 hci_dev_unlock(hdev);
1481 }
1482
1483 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1484 {
1485 struct hci_cp_create_phy_link *cp;
1486
1487 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1488
1489 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1490 if (!cp)
1491 return;
1492
1493 hci_dev_lock(hdev);
1494
1495 if (status) {
1496 struct hci_conn *hcon;
1497
1498 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1499 if (hcon)
1500 hci_conn_del(hcon);
1501 } else {
1502 amp_write_remote_assoc(hdev, cp->phy_handle);
1503 }
1504
1505 hci_dev_unlock(hdev);
1506 }
1507
1508 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1509 {
1510 struct hci_cp_accept_phy_link *cp;
1511
1512 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1513
1514 if (status)
1515 return;
1516
1517 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1518 if (!cp)
1519 return;
1520
1521 amp_write_remote_assoc(hdev, cp->phy_handle);
1522 }
1523
1524 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1525 {
1526 __u8 status = *((__u8 *) skb->data);
1527 struct discovery_state *discov = &hdev->discovery;
1528 struct inquiry_entry *e;
1529
1530 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1531
1532 hci_conn_check_pending(hdev);
1533
1534 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1535 return;
1536
1537 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1538 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1539
1540 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1541 return;
1542
1543 hci_dev_lock(hdev);
1544
1545 if (discov->state != DISCOVERY_FINDING)
1546 goto unlock;
1547
1548 if (list_empty(&discov->resolve)) {
1549 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1550 goto unlock;
1551 }
1552
1553 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1554 if (e && hci_resolve_name(hdev, e) == 0) {
1555 e->name_state = NAME_PENDING;
1556 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1557 } else {
1558 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1559 }
1560
1561 unlock:
1562 hci_dev_unlock(hdev);
1563 }
1564
1565 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1566 {
1567 struct inquiry_data data;
1568 struct inquiry_info *info = (void *) (skb->data + 1);
1569 int num_rsp = *((__u8 *) skb->data);
1570
1571 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1572
1573 if (!num_rsp)
1574 return;
1575
1576 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1577 return;
1578
1579 hci_dev_lock(hdev);
1580
1581 for (; num_rsp; num_rsp--, info++) {
1582 bool name_known, ssp;
1583
1584 bacpy(&data.bdaddr, &info->bdaddr);
1585 data.pscan_rep_mode = info->pscan_rep_mode;
1586 data.pscan_period_mode = info->pscan_period_mode;
1587 data.pscan_mode = info->pscan_mode;
1588 memcpy(data.dev_class, info->dev_class, 3);
1589 data.clock_offset = info->clock_offset;
1590 data.rssi = 0x00;
1591 data.ssp_mode = 0x00;
1592
1593 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1594 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1595 info->dev_class, 0, !name_known, ssp, NULL,
1596 0);
1597 }
1598
1599 hci_dev_unlock(hdev);
1600 }
1601
1602 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1603 {
1604 struct hci_ev_conn_complete *ev = (void *) skb->data;
1605 struct hci_conn *conn;
1606
1607 BT_DBG("%s", hdev->name);
1608
1609 hci_dev_lock(hdev);
1610
1611 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1612 if (!conn) {
1613 if (ev->link_type != SCO_LINK)
1614 goto unlock;
1615
1616 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1617 if (!conn)
1618 goto unlock;
1619
1620 conn->type = SCO_LINK;
1621 }
1622
1623 if (!ev->status) {
1624 conn->handle = __le16_to_cpu(ev->handle);
1625
1626 if (conn->type == ACL_LINK) {
1627 conn->state = BT_CONFIG;
1628 hci_conn_hold(conn);
1629
1630 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1631 !hci_find_link_key(hdev, &ev->bdaddr))
1632 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1633 else
1634 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1635 } else
1636 conn->state = BT_CONNECTED;
1637
1638 hci_conn_add_sysfs(conn);
1639
1640 if (test_bit(HCI_AUTH, &hdev->flags))
1641 conn->link_mode |= HCI_LM_AUTH;
1642
1643 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1644 conn->link_mode |= HCI_LM_ENCRYPT;
1645
1646 /* Get remote features */
1647 if (conn->type == ACL_LINK) {
1648 struct hci_cp_read_remote_features cp;
1649 cp.handle = ev->handle;
1650 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1651 sizeof(cp), &cp);
1652 }
1653
1654 /* Set packet type for incoming connection */
1655 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1656 struct hci_cp_change_conn_ptype cp;
1657 cp.handle = ev->handle;
1658 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1659 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1660 &cp);
1661 }
1662 } else {
1663 conn->state = BT_CLOSED;
1664 if (conn->type == ACL_LINK)
1665 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1666 conn->dst_type, ev->status);
1667 }
1668
1669 if (conn->type == ACL_LINK)
1670 hci_sco_setup(conn, ev->status);
1671
1672 if (ev->status) {
1673 hci_proto_connect_cfm(conn, ev->status);
1674 hci_conn_del(conn);
1675 } else if (ev->link_type != ACL_LINK)
1676 hci_proto_connect_cfm(conn, ev->status);
1677
1678 unlock:
1679 hci_dev_unlock(hdev);
1680
1681 hci_conn_check_pending(hdev);
1682 }
1683
1684 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1685 {
1686 struct hci_ev_conn_request *ev = (void *) skb->data;
1687 int mask = hdev->link_mode;
1688 __u8 flags = 0;
1689
1690 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1691 ev->link_type);
1692
1693 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1694 &flags);
1695
1696 if ((mask & HCI_LM_ACCEPT) &&
1697 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1698 /* Connection accepted */
1699 struct inquiry_entry *ie;
1700 struct hci_conn *conn;
1701
1702 hci_dev_lock(hdev);
1703
1704 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1705 if (ie)
1706 memcpy(ie->data.dev_class, ev->dev_class, 3);
1707
1708 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1709 &ev->bdaddr);
1710 if (!conn) {
1711 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1712 if (!conn) {
1713 BT_ERR("No memory for new connection");
1714 hci_dev_unlock(hdev);
1715 return;
1716 }
1717 }
1718
1719 memcpy(conn->dev_class, ev->dev_class, 3);
1720
1721 hci_dev_unlock(hdev);
1722
1723 if (ev->link_type == ACL_LINK ||
1724 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1725 struct hci_cp_accept_conn_req cp;
1726 conn->state = BT_CONNECT;
1727
1728 bacpy(&cp.bdaddr, &ev->bdaddr);
1729
1730 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1731 cp.role = 0x00; /* Become master */
1732 else
1733 cp.role = 0x01; /* Remain slave */
1734
1735 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1736 &cp);
1737 } else if (!(flags & HCI_PROTO_DEFER)) {
1738 struct hci_cp_accept_sync_conn_req cp;
1739 conn->state = BT_CONNECT;
1740
1741 bacpy(&cp.bdaddr, &ev->bdaddr);
1742 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1743
1744 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1745 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1746 cp.max_latency = __constant_cpu_to_le16(0xffff);
1747 cp.content_format = cpu_to_le16(hdev->voice_setting);
1748 cp.retrans_effort = 0xff;
1749
1750 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1751 sizeof(cp), &cp);
1752 } else {
1753 conn->state = BT_CONNECT2;
1754 hci_proto_connect_cfm(conn, 0);
1755 }
1756 } else {
1757 /* Connection rejected */
1758 struct hci_cp_reject_conn_req cp;
1759
1760 bacpy(&cp.bdaddr, &ev->bdaddr);
1761 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1762 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1763 }
1764 }
1765
1766 static u8 hci_to_mgmt_reason(u8 err)
1767 {
1768 switch (err) {
1769 case HCI_ERROR_CONNECTION_TIMEOUT:
1770 return MGMT_DEV_DISCONN_TIMEOUT;
1771 case HCI_ERROR_REMOTE_USER_TERM:
1772 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1773 case HCI_ERROR_REMOTE_POWER_OFF:
1774 return MGMT_DEV_DISCONN_REMOTE;
1775 case HCI_ERROR_LOCAL_HOST_TERM:
1776 return MGMT_DEV_DISCONN_LOCAL_HOST;
1777 default:
1778 return MGMT_DEV_DISCONN_UNKNOWN;
1779 }
1780 }
1781
1782 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1783 {
1784 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1785 struct hci_conn *conn;
1786
1787 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1788
1789 hci_dev_lock(hdev);
1790
1791 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1792 if (!conn)
1793 goto unlock;
1794
1795 if (ev->status == 0)
1796 conn->state = BT_CLOSED;
1797
1798 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1799 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1800 if (ev->status) {
1801 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1802 conn->dst_type, ev->status);
1803 } else {
1804 u8 reason = hci_to_mgmt_reason(ev->reason);
1805
1806 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1807 conn->dst_type, reason);
1808 }
1809 }
1810
1811 if (ev->status == 0) {
1812 u8 type = conn->type;
1813
1814 if (type == ACL_LINK && conn->flush_key)
1815 hci_remove_link_key(hdev, &conn->dst);
1816 hci_proto_disconn_cfm(conn, ev->reason);
1817 hci_conn_del(conn);
1818
1819 /* Re-enable advertising if necessary, since it might
1820 * have been disabled by the connection. From the
1821 * HCI_LE_Set_Advertise_Enable command description in
1822 * the core specification (v4.0):
1823 * "The Controller shall continue advertising until the Host
1824 * issues an LE_Set_Advertise_Enable command with
1825 * Advertising_Enable set to 0x00 (Advertising is disabled)
1826 * or until a connection is created or until the Advertising
1827 * is timed out due to Directed Advertising."
