projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'v3.10.55' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
34
35 /* Handle HCI Event packets */
36
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38 {
39 __u8 status = *((__u8 *) skb->data);
40
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
47 return;
48 }
49
50 clear_bit(HCI_INQUIRY, &hdev->flags);
51 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53
54 hci_dev_lock(hdev);
55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_dev_unlock(hdev);
57
58 hci_conn_check_pending(hdev);
59 }
60
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62 {
63 __u8 status = *((__u8 *) skb->data);
64
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 }
72
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 {
75 __u8 status = *((__u8 *) skb->data);
76
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79 if (status)
80 return;
81
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84 hci_conn_check_pending(hdev);
85 }
86
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
89 {
90 BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
111 }
112
113 hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
139 void *sent;
140
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
149
150 hci_dev_lock(hdev);
151
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 if (conn)
154 conn->link_policy = get_unaligned_le16(sent + 2);
155
156 hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
161 {
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170 }
171
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
174 {
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190 __u8 status = *((__u8 *) skb->data);
191
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194 clear_bit(HCI_RESET, &hdev->flags);
195
196 /* Reset all non-persistent flags */
197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198
199 hdev->discovery.state = DISCOVERY_STOPPED;
200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
205 }
206
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208 {
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
211
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
217
218 hci_dev_lock(hdev);
219
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225 hci_dev_unlock(hdev);
226 }
227
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229 {
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234 if (rp->status)
235 return;
236
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 }
240
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242 {
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
259 }
260
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263 }
264
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
266 {
267 __u8 status = *((__u8 *) skb->data);
268 void *sent;
269
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
271
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
275
276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
284 }
285
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
290 void *sent;
291
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
293
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
297
298 param = *((__u8 *) sent);
299
300 hci_dev_lock(hdev);
301
302 if (status) {
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
314 mgmt_discoverable(hdev, 1);
315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
329
330 done:
331 hci_dev_unlock(hdev);
332 }
333
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335 {
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339
340 if (rp->status)
341 return;
342
343 memcpy(hdev->dev_class, rp->dev_class, 3);
344
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 }
348
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 {
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
353
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
355
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
359
360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
369 }
370
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372 {
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
383 if (hdev->voice_setting == setting)
384 return;
385
386 hdev->voice_setting = setting;
387
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389
390 if (hdev->notify)
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 }
393
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
396 {
397 __u8 status = *((__u8 *) skb->data);
398 __u16 setting;
399 void *sent;
400
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403 if (status)
404 return;
405
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
409
410 setting = get_unaligned_le16(sent);
411
412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
416
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418
419 if (hdev->notify)
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 }
422
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 {
425 __u8 status = *((__u8 *) skb->data);
426 struct hci_cp_write_ssp_mode *sent;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
429
430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431 if (!sent)
432 return;
433
434 if (!status) {
435 if (sent->mode)
436 hdev->features[1][0] |= LMP_HOST_SSP;
437 else