1828 */
1829 if (type == LE_LINK)
1830 mgmt_reenable_advertising(hdev);
1831 }
1832
1833 unlock:
1834 hci_dev_unlock(hdev);
1835 }
1836
1837 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1838 {
1839 struct hci_ev_auth_complete *ev = (void *) skb->data;
1840 struct hci_conn *conn;
1841
1842 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1843
1844 hci_dev_lock(hdev);
1845
1846 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1847 if (!conn)
1848 goto unlock;
1849
1850 if (!ev->status) {
1851 if (!hci_conn_ssp_enabled(conn) &&
1852 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1853 BT_INFO("re-auth of legacy device is not possible.");
1854 } else {
1855 conn->link_mode |= HCI_LM_AUTH;
1856 conn->sec_level = conn->pending_sec_level;
1857 }
1858 } else {
1859 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1860 ev->status);
1861 }
1862
1863 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1864 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1865
1866 if (conn->state == BT_CONFIG) {
1867 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1868 struct hci_cp_set_conn_encrypt cp;
1869 cp.handle = ev->handle;
1870 cp.encrypt = 0x01;
1871 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1872 &cp);
1873 } else {
1874 conn->state = BT_CONNECTED;
1875 hci_proto_connect_cfm(conn, ev->status);
1876 hci_conn_drop(conn);
1877 }
1878 } else {
1879 hci_auth_cfm(conn, ev->status);
1880
1881 hci_conn_hold(conn);
1882 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1883 hci_conn_drop(conn);
1884 }
1885
1886 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1887 if (!ev->status) {
1888 struct hci_cp_set_conn_encrypt cp;
1889 cp.handle = ev->handle;
1890 cp.encrypt = 0x01;
1891 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1892 &cp);
1893 } else {
1894 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1895 hci_encrypt_cfm(conn, ev->status, 0x00);
1896 }
1897 }
1898
1899 unlock:
1900 hci_dev_unlock(hdev);
1901 }
1902
1903 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1904 {
1905 struct hci_ev_remote_name *ev = (void *) skb->data;
1906 struct hci_conn *conn;
1907
1908 BT_DBG("%s", hdev->name);
1909
1910 hci_conn_check_pending(hdev);
1911
1912 hci_dev_lock(hdev);
1913
1914 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1915
1916 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1917 goto check_auth;
1918
1919 if (ev->status == 0)
1920 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1921 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1922 else
1923 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1924
1925 check_auth:
1926 if (!conn)
1927 goto unlock;
1928
1929 if (!hci_outgoing_auth_needed(hdev, conn))
1930 goto unlock;
1931
1932 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1933 struct hci_cp_auth_requested cp;
1934 cp.handle = __cpu_to_le16(conn->handle);
1935 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1936 }
1937
1938 unlock:
1939 hci_dev_unlock(hdev);
1940 }
1941
1942 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1943 {
1944 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1945 struct hci_conn *conn;
1946
1947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1948
1949 hci_dev_lock(hdev);
1950
1951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1952 if (conn) {
1953 if (!ev->status) {
1954 if (ev->encrypt) {
1955 /* Encryption implies authentication */
1956 conn->link_mode |= HCI_LM_AUTH;
1957 conn->link_mode |= HCI_LM_ENCRYPT;
1958 conn->sec_level = conn->pending_sec_level;
1959 } else
1960 conn->link_mode &= ~HCI_LM_ENCRYPT;
1961 }
1962
1963 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1964
1965 if (ev->status && conn->state == BT_CONNECTED) {
1966 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1967 hci_conn_drop(conn);
1968 goto unlock;
1969 }
1970
1971 if (conn->state == BT_CONFIG) {
1972 if (!ev->status)
1973 conn->state = BT_CONNECTED;
1974
1975 hci_proto_connect_cfm(conn, ev->status);
1976 hci_conn_drop(conn);
1977 } else
1978 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1979 }
1980
1981 unlock:
1982 hci_dev_unlock(hdev);
1983 }
1984
1985 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1986 struct sk_buff *skb)
1987 {
1988 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1989 struct hci_conn *conn;
1990
1991 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1992
1993 hci_dev_lock(hdev);
1994
1995 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1996 if (conn) {
1997 if (!ev->status)
1998 conn->link_mode |= HCI_LM_SECURE;
1999
2000 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2001
2002 hci_key_change_cfm(conn, ev->status);
2003 }
2004
2005 hci_dev_unlock(hdev);
2006 }
2007
2008 static void hci_remote_features_evt(struct hci_dev *hdev,
2009 struct sk_buff *skb)
2010 {
2011 struct hci_ev_remote_features *ev = (void *) skb->data;
2012 struct hci_conn *conn;
2013
2014 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2015
2016 hci_dev_lock(hdev);
2017
2018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2019 if (!conn)
2020 goto unlock;
2021
2022 if (!ev->status)
2023 memcpy(conn->features[0], ev->features, 8);
2024
2025 if (conn->state != BT_CONFIG)
2026 goto unlock;
2027
2028 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2029 struct hci_cp_read_remote_ext_features cp;
2030 cp.handle = ev->handle;
2031 cp.page = 0x01;
2032 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2033 sizeof(cp), &cp);
2034 goto unlock;
2035 }
2036
2037 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2038 struct hci_cp_remote_name_req cp;
2039 memset(&cp, 0, sizeof(cp));
2040 bacpy(&cp.bdaddr, &conn->dst);
2041 cp.pscan_rep_mode = 0x02;
2042 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2043 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2044 mgmt_device_connected(hdev, &conn->dst, conn->type,
2045 conn->dst_type, 0, NULL, 0,
2046 conn->dev_class);
2047
2048 if (!hci_outgoing_auth_needed(hdev, conn)) {
2049 conn->state = BT_CONNECTED;
2050 hci_proto_connect_cfm(conn, ev->status);
2051 hci_conn_drop(conn);
2052 }
2053
2054 unlock:
2055 hci_dev_unlock(hdev);
2056 }
2057
2058 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2059 {
2060 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2061 u8 status = skb->data[sizeof(*ev)];
2062 __u16 opcode;
2063
2064 skb_pull(skb, sizeof(*ev));
2065
2066 opcode = __le16_to_cpu(ev->opcode);
2067
2068 switch (opcode) {
2069 case HCI_OP_INQUIRY_CANCEL:
2070 hci_cc_inquiry_cancel(hdev, skb);
2071 break;
2072
2073 case HCI_OP_PERIODIC_INQ:
2074 hci_cc_periodic_inq(hdev, skb);
2075 break;
2076
2077 case HCI_OP_EXIT_PERIODIC_INQ:
2078 hci_cc_exit_periodic_inq(hdev, skb);
2079 break;
2080
2081 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2082 hci_cc_remote_name_req_cancel(hdev, skb);
2083 break;
2084
2085 case HCI_OP_ROLE_DISCOVERY:
2086 hci_cc_role_discovery(hdev, skb);
2087 break;
2088
2089 case HCI_OP_READ_LINK_POLICY:
2090 hci_cc_read_link_policy(hdev, skb);
2091 break;
2092
2093 case HCI_OP_WRITE_LINK_POLICY:
2094 hci_cc_write_link_policy(hdev, skb);
2095 break;
2096
2097 case HCI_OP_READ_DEF_LINK_POLICY:
2098 hci_cc_read_def_link_policy(hdev, skb);
2099 break;
2100
2101 case HCI_OP_WRITE_DEF_LINK_POLICY:
2102 hci_cc_write_def_link_policy(hdev, skb);
2103 break;
2104
2105 case HCI_OP_RESET:
2106 hci_cc_reset(hdev, skb);
2107 break;
2108
2109 case HCI_OP_WRITE_LOCAL_NAME:
2110 hci_cc_write_local_name(hdev, skb);
2111 break;
2112
2113 case HCI_OP_READ_LOCAL_NAME:
2114 hci_cc_read_local_name(hdev, skb);
2115 break;
2116
2117 case HCI_OP_WRITE_AUTH_ENABLE:
2118 hci_cc_write_auth_enable(hdev, skb);
2119 break;
2120
2121 case HCI_OP_WRITE_ENCRYPT_MODE:
2122 hci_cc_write_encrypt_mode(hdev, skb);
2123 break;
2124
2125 case HCI_OP_WRITE_SCAN_ENABLE:
2126 hci_cc_write_scan_enable(hdev, skb);
2127 break;
2128
2129 case HCI_OP_READ_CLASS_OF_DEV:
2130 hci_cc_read_class_of_dev(hdev, skb);
2131 break;
2132
2133 case HCI_OP_WRITE_CLASS_OF_DEV:
2134 hci_cc_write_class_of_dev(hdev, skb);
2135 break;
2136
2137 case HCI_OP_READ_VOICE_SETTING:
2138 hci_cc_read_voice_setting(hdev, skb);