438 hdev->features[1][0] &= ~LMP_HOST_SSP;
439 }
440
441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
442 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443 else if (!status) {
444 if (sent->mode)
445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446 else
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 }
449 }
450
451 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452 {
453 struct hci_rp_read_local_version *rp = (void *) skb->data;
454
455 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
456
457 if (rp->status)
458 return;
459
460 hdev->hci_ver = rp->hci_ver;
461 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462 hdev->lmp_ver = rp->lmp_ver;
463 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
465
466 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468 }
469
470 static void hci_cc_read_local_commands(struct hci_dev *hdev,
471 struct sk_buff *skb)
472 {
473 struct hci_rp_read_local_commands *rp = (void *) skb->data;
474
475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477 if (!rp->status)
478 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479 }
480
481 static void hci_cc_read_local_features(struct hci_dev *hdev,
482 struct sk_buff *skb)
483 {
484 struct hci_rp_read_local_features *rp = (void *) skb->data;
485
486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
487
488 if (rp->status)
489 return;
490
491 memcpy(hdev->features, rp->features, 8);
492
493 /* Adjust default settings according to features
494 * supported by device. */
495
496 if (hdev->features[0][0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498
499 if (hdev->features[0][0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501
502 if (hdev->features[0][1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2);
505 }
506
507 if (hdev->features[0][1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3);
510 }
511
512 if (lmp_esco_capable(hdev))
513 hdev->esco_type |= (ESCO_EV3);
514
515 if (hdev->features[0][4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4);
517
518 if (hdev->features[0][4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5);
520
521 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3);
523
524 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3);
526
527 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531 hdev->features[0][0], hdev->features[0][1],
532 hdev->features[0][2], hdev->features[0][3],
533 hdev->features[0][4], hdev->features[0][5],
534 hdev->features[0][6], hdev->features[0][7]);
535 }
536
537 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538 struct sk_buff *skb)
539 {
540 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
543
544 if (rp->status)
545 return;
546
547 hdev->max_page = rp->max_page;
548
549 if (rp->page < HCI_MAX_PAGES)
550 memcpy(hdev->features[rp->page], rp->features, 8);
551 }
552
553 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
554 struct sk_buff *skb)
555 {
556 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
557
558 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
559
560 if (!rp->status)
561 hdev->flow_ctl_mode = rp->mode;
562 }
563
564 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
565 {
566 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
567
568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
569
570 if (rp->status)
571 return;
572
573 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
574 hdev->sco_mtu = rp->sco_mtu;
575 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
576 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
577
578 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
579 hdev->sco_mtu = 64;
580 hdev->sco_pkts = 8;
581 }
582
583 hdev->acl_cnt = hdev->acl_pkts;
584 hdev->sco_cnt = hdev->sco_pkts;
585
586 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
587 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
588 }
589
590 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
591 {
592 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
593
594 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595
596 if (!rp->status)
597 bacpy(&hdev->bdaddr, &rp->bdaddr);
598 }
599
600 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
601 struct sk_buff *skb)
602 {
603 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
604
605 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606
607 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
608 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
609 hdev->page_scan_window = __le16_to_cpu(rp->window);
610 }
611 }
612
613 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
614 struct sk_buff *skb)
615 {
616 u8 status = *((u8 *) skb->data);
617 struct hci_cp_write_page_scan_activity *sent;
618
619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
620
621 if (status)
622 return;
623
624 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
625 if (!sent)
626 return;
627
628 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
629 hdev->page_scan_window = __le16_to_cpu(sent->window);
630 }
631
632 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
633 struct sk_buff *skb)
634 {
635 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
636
637 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638
639 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
640 hdev->page_scan_type = rp->type;
641 }
642
643 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
644 struct sk_buff *skb)
645 {
646 u8 status = *((u8 *) skb->data);
647 u8 *type;
648
649 BT_DBG("%s status 0x%2.2x", hdev->name, status);
650
651 if (status)
652 return;
653
654 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
655 if (type)
656 hdev->page_scan_type = *type;
657 }
658
659 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
660 struct sk_buff *skb)
661 {
662 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
663
664 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
665
666 if (rp->status)
667 return;
668
669 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
670 hdev->block_len = __le16_to_cpu(rp->block_len);
671 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
672
673 hdev->block_cnt = hdev->num_blocks;
674
675 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
676 hdev->block_cnt, hdev->block_len);
677 }
678
679 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
680 struct sk_buff *skb)
681 {
682 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
683
684 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685
686 if (rp->status)
687 goto a2mp_rsp;
688
689 hdev->amp_status = rp->amp_status;
690 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
691 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
692 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
693 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
694 hdev->amp_type = rp->amp_type;
695 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
696 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
697 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
698 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
699
700 a2mp_rsp:
701 a2mp_send_getinfo_rsp(hdev);
702 }
703
704 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
705 struct sk_buff *skb)
706 {
707 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
708 struct amp_assoc *assoc = &hdev->loc_assoc;
709 size_t rem_len, frag_len;
710
711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712
713 if (rp->status)
714 goto a2mp_rsp;
715
716 frag_len = skb->len - sizeof(*rp);
717 rem_len = __le16_to_cpu(rp->rem_len);
718
719 if (rem_len > frag_len) {
720 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
721
722 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
723 assoc->offset += frag_len;
724
725 /* Read other fragments */
726 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
727
728 return;
729 }
730
731 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
732 assoc->len = assoc->offset + rem_len;
733 assoc->offset = 0;
734
735 a2mp_rsp:
736 /* Send A2MP Rsp when all fragments are received */
737 a2mp_send_getampassoc_rsp(hdev, rp->status);
738 a2mp_send_create_phy_link_req(hdev, rp->status);
739 }
740
741 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
742 struct sk_buff *skb)
743 {
744 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
745
746 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
747
748 if (!rp->status)
749 hdev->inq_tx_power = rp->tx_power;
750 }
751
752 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
753 {
754 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
755 struct hci_cp_pin_code_reply *cp;
756 struct hci_conn *conn;
757
758 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759
760 hci_dev_lock(hdev);
761
762 if (test_bit(HCI_MGMT, &hdev->dev_flags))
763 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
764
765 if (rp->status)
766 goto unlock;
767
768 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
769 if (!cp)
770 goto unlock;
771
772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
773 if (conn)
774 conn->pin_length = cp->pin_len;
775
776 unlock:
777 hci_dev_unlock(hdev);
778 }
779
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786 hci_dev_lock(hdev);
787
788 if (test_bit(HCI_MGMT, &hdev->dev_flags))
789 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
790 rp->status);
791
792 hci_dev_unlock(hdev);
793 }
794
795 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
796 struct sk_buff *skb)
797 {
798 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
799
800 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801
802 if (rp->status)
803 return;
804
805 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
806 hdev->le_pkts = rp->le_max_pkt;
807
808 hdev->le_cnt = hdev->le_pkts;
809
810 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
811 }
812
813 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
814 struct sk_buff *skb)
815 {
816 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
817
818 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819
820 if (!rp->status)
821 memcpy(hdev->le_features, rp->features, 8);
822 }
823
824 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
825 struct sk_buff *skb)
826 {
827 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
828
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
830
831 if (!rp->status)
832 hdev->adv_tx_power = rp->tx_power;
833 }
834
835 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
836 {
837 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
838
839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
840
841 hci_dev_lock(hdev);
842