2139 break;
2140
2141 case HCI_OP_WRITE_VOICE_SETTING:
2142 hci_cc_write_voice_setting(hdev, skb);
2143 break;
2144
2145 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2146 hci_cc_read_num_supported_iac(hdev, skb);
2147 break;
2148
2149 case HCI_OP_WRITE_SSP_MODE:
2150 hci_cc_write_ssp_mode(hdev, skb);
2151 break;
2152
2153 case HCI_OP_READ_LOCAL_VERSION:
2154 hci_cc_read_local_version(hdev, skb);
2155 break;
2156
2157 case HCI_OP_READ_LOCAL_COMMANDS:
2158 hci_cc_read_local_commands(hdev, skb);
2159 break;
2160
2161 case HCI_OP_READ_LOCAL_FEATURES:
2162 hci_cc_read_local_features(hdev, skb);
2163 break;
2164
2165 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2166 hci_cc_read_local_ext_features(hdev, skb);
2167 break;
2168
2169 case HCI_OP_READ_BUFFER_SIZE:
2170 hci_cc_read_buffer_size(hdev, skb);
2171 break;
2172
2173 case HCI_OP_READ_BD_ADDR:
2174 hci_cc_read_bd_addr(hdev, skb);
2175 break;
2176
2177 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2178 hci_cc_read_page_scan_activity(hdev, skb);
2179 break;
2180
2181 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2182 hci_cc_write_page_scan_activity(hdev, skb);
2183 break;
2184
2185 case HCI_OP_READ_PAGE_SCAN_TYPE:
2186 hci_cc_read_page_scan_type(hdev, skb);
2187 break;
2188
2189 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2190 hci_cc_write_page_scan_type(hdev, skb);
2191 break;
2192
2193 case HCI_OP_READ_DATA_BLOCK_SIZE:
2194 hci_cc_read_data_block_size(hdev, skb);
2195 break;
2196
2197 case HCI_OP_READ_FLOW_CONTROL_MODE:
2198 hci_cc_read_flow_control_mode(hdev, skb);
2199 break;
2200
2201 case HCI_OP_READ_LOCAL_AMP_INFO:
2202 hci_cc_read_local_amp_info(hdev, skb);
2203 break;
2204
2205 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2206 hci_cc_read_local_amp_assoc(hdev, skb);
2207 break;
2208
2209 case HCI_OP_READ_INQ_RSP_TX_POWER:
2210 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2211 break;
2212
2213 case HCI_OP_PIN_CODE_REPLY:
2214 hci_cc_pin_code_reply(hdev, skb);
2215 break;
2216
2217 case HCI_OP_PIN_CODE_NEG_REPLY:
2218 hci_cc_pin_code_neg_reply(hdev, skb);
2219 break;
2220
2221 case HCI_OP_READ_LOCAL_OOB_DATA:
2222 hci_cc_read_local_oob_data_reply(hdev, skb);
2223 break;
2224
2225 case HCI_OP_LE_READ_BUFFER_SIZE:
2226 hci_cc_le_read_buffer_size(hdev, skb);
2227 break;
2228
2229 case HCI_OP_LE_READ_LOCAL_FEATURES:
2230 hci_cc_le_read_local_features(hdev, skb);
2231 break;
2232
2233 case HCI_OP_LE_READ_ADV_TX_POWER:
2234 hci_cc_le_read_adv_tx_power(hdev, skb);
2235 break;
2236
2237 case HCI_OP_USER_CONFIRM_REPLY:
2238 hci_cc_user_confirm_reply(hdev, skb);
2239 break;
2240
2241 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2242 hci_cc_user_confirm_neg_reply(hdev, skb);
2243 break;
2244
2245 case HCI_OP_USER_PASSKEY_REPLY:
2246 hci_cc_user_passkey_reply(hdev, skb);
2247 break;
2248
2249 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2250 hci_cc_user_passkey_neg_reply(hdev, skb);
2251 break;
2252
2253 case HCI_OP_LE_SET_ADV_ENABLE:
2254 hci_cc_le_set_adv_enable(hdev, skb);
2255 break;
2256
2257 case HCI_OP_LE_SET_SCAN_ENABLE:
2258 hci_cc_le_set_scan_enable(hdev, skb);
2259 break;
2260
2261 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2262 hci_cc_le_read_white_list_size(hdev, skb);
2263 break;
2264
2265 case HCI_OP_LE_READ_SUPPORTED_STATES:
2266 hci_cc_le_read_supported_states(hdev, skb);
2267 break;
2268
2269 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2270 hci_cc_write_le_host_supported(hdev, skb);
2271 break;
2272
2273 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2274 hci_cc_write_remote_amp_assoc(hdev, skb);
2275 break;
2276
2277 default:
2278 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2279 break;
2280 }
2281
2282 if (opcode != HCI_OP_NOP)
2283 del_timer(&hdev->cmd_timer);
2284
2285 hci_req_cmd_complete(hdev, opcode, status);
2286
2287 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2288 atomic_set(&hdev->cmd_cnt, 1);
2289 if (!skb_queue_empty(&hdev->cmd_q))
2290 queue_work(hdev->workqueue, &hdev->cmd_work);
2291 }
2292 }
2293
2294 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2295 {
2296 struct hci_ev_cmd_status *ev = (void *) skb->data;
2297 __u16 opcode;
2298
2299 skb_pull(skb, sizeof(*ev));
2300
2301 opcode = __le16_to_cpu(ev->opcode);
2302
2303 switch (opcode) {
2304 case HCI_OP_INQUIRY:
2305 hci_cs_inquiry(hdev, ev->status);
2306 break;
2307
2308 case HCI_OP_CREATE_CONN:
2309 hci_cs_create_conn(hdev, ev->status);
2310 break;
2311
2312 case HCI_OP_ADD_SCO:
2313 hci_cs_add_sco(hdev, ev->status);
2314 break;
2315
2316 case HCI_OP_AUTH_REQUESTED:
2317 hci_cs_auth_requested(hdev, ev->status);
2318 break;
2319
2320 case HCI_OP_SET_CONN_ENCRYPT:
2321 hci_cs_set_conn_encrypt(hdev, ev->status);
2322 break;
2323
2324 case HCI_OP_REMOTE_NAME_REQ:
2325 hci_cs_remote_name_req(hdev, ev->status);
2326 break;
2327
2328 case HCI_OP_READ_REMOTE_FEATURES:
2329 hci_cs_read_remote_features(hdev, ev->status);
2330 break;
2331
2332 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2333 hci_cs_read_remote_ext_features(hdev, ev->status);
2334 break;
2335
2336 case HCI_OP_SETUP_SYNC_CONN:
2337 hci_cs_setup_sync_conn(hdev, ev->status);
2338 break;
2339
2340 case HCI_OP_SNIFF_MODE:
2341 hci_cs_sniff_mode(hdev, ev->status);
2342 break;
2343
2344 case HCI_OP_EXIT_SNIFF_MODE:
2345 hci_cs_exit_sniff_mode(hdev, ev->status);
2346 break;
2347
2348 case HCI_OP_DISCONNECT:
2349 hci_cs_disconnect(hdev, ev->status);
2350 break;
2351
2352 case HCI_OP_CREATE_PHY_LINK:
2353 hci_cs_create_phylink(hdev, ev->status);
2354 break;
2355
2356 case HCI_OP_ACCEPT_PHY_LINK:
2357 hci_cs_accept_phylink(hdev, ev->status);
2358 break;
2359
2360 default:
2361 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2362 break;
2363 }
2364
2365 if (opcode != HCI_OP_NOP)
2366 del_timer(&hdev->cmd_timer);
2367
2368 if (ev->status ||
2369 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2370 hci_req_cmd_complete(hdev, opcode, ev->status);
2371
2372 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2373 atomic_set(&hdev->cmd_cnt, 1);
2374 if (!skb_queue_empty(&hdev->cmd_q))
2375 queue_work(hdev->workqueue, &hdev->cmd_work);
2376 }
2377 }
2378
2379 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2380 {
2381 struct hci_ev_role_change *ev = (void *) skb->data;
2382 struct hci_conn *conn;
2383
2384 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2385
2386 hci_dev_lock(hdev);
2387
2388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2389 if (conn) {
2390 if (!ev->status) {
2391 if (ev->role)
2392 conn->link_mode &= ~HCI_LM_MASTER;
2393 else
2394 conn->link_mode |= HCI_LM_MASTER;
2395 }
2396
2397 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2398
2399 hci_role_switch_cfm(conn, ev->status, ev->role);
2400 }
2401
2402 hci_dev_unlock(hdev);
2403 }
2404
2405 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2406 {
2407 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2408 int i;
2409
2410 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2411 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2412 return;
2413 }
2414
2415 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2416 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2417 BT_DBG("%s bad parameters", hdev->name);
2418 return;
2419 }
2420
2421 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2422
2423 for (i = 0; i < ev->num_hndl; i++) {
2424 struct hci_comp_pkts_info *info = &ev->handles[i];
2425 struct hci_conn *conn;
2426 __u16 handle, count;
2427
2428 handle = __le16_to_cpu(info->handle);
2429 count = __le16_to_cpu(info->count);
2430
2431 conn = hci_conn_hash_lookup_handle(hdev, handle);
2432 if (!conn)
2433 continue;
2434
2435 conn->sent -= count;
2436
2437 switch (conn->type) {
2438 case ACL_LINK:
2439 hdev->acl_cnt += count;
2440 if (hdev->acl_cnt > hdev->acl_pkts)
2441 hdev->acl_cnt = hdev->acl_pkts;
2442 break;
2443
2444 case LE_LINK:
2445 if (hdev->le_pkts) {
2446 hdev->le_cnt += count;
2447 if (hdev->le_cnt > hdev->le_pkts)
2448 hdev->le_cnt = hdev->le_pkts;
2449 } else {
2450 hdev->acl_cnt += count;
2451 if (hdev->acl_cnt > hdev->acl_pkts)