843 if (test_bit(HCI_MGMT, &hdev->dev_flags))
844 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
845 rp->status);
846
847 hci_dev_unlock(hdev);
848 }
849
850 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
851 struct sk_buff *skb)
852 {
853 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
854
855 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856
857 hci_dev_lock(hdev);
858
859 if (test_bit(HCI_MGMT, &hdev->dev_flags))
860 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
861 ACL_LINK, 0, rp->status);
862
863 hci_dev_unlock(hdev);
864 }
865
866 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
867 {
868 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
869
870 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871
872 hci_dev_lock(hdev);
873
874 if (test_bit(HCI_MGMT, &hdev->dev_flags))
875 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
876 0, rp->status);
877
878 hci_dev_unlock(hdev);
879 }
880
881 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
882 struct sk_buff *skb)
883 {
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
885
886 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887
888 hci_dev_lock(hdev);
889
890 if (test_bit(HCI_MGMT, &hdev->dev_flags))
891 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
892 ACL_LINK, 0, rp->status);
893
894 hci_dev_unlock(hdev);
895 }
896
897 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
898 struct sk_buff *skb)
899 {
900 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
901
902 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903
904 hci_dev_lock(hdev);
905 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
906 rp->randomizer, rp->status);
907 hci_dev_unlock(hdev);
908 }
909
910 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
911 {
912 __u8 *sent, status = *((__u8 *) skb->data);
913
914 BT_DBG("%s status 0x%2.2x", hdev->name, status);
915
916 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
917 if (!sent)
918 return;
919
920 hci_dev_lock(hdev);
921
922 if (!status) {
923 if (*sent)
924 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
925 else
926 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
927 }
928
929 if (!test_bit(HCI_INIT, &hdev->flags)) {
930 struct hci_request req;
931
932 hci_req_init(&req, hdev);
933 hci_update_ad(&req);
934 hci_req_run(&req, NULL);
935 }
936
937 hci_dev_unlock(hdev);
938 }
939
940 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
941 {
942 __u8 status = *((__u8 *) skb->data);
943
944 BT_DBG("%s status 0x%2.2x", hdev->name, status);
945
946 if (status) {
947 hci_dev_lock(hdev);
948 mgmt_start_discovery_failed(hdev, status);
949 hci_dev_unlock(hdev);
950 return;
951 }
952 }
953
954 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
955 struct sk_buff *skb)
956 {
957 struct hci_cp_le_set_scan_enable *cp;
958 __u8 status = *((__u8 *) skb->data);
959
960 BT_DBG("%s status 0x%2.2x", hdev->name, status);
961
962 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
963 if (!cp)
964 return;
965
966 switch (cp->enable) {
967 case LE_SCAN_ENABLE:
968 if (status) {
969 hci_dev_lock(hdev);
970 mgmt_start_discovery_failed(hdev, status);
971 hci_dev_unlock(hdev);
972 return;
973 }
974
975 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
976
977 hci_dev_lock(hdev);
978 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
979 hci_dev_unlock(hdev);
980 break;
981
982 case LE_SCAN_DISABLE:
983 if (status) {
984 hci_dev_lock(hdev);
985 mgmt_stop_discovery_failed(hdev, status);
986 hci_dev_unlock(hdev);
987 return;
988 }
989
990 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
991
992 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
993 hdev->discovery.state == DISCOVERY_FINDING) {
994 mgmt_interleaved_discovery(hdev);
995 } else {
996 hci_dev_lock(hdev);
997 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
998 hci_dev_unlock(hdev);
999 }
1000
1001 break;
1002
1003 default:
1004 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1005 break;
1006 }
1007 }
1008
1009 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1011 {
1012 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1015
1016 if (!rp->status)
1017 hdev->le_white_list_size = rp->size;
1018 }
1019
1020 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1021 struct sk_buff *skb)
1022 {
1023 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1024
1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1026
1027 if (!rp->status)
1028 memcpy(hdev->le_states, rp->le_states, 8);
1029 }
1030
1031 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1032 struct sk_buff *skb)
1033 {
1034 struct hci_cp_write_le_host_supported *sent;
1035 __u8 status = *((__u8 *) skb->data);
1036
1037 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1038
1039 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1040 if (!sent)
1041 return;
1042
1043 if (!status) {
1044 if (sent->le)
1045 hdev->features[1][0] |= LMP_HOST_LE;
1046 else
1047 hdev->features[1][0] &= ~LMP_HOST_LE;
1048
1049 if (sent->simul)
1050 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1051 else
1052 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1053 }
1054
1055 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1056 !test_bit(HCI_INIT, &hdev->flags))
1057 mgmt_le_enable_complete(hdev, sent->le, status);
1058 }
1059
1060 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1061 struct sk_buff *skb)
1062 {
1063 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1064
1065 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1066 hdev->name, rp->status, rp->phy_handle);
1067
1068 if (rp->status)
1069 return;
1070
1071 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1072 }
1073
1074 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1075 {
1076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1077
1078 if (status) {
1079 hci_conn_check_pending(hdev);
1080 hci_dev_lock(hdev);
1081 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1082 mgmt_start_discovery_failed(hdev, status);
1083 hci_dev_unlock(hdev);
1084 return;
1085 }
1086
1087 set_bit(HCI_INQUIRY, &hdev->flags);
1088
1089 hci_dev_lock(hdev);
1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1091 hci_dev_unlock(hdev);
1092 }
1093
1094 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1095 {
1096 struct hci_cp_create_conn *cp;
1097 struct hci_conn *conn;
1098
1099 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100
1101 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1102 if (!cp)
1103 return;
1104
1105 hci_dev_lock(hdev);
1106
1107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1108
1109 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1110
1111 if (status) {
1112 if (conn && conn->state == BT_CONNECT) {
1113 if (status != 0x0c || conn->attempt > 2) {
1114 conn->state = BT_CLOSED;
1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_del(conn);
1117 } else
1118 conn->state = BT_CONNECT2;
1119 }
1120 } else {
1121 if (!conn) {
1122 conn = hci_conn_add(hdev, ACL_LINK, 0, &cp->bdaddr);
1123 if (conn) {
1124 conn->out = true;
1125 conn->link_mode |= HCI_LM_MASTER;
1126 } else
1127 BT_ERR("No memory for new connection");
1128 }
1129 }
1130
1131 hci_dev_unlock(hdev);
1132 }
1133
1134 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1135 {
1136 struct hci_cp_add_sco *cp;
1137 struct hci_conn *acl, *sco;
1138 __u16 handle;
1139
1140 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1141
1142 if (!status)
1143 return;
1144
1145 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146 if (!cp)
1147 return;
1148
1149 handle = __le16_to_cpu(cp->handle);
1150
1151 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1152
1153 hci_dev_lock(hdev);
1154
1155 acl = hci_conn_hash_lookup_handle(hdev, handle);
1156 if (acl) {
1157 sco = acl->link;
1158 if (sco) {
1159 sco->state = BT_CLOSED;
1160
1161 hci_proto_connect_cfm(sco, status);
1162 hci_conn_del(sco);
1163 }
1164 }
1165
1166 hci_dev_unlock(hdev);
1167 }
1168
1169 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1170 {
1171 struct hci_cp_auth_requested *cp;
1172 struct hci_conn *conn;
1173
1174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175
1176 if (!status)
1177 return;
1178
1179 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1180 if (!cp)
1181 return;
1182
1183 hci_dev_lock(hdev);
1184
1185 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1186 if (conn) {
1187 if (conn->state == BT_CONFIG) {
1188 hci_proto_connect_cfm(conn, status);
1189 hci_conn_drop(conn);
1190 }
1191 }
1192
1193 hci_dev_unlock(hdev);
1194 }
1195
1196 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1197 {
1198 struct hci_cp_set_conn_encrypt *cp;
1199 struct hci_conn *conn;
1200
1201 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1202
1203 if (!status)
1204 return;
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1207 if (!cp)
1208 return;
1209
1210 hci_dev_lock(hdev);
1211
1212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1213 if (conn) {
1214 if (conn->state == BT_CONFIG) {
1215 hci_proto_connect_cfm(conn, status);
1216 hci_conn_drop(conn);
1217 }
1218 }
1219
1220 hci_dev_unlock(hdev);
1221 }
1222
1223 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1224 struct hci_conn *conn)
1225 {
1226 if (conn->state != BT_CONFIG || !conn->out)
1227 return 0;
1228
1229 if (conn->pending_sec_level == BT_SECURITY_SDP)
1230 return 0;
1231
1232 /* Only request authentication for SSP connections or non-SSP
1233 * devices with sec_level HIGH or if MITM protection is requested */
1234 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1235 conn->pending_sec_level != BT_SECURITY_HIGH)
1236 return 0;
1237
1238 return 1;
1239 }
1240
1241 static int hci_resolve_name(struct hci_dev *hdev,
1242 struct inquiry_entry *e)
1243 {
1244 struct hci_cp_remote_name_req cp;
1245
1246 memset(&cp, 0, sizeof(cp));
1247
1248 bacpy(&cp.bdaddr, &e->data.bdaddr);
1249 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250 cp.pscan_mode = e->data.pscan_mode;
1251 cp.clock_offset = e->data.clock_offset;
1252
1253 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254 }
1255
1256 static bool hci_resolve_next_name(struct hci_dev *hdev)
1257 {
1258 struct discovery_state *discov = &hdev->discovery;
1259 struct inquiry_entry *e;
1260
1261 if (list_empty(&discov->resolve))
1262 return false;
1263
1264 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1265 if (!e)
1266 return false;
1267
1268 if (hci_resolve_name(hdev, e) == 0) {
1269 e->name_state = NAME_PENDING;
1270 return true;
1271 }
1272
1273 return false;
1274 }
1275
1276 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1278 {