2452 hdev->acl_cnt = hdev->acl_pkts;
2453 }
2454 break;
2455
2456 case SCO_LINK:
2457 hdev->sco_cnt += count;
2458 if (hdev->sco_cnt > hdev->sco_pkts)
2459 hdev->sco_cnt = hdev->sco_pkts;
2460 break;
2461
2462 default:
2463 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2464 break;
2465 }
2466 }
2467
2468 queue_work(hdev->workqueue, &hdev->tx_work);
2469 }
2470
2471 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2472 __u16 handle)
2473 {
2474 struct hci_chan *chan;
2475
2476 switch (hdev->dev_type) {
2477 case HCI_BREDR:
2478 return hci_conn_hash_lookup_handle(hdev, handle);
2479 case HCI_AMP:
2480 chan = hci_chan_lookup_handle(hdev, handle);
2481 if (chan)
2482 return chan->conn;
2483 break;
2484 default:
2485 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2486 break;
2487 }
2488
2489 return NULL;
2490 }
2491
2492 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2493 {
2494 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2495 int i;
2496
2497 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2498 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2499 return;
2500 }
2501
2502 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2503 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2504 BT_DBG("%s bad parameters", hdev->name);
2505 return;
2506 }
2507
2508 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2509 ev->num_hndl);
2510
2511 for (i = 0; i < ev->num_hndl; i++) {
2512 struct hci_comp_blocks_info *info = &ev->handles[i];
2513 struct hci_conn *conn = NULL;
2514 __u16 handle, block_count;
2515
2516 handle = __le16_to_cpu(info->handle);
2517 block_count = __le16_to_cpu(info->blocks);
2518
2519 conn = __hci_conn_lookup_handle(hdev, handle);
2520 if (!conn)
2521 continue;
2522
2523 conn->sent -= block_count;
2524
2525 switch (conn->type) {
2526 case ACL_LINK:
2527 case AMP_LINK:
2528 hdev->block_cnt += block_count;
2529 if (hdev->block_cnt > hdev->num_blocks)
2530 hdev->block_cnt = hdev->num_blocks;
2531 break;
2532
2533 default:
2534 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2535 break;
2536 }
2537 }
2538
2539 queue_work(hdev->workqueue, &hdev->tx_work);
2540 }
2541
2542 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2543 {
2544 struct hci_ev_mode_change *ev = (void *) skb->data;
2545 struct hci_conn *conn;
2546
2547 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2548
2549 hci_dev_lock(hdev);
2550
2551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2552 if (conn) {
2553 conn->mode = ev->mode;
2554
2555 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2556 &conn->flags)) {
2557 if (conn->mode == HCI_CM_ACTIVE)
2558 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2559 else
2560 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2561 }
2562
2563 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2564 hci_sco_setup(conn, ev->status);
2565 }
2566
2567 hci_dev_unlock(hdev);
2568 }
2569
2570 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2571 {
2572 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2573 struct hci_conn *conn;
2574
2575 BT_DBG("%s", hdev->name);
2576
2577 hci_dev_lock(hdev);
2578
2579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2580 if (!conn)
2581 goto unlock;
2582
2583 if (conn->state == BT_CONNECTED) {
2584 hci_conn_hold(conn);
2585 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2586 hci_conn_drop(conn);
2587 }
2588
2589 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2590 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2591 sizeof(ev->bdaddr), &ev->bdaddr);
2592 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2593 u8 secure;
2594
2595 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2596 secure = 1;
2597 else
2598 secure = 0;
2599
2600 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2601 }
2602
2603 unlock:
2604 hci_dev_unlock(hdev);
2605 }
2606
2607 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2608 {
2609 struct hci_ev_link_key_req *ev = (void *) skb->data;
2610 struct hci_cp_link_key_reply cp;
2611 struct hci_conn *conn;
2612 struct link_key *key;
2613
2614 BT_DBG("%s", hdev->name);
2615
2616 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2617 return;
2618
2619 hci_dev_lock(hdev);
2620
2621 key = hci_find_link_key(hdev, &ev->bdaddr);
2622 if (!key) {
2623 BT_DBG("%s link key not found for %pMR", hdev->name,
2624 &ev->bdaddr);
2625 goto not_found;
2626 }
2627
2628 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2629 &ev->bdaddr);
2630
2631 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2632 key->type == HCI_LK_DEBUG_COMBINATION) {
2633 BT_DBG("%s ignoring debug key", hdev->name);
2634 goto not_found;
2635 }
2636
2637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2638 if (conn) {
2639 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2640 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2641 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2642 goto not_found;
2643 }
2644
2645 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2646 conn->pending_sec_level == BT_SECURITY_HIGH) {
2647 BT_DBG("%s ignoring key unauthenticated for high security",
2648 hdev->name);
2649 goto not_found;
2650 }
2651
2652 conn->key_type = key->type;
2653 conn->pin_length = key->pin_len;
2654 }
2655
2656 bacpy(&cp.bdaddr, &ev->bdaddr);
2657 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2658
2659 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2660
2661 hci_dev_unlock(hdev);
2662
2663 return;
2664
2665 not_found:
2666 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2667 hci_dev_unlock(hdev);
2668 }
2669
2670 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2671 {
2672 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2673 struct hci_conn *conn;
2674 u8 pin_len = 0;
2675
2676 BT_DBG("%s", hdev->name);
2677
2678 hci_dev_lock(hdev);
2679
2680 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2681 if (conn) {
2682 hci_conn_hold(conn);
2683 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2684 pin_len = conn->pin_length;
2685
2686 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2687 conn->key_type = ev->key_type;
2688
2689 hci_conn_drop(conn);
2690 }
2691
2692 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2693 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2694 ev->key_type, pin_len);
2695
2696 hci_dev_unlock(hdev);
2697 }
2698
2699 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2700 {
2701 struct hci_ev_clock_offset *ev = (void *) skb->data;
2702 struct hci_conn *conn;
2703
2704 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2705
2706 hci_dev_lock(hdev);
2707
2708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2709 if (conn && !ev->status) {
2710 struct inquiry_entry *ie;
2711
2712 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2713 if (ie) {
2714 ie->data.clock_offset = ev->clock_offset;
2715 ie->timestamp = jiffies;
2716 }
2717 }
2718
2719 hci_dev_unlock(hdev);
2720 }
2721
2722 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2723 {
2724 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2726
2727 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2728
2729 hci_dev_lock(hdev);
2730
2731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 if (conn && !ev->status)
2733 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2734
2735 hci_dev_unlock(hdev);
2736 }
2737
2738 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2739 {
2740 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2741 struct inquiry_entry *ie;
2742
2743 BT_DBG("%s", hdev->name);
2744
2745 hci_dev_lock(hdev);
2746
2747 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2748 if (ie) {
2749 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2750 ie->timestamp = jiffies;
2751 }
2752
2753 hci_dev_unlock(hdev);
2754 }
2755
2756 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2757 struct sk_buff *skb)
2758 {
2759 struct inquiry_data data;
2760 int num_rsp = *((__u8 *) skb->data);
2761 bool name_known, ssp;
2762
2763 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2764
2765 if (!num_rsp)
2766 return;
2767
2768 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2769 return;
2770
2771 hci_dev_lock(hdev);
2772
2773 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2774 struct inquiry_info_with_rssi_and_pscan_mode *info;
2775 info = (void *) (skb->data + 1);
2776
2777 for (; num_rsp; num_rsp--, info++) {
2778 bacpy(&data.bdaddr, &info->bdaddr);
2779 data.pscan_rep_mode = info->pscan_rep_mode;
2780 data.pscan_period_mode = info->pscan_period_mode;
2781 data.pscan_mode = info->pscan_mode;
2782 memcpy(data.dev_class, info->dev_class, 3);
2783 data.clock_offset = info->clock_offset;
2784 data.rssi = info->rssi;
2785 data.ssp_mode = 0x00;
2786
2787 name_known = hci_inquiry_cache_update(hdev, &data,
2788 false, &ssp);
2789 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2790 info->dev_class, info->rssi,
2791 !name_known, ssp, NULL, 0);
2792 }
2793 } else {
2794 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2795
2796 for (; num_rsp; num_rsp--, info++) {
2797 bacpy(&data.bdaddr, &info->bdaddr);
2798 data.pscan_rep_mode = info->pscan_rep_mode;
2799 data.pscan_period_mode = info->pscan_period_mode;
2800 data.pscan_mode = 0x00;
2801 memcpy(data.dev_class, info->dev_class, 3);
2802 data.clock_offset = info->clock_offset;
2803 data.rssi = info->rssi;
2804 data.ssp_mode = 0x00;
2805 name_known = hci_inquiry_cache_update(hdev, &data,
2806 false, &ssp);
2807 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2808 info->dev_class, info->rssi,
2809 !name_known, ssp, NULL, 0);
2810 }
2811 }
2812
2813 hci_dev_unlock(hdev);
2814 }
2815
2816 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2817 struct sk_buff *skb)
2818 {
2819 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2820 struct hci_conn *conn;
2821
2822 BT_DBG("%s", hdev->name);
2823
2824 hci_dev_lock(hdev);
2825
2826 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2827 if (!conn)
2828 goto unlock;
2829
2830 if (ev->page < HCI_MAX_PAGES)
2831 memcpy(conn->features[ev->page], ev->features, 8);
2832
2833 if (!ev->status && ev->page == 0x01) {
2834 struct inquiry_entry *ie;
2835
2836 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2837 if (ie)
2838 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2839
2840 if (ev->features[0] & LMP_HOST_SSP) {
2841 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2842 } else {
2843 /* It is mandatory by the Bluetooth specification that
2844 * Extended Inquiry Results are only used when Secure
2845 * Simple Pairing is enabled, but some devices violate
2846 * this.
2847 *
2848 * To make these devices work, the internal SSP
2849 * enabled flag needs to be cleared if the remote host
2850 * features do not indicate SSP support */
2851 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2852 }
2853 }
2854
2855 if (conn->state != BT_CONFIG)
2856 goto unlock;
2857
2858 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2859 struct hci_cp_remote_name_req cp;
2860 memset(&cp, 0, sizeof(cp));
2861 bacpy(&cp.bdaddr, &conn->dst);
2862 cp.pscan_rep_mode = 0x02;
2863 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2864 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2865 mgmt_device_connected(hdev, &conn->dst, conn->type,
2866 conn->dst_type, 0, NULL, 0,
2867 conn->dev_class);
2868
2869 if (!hci_outgoing_auth_needed(hdev, conn)) {
2870 conn->state = BT_CONNECTED;
2871 hci_proto_connect_cfm(conn, ev->status);
2872 hci_conn_drop(conn);
2873 }
2874
2875 unlock:
2876 hci_dev_unlock(hdev);
2877 }
2878
2879 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2880 struct sk_buff *skb)
2881 {
2882 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2883 struct hci_conn *conn;
2884
2885 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2886
2887 hci_dev_lock(hdev);
2888
2889 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2890 if (!conn) {
2891 if (ev->link_type == ESCO_LINK)
2892 goto unlock;
2893
2894 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2895 if (!conn)
2896 goto unlock;
2897
2898 conn->type = SCO_LINK;
2899 }
2900
2901 switch (ev->status) {
2902 case 0x00:
2903 conn->handle = __le16_to_cpu(ev->handle);
2904 conn->state = BT_CONNECTED;
2905
2906 hci_conn_add_sysfs(conn);
2907 break;
2908
2909 case 0x0d: /* Connection Rejected due to Limited Resources */
2910 case 0x11: /* Unsupported Feature or Parameter Value */
2911 case 0x1c: /* SCO interval rejected */
2912 case 0x1a: /* Unsupported Remote Feature */
2913 case 0x1f: /* Unspecified error */
2914 if (conn->out) {
2915 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2916 (hdev->esco_type & EDR_ESCO_MASK);
2917 if (hci_setup_sync(conn, conn->link->handle))
2918 goto unlock;
2919 }
2920 /* fall through */
2921
2922 default:
2923 conn->state = BT_CLOSED;
2924 break;
2925 }
2926
2927 hci_proto_connect_cfm(conn, ev->status);
2928 if (ev->status)
2929 hci_conn_del(conn);
2930
2931 unlock:
2932 hci_dev_unlock(hdev);
2933 }
2934
2935 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2936 {
2937 size_t parsed = 0;
2938
2939 while (parsed < eir_len) {
2940 u8 field_len = eir[0];
2941
2942 if (field_len == 0)
2943 return parsed;
2944
2945 parsed += field_len + 1;
2946 eir += field_len + 1;
2947 }
2948
2949 return eir_len;
2950 }
2951
2952 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2953 struct sk_buff *skb)
2954 {
2955 struct inquiry_data data;
2956 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2957 int num_rsp = *((__u8 *) skb->data);
2958 size_t eir_len;
2959
2960 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2961
2962 if (!num_rsp)
2963 return;
2964
2965 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2966 return;
2967
2968 hci_dev_lock(hdev);
2969
2970 for (; num_rsp; num_rsp--, info++) {
2971 bool name_known, ssp;
2972
2973 bacpy(&data.bdaddr, &info->bdaddr);
2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
2977 memcpy(data.dev_class, info->dev_class, 3);
2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
2980 data.ssp_mode = 0x01;
2981
2982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2983 name_known = eir_has_data_type(info->data,
2984 sizeof(info->data),
2985 EIR_NAME_COMPLETE);
2986 else
2987 name_known = true;
2988
2989 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2990 &ssp);
2991 eir_len = eir_get_length(info->data, sizeof(info->data));
2992 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2993 info->dev_class, info->rssi, !name_known,
2994 ssp, info->data, eir_len);
2995 }
2996
2997 hci_dev_unlock(hdev);
2998 }
2999
3000 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3001 struct sk_buff *skb)
3002 {
3003 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3004 struct hci_conn *conn;
3005
3006 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3007 __le16_to_cpu(ev->handle));
3008
3009 hci_dev_lock(hdev);
3010
3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3012 if (!conn)
3013 goto unlock;
3014
3015 if (!ev->status)
3016 conn->sec_level = conn->pending_sec_level;
3017
3018 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3019
3020 if (ev->status && conn->state == BT_CONNECTED) {
3021 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3022 hci_conn_drop(conn);
3023 goto unlock;
3024 }
3025
3026 if (conn->state == BT_CONFIG) {
3027 if (!ev->status)
3028 conn->state = BT_CONNECTED;
3029
3030 hci_proto_connect_cfm(conn, ev->status);
3031 hci_conn_drop(conn);
3032 } else {
3033 hci_auth_cfm(conn, ev->status);
3034
3035 hci_conn_hold(conn);
3036 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3037 hci_conn_drop(conn);
3038 }
3039
3040 unlock:
3041 hci_dev_unlock(hdev);
3042 }
3043
3044 static u8 hci_get_auth_req(struct hci_conn *conn)
3045 {
3046 /* If remote requests dedicated bonding follow that lead */
3047 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3048 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3049 /* If both remote and local IO capabilities allow MITM
3050 * protection then require it, otherwise don't */
3051 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3052 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3053 return HCI_AT_DEDICATED_BONDING;
3054 else
3055 return HCI_AT_DEDICATED_BONDING_MITM;
3056 }
3057
3058 /* If remote requests no-bonding follow that lead */
3059 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3060 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3061 return conn->remote_auth | (conn->auth_type & 0x01);
3062
3063 return conn->auth_type;
3064 }
3065
3066 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3067 {
3068 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3069 struct hci_conn *conn;
3070
3071 BT_DBG("%s", hdev->name);
3072
3073 hci_dev_lock(hdev);
3074
3075 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3076 if (!conn)
3077 goto unlock;
3078
3079 hci_conn_hold(conn);
3080
3081 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3082 goto unlock;
3083
3084 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3085 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3086 struct hci_cp_io_capability_reply cp;
3087
3088 bacpy(&cp.bdaddr, &ev->bdaddr);
3089 /* Change the IO capability from KeyboardDisplay
3090 * to DisplayYesNo as it is not supported by BT spec. */
3091 cp.capability = (conn->io_capability == 0x04) ?
3092 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3093 conn->auth_type = hci_get_auth_req(conn);
3094 cp.authentication = conn->auth_type;
3095
3096 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3097 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3098 cp.oob_data = 0x01;
3099 else
3100 cp.oob_data = 0x00;
3101
3102 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3103 sizeof(cp), &cp);
3104 } else {
3105 struct hci_cp_io_capability_neg_reply cp;
3106
3107 bacpy(&cp.bdaddr, &ev->bdaddr);
3108 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3109
3110 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3111 sizeof(cp), &cp);
3112 }
3113
3114 unlock:
3115 hci_dev_unlock(hdev);
3116 }
3117
3118 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3119 {
3120 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3121 struct hci_conn *conn;
3122
3123 BT_DBG("%s", hdev->name);
3124
3125 hci_dev_lock(hdev);
3126
3127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3128 if (!conn)
3129 goto unlock;
3130
3131 conn->remote_cap = ev->capability;
3132 conn->remote_auth = ev->authentication;
3133 if (ev->oob_data)
3134 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3135
3136 unlock:
3137 hci_dev_unlock(hdev);
3138 }
3139
3140 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3141 struct sk_buff *skb)
3142 {
3143 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3144 int loc_mitm, rem_mitm, confirm_hint = 0;
3145 struct hci_conn *conn;
3146
3147 BT_DBG("%s", hdev->name);
3148
3149 hci_dev_lock(hdev);
3150
3151 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3152 goto unlock;
3153
3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3155 if (!conn)
3156 goto unlock;
3157
3158 loc_mitm = (conn->auth_type & 0x01);
3159 rem_mitm = (conn->remote_auth & 0x01);
3160
3161 /* If we require MITM but the remote device can't provide that
3162 * (it has NoInputNoOutput) then reject the confirmation
3163 * request. The only exception is when we're dedicated bonding
3164 * initiators (connect_cfm_cb set) since then we always have the MITM
3165 * bit set. */
3166 if (!conn->connect_cfm_cb && loc_mitm &&
3167 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3168 BT_DBG("Rejecting request: remote device can't provide MITM");
3169 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3170 sizeof(ev->bdaddr), &ev->bdaddr);
3171 goto unlock;
3172 }
3173
3174 /* If no side requires MITM protection; auto-accept */
3175 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3176 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3177
3178 /* If we're not the initiators request authorization to
3179 * proceed from user space (mgmt_user_confirm with
3180 * confirm_hint set to 1). */
3181 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3182 BT_DBG("Confirming auto-accept as acceptor");
3183 confirm_hint = 1;
3184 goto confirm;
3185 }
3186
3187 BT_DBG("Auto-accept of user confirmation with %ums delay",
3188 hdev->auto_accept_delay);
3189
3190 if (hdev->auto_accept_delay > 0) {
3191 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3192 queue_delayed_work(conn->hdev->workqueue,
3193 &conn->auto_accept_work, delay);
3194 goto unlock;
3195 }
3196
3197 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3198 sizeof(ev->bdaddr), &ev->bdaddr);
3199 goto unlock;
3200 }
3201
3202 confirm:
3203 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3204 confirm_hint);
3205
3206 unlock:
3207 hci_dev_unlock(hdev);
3208 }
3209
3210 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3211 struct sk_buff *skb)
3212 {
3213 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3214
3215 BT_DBG("%s", hdev->name);
3216
3217 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3218 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3219 }
3220
3221 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3222 struct sk_buff *skb)
3223 {
3224 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3225 struct hci_conn *conn;
3226
3227 BT_DBG("%s", hdev->name);
3228
3229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3230 if (!conn)
3231 return;
3232
3233 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3234 conn->passkey_entered = 0;
3235
3236 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3237 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3238 conn->dst_type, conn->passkey_notify,
3239 conn->passkey_entered);
3240 }
3241
3242 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3243 {
3244 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3245 struct hci_conn *conn;
3246
3247 BT_DBG("%s", hdev->name);
3248
3249 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3250 if (!conn)
3251 return;
3252
3253 switch (ev->type) {
3254 case HCI_KEYPRESS_STARTED:
3255 conn->passkey_entered = 0;
3256 return;
3257
3258 case HCI_KEYPRESS_ENTERED:
3259 conn->passkey_entered++;
3260 break;
3261
3262 case HCI_KEYPRESS_ERASED:
3263 conn->passkey_entered--;
3264 break;
3265
3266 case HCI_KEYPRESS_CLEARED:
3267 conn->passkey_entered = 0;
3268 break;
3269
3270 case HCI_KEYPRESS_COMPLETED:
3271 return;
3272 }
3273
3274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3275 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3276 conn->dst_type, conn->passkey_notify,
3277 conn->passkey_entered);
3278 }
3279
3280 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3281 struct sk_buff *skb)
3282 {
3283 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3284 struct hci_conn *conn;
3285
3286 BT_DBG("%s", hdev->name);
3287
3288 hci_dev_lock(hdev);
3289
3290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3291 if (!conn)
3292 goto unlock;
3293
3294 /* To avoid duplicate auth_failed events to user space we check
3295 * the HCI_CONN_AUTH_PEND flag which will be set if we
3296 * initiated the authentication. A traditional auth_complete
3297 * event gets always produced as initiator and is also mapped to
3298 * the mgmt_auth_failed event */
3299 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3300 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3301 ev->status);
3302
3303 hci_conn_drop(conn);
3304
3305 unlock:
3306 hci_dev_unlock(hdev);
3307 }
3308
3309 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3310 struct sk_buff *skb)
3311 {
3312 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3313 struct inquiry_entry *ie;
3314 struct hci_conn *conn;
3315
3316 BT_DBG("%s", hdev->name);
3317
3318 hci_dev_lock(hdev);
3319
3320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3321 if (conn)
3322 memcpy(conn->features[1], ev->features, 8);
3323
3324 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3325 if (ie)
3326 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3327
3328 hci_dev_unlock(hdev);
3329 }
3330
3331 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3332 struct sk_buff *skb)
3333 {
3334 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3335 struct oob_data *data;
3336
3337 BT_DBG("%s", hdev->name);
3338
3339 hci_dev_lock(hdev);
3340
3341 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3342 goto unlock;
3343
3344 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3345 if (data) {
3346 struct hci_cp_remote_oob_data_reply cp;
3347
3348 bacpy(&cp.bdaddr, &ev->bdaddr);
3349 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3350 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3351
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3353 &cp);
3354 } else {
3355 struct hci_cp_remote_oob_data_neg_reply cp;
3356
3357 bacpy(&cp.bdaddr, &ev->bdaddr);
3358 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3359 &cp);
3360 }
3361
3362 unlock:
3363 hci_dev_unlock(hdev);
3364 }
3365
3366 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3367 struct sk_buff *skb)
3368 {
3369 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3370 struct hci_conn *hcon, *bredr_hcon;
3371
3372 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3373 ev->status);
3374
3375 hci_dev_lock(hdev);
3376
3377 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3378 if (!hcon) {
3379 hci_dev_unlock(hdev);
3380 return;
3381 }
3382
3383 if (ev->status) {
3384 hci_conn_del(hcon);
3385 hci_dev_unlock(hdev);
3386 return;
3387 }
3388
3389 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3390
3391 hcon->state = BT_CONNECTED;
3392 bacpy(&hcon->dst, &bredr_hcon->dst);
3393
3394 hci_conn_hold(hcon);
3395 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3396 hci_conn_drop(hcon);
3397
3398 hci_conn_add_sysfs(hcon);
3399
3400 amp_physical_cfm(bredr_hcon, hcon);
3401
3402 hci_dev_unlock(hdev);
3403 }
3404
3405 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3406 {
3407 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3408 struct hci_conn *hcon;
3409 struct hci_chan *hchan;
3410 struct amp_mgr *mgr;
3411
3412 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3413 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3414 ev->status);
3415
3416 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3417 if (!hcon)
3418 return;
3419
3420 /* Create AMP hchan */
3421 hchan = hci_chan_create(hcon);
3422 if (!hchan)
3423 return;
3424
3425 hchan->handle = le16_to_cpu(ev->handle);
3426
3427 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3428
3429 mgr = hcon->amp_mgr;
3430 if (mgr && mgr->bredr_chan) {
3431 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3432
3433 l2cap_chan_lock(bredr_chan);
3434
3435 bredr_chan->conn->mtu = hdev->block_mtu;
3436 l2cap_logical_cfm(bredr_chan, hchan, 0);
3437 hci_conn_hold(hcon);
3438
3439 l2cap_chan_unlock(bredr_chan);
3440 }
3441 }
3442
3443 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3444 struct sk_buff *skb)
3445 {
3446 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3447 struct hci_chan *hchan;
3448
3449 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3450 le16_to_cpu(ev->handle), ev->status);
3451
3452 if (ev->status)
3453 return;
3454
3455 hci_dev_lock(hdev);
3456
3457 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3458 if (!hchan)
3459 goto unlock;
3460
3461 amp_destroy_logical_link(hchan, ev->reason);
3462
3463 unlock:
3464 hci_dev_unlock(hdev);
3465 }
3466
3467 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3468 struct sk_buff *skb)
3469 {
3470 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3471 struct hci_conn *hcon;
3472
3473 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3474
3475 if (ev->status)
3476 return;
3477
3478 hci_dev_lock(hdev);
3479
3480 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3481 if (hcon) {
3482 hcon->state = BT_CLOSED;
3483 hci_conn_del(hcon);
3484 }
3485
3486 hci_dev_unlock(hdev);
3487 }
3488
3489 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3490 {
3491 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3492 struct hci_conn *conn;
3493
3494 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3495
3496 hci_dev_lock(hdev);
3497
3498 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3499 if (!conn) {
3500 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3501 if (!conn) {
3502 BT_ERR("No memory for new connection");
3503 goto unlock;
3504 }
3505
3506 conn->dst_type = ev->bdaddr_type;
3507
3508 /* The advertising parameters for own address type
3509 * define which source address and source address
3510 * type this connections has.
3511 */
3512 if (bacmp(&conn->src, BDADDR_ANY)) {
3513 conn->src_type = ADDR_LE_DEV_PUBLIC;
3514 } else {
3515 bacpy(&conn->src, &hdev->static_addr);
3516 conn->src_type = ADDR_LE_DEV_RANDOM;
3517 }
3518
3519 if (ev->role == LE_CONN_ROLE_MASTER) {
3520 conn->out = true;
3521 conn->link_mode |= HCI_LM_MASTER;
3522 }
3523 }
3524
3525 if (ev->status) {
3526 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3527 conn->dst_type, ev->status);
3528 hci_proto_connect_cfm(conn, ev->status);
3529 conn->state = BT_CLOSED;
3530 hci_conn_del(conn);
3531 goto unlock;
3532 }
3533
3534 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3535 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3536 conn->dst_type, 0, NULL, 0, NULL);
3537
3538 conn->sec_level = BT_SECURITY_LOW;
3539 conn->handle = __le16_to_cpu(ev->handle);
3540 conn->state = BT_CONNECTED;
3541
3542 hci_conn_add_sysfs(conn);
3543
3544 hci_proto_connect_cfm(conn, ev->status);
3545
3546 unlock:
3547 hci_dev_unlock(hdev);
3548 }
3549
3550 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3551 {
3552 u8 num_reports = skb->data[0];
3553 void *ptr = &skb->data[1];
3554 s8 rssi;
3555
3556 while (num_reports--) {
3557 struct hci_ev_le_advertising_info *ev = ptr;
3558
3559 rssi = ev->data[ev->length];
3560 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3561 NULL, rssi, 0, 1, ev->data, ev->length);
3562
3563 ptr += sizeof(*ev) + ev->length + 1;
3564 }
3565 }
3566
3567 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3568 {
3569 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3570 struct hci_cp_le_ltk_reply cp;
3571 struct hci_cp_le_ltk_neg_reply neg;
3572 struct hci_conn *conn;
3573 struct smp_ltk *ltk;
3574
3575 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3576
3577 hci_dev_lock(hdev);
3578
3579 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3580 if (conn == NULL)
3581 goto not_found;
3582
3583 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3584 if (ltk == NULL)
3585 goto not_found;
3586
3587 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3588 cp.handle = cpu_to_le16(conn->handle);
3589
3590 if (ltk->authenticated)
3591 conn->pending_sec_level = BT_SECURITY_HIGH;
3592 else
3593 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3594
3595 conn->enc_key_size = ltk->enc_size;
3596
3597 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3598
3599 if (ltk->type & HCI_SMP_STK) {
3600 list_del(&ltk->list);
3601 kfree(ltk);
3602 }
3603
3604 hci_dev_unlock(hdev);
3605
3606 return;
3607
3608 not_found:
3609 neg.handle = ev->handle;
3610 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3611 hci_dev_unlock(hdev);
3612 }
3613
3614 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3615 {
3616 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3617
3618 skb_pull(skb, sizeof(*le_ev));
3619
3620 switch (le_ev->subevent) {
3621 case HCI_EV_LE_CONN_COMPLETE:
3622 hci_le_conn_complete_evt(hdev, skb);
3623 break;
3624
3625 case HCI_EV_LE_ADVERTISING_REPORT:
3626 hci_le_adv_report_evt(hdev, skb);
3627 break;
3628
3629 case HCI_EV_LE_LTK_REQ:
3630 hci_le_ltk_request_evt(hdev, skb);
3631 break;
3632
3633 default:
3634 break;
3635 }
3636 }
3637
3638 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3639 {
3640 struct hci_ev_channel_selected *ev = (void *) skb->data;
3641 struct hci_conn *hcon;
3642
3643 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3644
3645 skb_pull(skb, sizeof(*ev));
3646
3647 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3648 if (!hcon)
3649 return;
3650
3651 amp_read_loc_assoc_final_data(hdev, hcon);
3652 }
3653
3654 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3655 {
3656 struct hci_event_hdr *hdr = (void *) skb->data;
3657 __u8 event = hdr->evt;
3658
3659 hci_dev_lock(hdev);
3660
3661 /* Received events are (currently) only needed when a request is
3662 * ongoing so avoid unnecessary memory allocation.
3663 */
3664 if (hdev->req_status == HCI_REQ_PEND) {
3665 kfree_skb(hdev->recv_evt);
3666 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3667 }
3668
3669 hci_dev_unlock(hdev);
3670
3671 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3672
3673 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3674 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3675 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3676
3677 hci_req_cmd_complete(hdev, opcode, 0);
3678 }
3679
3680 switch (event) {
3681 case HCI_EV_INQUIRY_COMPLETE:
3682 hci_inquiry_complete_evt(hdev, skb);
3683 break;
3684
3685 case HCI_EV_INQUIRY_RESULT:
3686 hci_inquiry_result_evt(hdev, skb);
3687 break;
3688
3689 case HCI_EV_CONN_COMPLETE:
3690 hci_conn_complete_evt(hdev, skb);
3691 break;
3692
3693 case HCI_EV_CONN_REQUEST:
3694 hci_conn_request_evt(hdev, skb);
3695 break;
3696
3697 case HCI_EV_DISCONN_COMPLETE:
3698 hci_disconn_complete_evt(hdev, skb);
3699 break;
3700
3701 case HCI_EV_AUTH_COMPLETE:
3702 hci_auth_complete_evt(hdev, skb);
3703 break;
3704
3705 case HCI_EV_REMOTE_NAME:
3706 hci_remote_name_evt(hdev, skb);
3707 break;
3708
3709 case HCI_EV_ENCRYPT_CHANGE:
3710 hci_encrypt_change_evt(hdev, skb);
3711 break;
3712
3713 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3714 hci_change_link_key_complete_evt(hdev, skb);
3715 break;
3716
3717 case HCI_EV_REMOTE_FEATURES:
3718 hci_remote_features_evt(hdev, skb);
3719 break;
3720
3721 case HCI_EV_CMD_COMPLETE:
3722 hci_cmd_complete_evt(hdev, skb);
3723 break;
3724
3725 case HCI_EV_CMD_STATUS:
3726 hci_cmd_status_evt(hdev, skb);
3727 break;
3728
3729 case HCI_EV_ROLE_CHANGE:
3730 hci_role_change_evt(hdev, skb);
3731 break;
3732
3733 case HCI_EV_NUM_COMP_PKTS:
3734 hci_num_comp_pkts_evt(hdev, skb);
3735 break;
3736
3737 case HCI_EV_MODE_CHANGE:
3738 hci_mode_change_evt(hdev, skb);
3739 break;
3740
3741 case HCI_EV_PIN_CODE_REQ:
3742 hci_pin_code_request_evt(hdev, skb);
3743 break;
3744
3745 case HCI_EV_LINK_KEY_REQ:
3746 hci_link_key_request_evt(hdev, skb);
3747 break;
3748
3749 case HCI_EV_LINK_KEY_NOTIFY:
3750 hci_link_key_notify_evt(hdev, skb);
3751 break;
3752
3753 case HCI_EV_CLOCK_OFFSET:
3754 hci_clock_offset_evt(hdev, skb);
3755 break;
3756
3757 case HCI_EV_PKT_TYPE_CHANGE:
3758 hci_pkt_type_change_evt(hdev, skb);
3759 break;
3760
3761 case HCI_EV_PSCAN_REP_MODE:
3762 hci_pscan_rep_mode_evt(hdev, skb);
3763 break;
3764
3765 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3766 hci_inquiry_result_with_rssi_evt(hdev, skb);
3767 break;
3768
3769 case HCI_EV_REMOTE_EXT_FEATURES:
3770 hci_remote_ext_features_evt(hdev, skb);
3771 break;
3772
3773 case HCI_EV_SYNC_CONN_COMPLETE:
3774 hci_sync_conn_complete_evt(hdev, skb);
3775 break;
3776
3777 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3778 hci_extended_inquiry_result_evt(hdev, skb);
3779 break;
3780
3781 case HCI_EV_KEY_REFRESH_COMPLETE:
3782 hci_key_refresh_complete_evt(hdev, skb);
3783 break;
3784
3785 case HCI_EV_IO_CAPA_REQUEST:
3786 hci_io_capa_request_evt(hdev, skb);
3787 break;
3788
3789 case HCI_EV_IO_CAPA_REPLY:
3790 hci_io_capa_reply_evt(hdev, skb);
3791 break;
3792
3793 case HCI_EV_USER_CONFIRM_REQUEST:
3794 hci_user_confirm_request_evt(hdev, skb);
3795 break;
3796
3797 case HCI_EV_USER_PASSKEY_REQUEST:
3798 hci_user_passkey_request_evt(hdev, skb);
3799 break;
3800
3801 case HCI_EV_USER_PASSKEY_NOTIFY:
3802 hci_user_passkey_notify_evt(hdev, skb);
3803 break;
3804
3805 case HCI_EV_KEYPRESS_NOTIFY:
3806 hci_keypress_notify_evt(hdev, skb);
3807 break;
3808
3809 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3810 hci_simple_pair_complete_evt(hdev, skb);
3811 break;
3812
3813 case HCI_EV_REMOTE_HOST_FEATURES:
3814 hci_remote_host_features_evt(hdev, skb);
3815 break;
3816
3817 case HCI_EV_LE_META:
3818 hci_le_meta_evt(hdev, skb);
3819 break;
3820
3821 case HCI_EV_CHANNEL_SELECTED:
3822 hci_chan_selected_evt(hdev, skb);
3823 break;
3824
3825 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3826 hci_remote_oob_data_request_evt(hdev, skb);
3827 break;
3828
3829 case HCI_EV_PHY_LINK_COMPLETE:
3830 hci_phy_link_complete_evt(hdev, skb);
3831 break;
3832
3833 case HCI_EV_LOGICAL_LINK_COMPLETE:
3834 hci_loglink_complete_evt(hdev, skb);
3835 break;
3836
3837 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3838 hci_disconn_loglink_complete_evt(hdev, skb);
3839 break;
3840
3841 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3842 hci_disconn_phylink_complete_evt(hdev, skb);
3843 break;
3844
3845 case HCI_EV_NUM_COMP_BLOCKS:
3846 hci_num_comp_blocks_evt(hdev, skb);
3847 break;
3848
3849 default:
3850 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3851 break;
3852 }
3853
3854 kfree_skb(skb);
3855 hdev->stat.evt_rx++;
3856 }
ubuntu-bionic-kernel mirror