1279 struct discovery_state *discov = &hdev->discovery;
1280 struct inquiry_entry *e;
1281
1282 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284 name_len, conn->dev_class);
1285
1286 if (discov->state == DISCOVERY_STOPPED)
1287 return;
1288
1289 if (discov->state == DISCOVERY_STOPPING)
1290 goto discov_complete;
1291
1292 if (discov->state != DISCOVERY_RESOLVING)
1293 return;
1294
1295 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296 /* If the device was not found in a list of found devices names of which
1297 * are pending. there is no need to continue resolving a next name as it
1298 * will be done upon receiving another Remote Name Request Complete
1299 * Event */
1300 if (!e)
1301 return;
1302
1303 list_del(&e->list);
1304 if (name) {
1305 e->name_state = NAME_KNOWN;
1306 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307 e->data.rssi, name, name_len);
1308 } else {
1309 e->name_state = NAME_NOT_KNOWN;
1310 }
1311
1312 if (hci_resolve_next_name(hdev))
1313 return;
1314
1315 discov_complete:
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317 }
1318
1319 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320 {
1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1323
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1328 if (!status)
1329 return;
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
1337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
1339 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1341
1342 if (!conn)
1343 goto unlock;
1344
1345 if (!hci_outgoing_auth_needed(hdev, conn))
1346 goto unlock;
1347
1348 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349 struct hci_cp_auth_requested cp;
1350 cp.handle = __cpu_to_le16(conn->handle);
1351 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1352 }
1353
1354 unlock:
1355 hci_dev_unlock(hdev);
1356 }
1357
1358 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1359 {
1360 struct hci_cp_read_remote_features *cp;
1361 struct hci_conn *conn;
1362
1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364
1365 if (!status)
1366 return;
1367
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1369 if (!cp)
1370 return;
1371
1372 hci_dev_lock(hdev);
1373
1374 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1375 if (conn) {
1376 if (conn->state == BT_CONFIG) {
1377 hci_proto_connect_cfm(conn, status);
1378 hci_conn_drop(conn);
1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383 }
1384
1385 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1386 {
1387 struct hci_cp_read_remote_ext_features *cp;
1388 struct hci_conn *conn;
1389
1390 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1391
1392 if (!status)
1393 return;
1394
1395 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1396 if (!cp)
1397 return;
1398
1399 hci_dev_lock(hdev);
1400
1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1402 if (conn) {
1403 if (conn->state == BT_CONFIG) {
1404 hci_proto_connect_cfm(conn, status);
1405 hci_conn_drop(conn);
1406 }
1407 }
1408
1409 hci_dev_unlock(hdev);
1410 }
1411
1412 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1413 {
1414 struct hci_cp_setup_sync_conn *cp;
1415 struct hci_conn *acl, *sco;
1416 __u16 handle;
1417
1418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1419
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1424 if (!cp)
1425 return;
1426
1427 handle = __le16_to_cpu(cp->handle);
1428
1429 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1430
1431 hci_dev_lock(hdev);
1432
1433 acl = hci_conn_hash_lookup_handle(hdev, handle);
1434 if (acl) {
1435 sco = acl->link;
1436 if (sco) {
1437 sco->state = BT_CLOSED;
1438
1439 hci_proto_connect_cfm(sco, status);
1440 hci_conn_del(sco);
1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445 }
1446
1447 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1448 {
1449 struct hci_cp_sniff_mode *cp;
1450 struct hci_conn *conn;
1451
1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1453
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 if (conn) {
1465 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1466
1467 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1468 hci_sco_setup(conn, status);
1469 }
1470
1471 hci_dev_unlock(hdev);
1472 }
1473
1474 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1475 {
1476 struct hci_cp_exit_sniff_mode *cp;
1477 struct hci_conn *conn;
1478
1479 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1480
1481 if (!status)
1482 return;
1483
1484 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1485 if (!cp)
1486 return;
1487
1488 hci_dev_lock(hdev);
1489
1490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1491 if (conn) {
1492 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1493
1494 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1495 hci_sco_setup(conn, status);
1496 }
1497
1498 hci_dev_unlock(hdev);
1499 }
1500
1501 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1502 {
1503 struct hci_cp_disconnect *cp;
1504 struct hci_conn *conn;
1505
1506 if (!status)
1507 return;
1508
1509 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1510 if (!cp)
1511 return;
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn)
1517 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1518 conn->dst_type, status);
1519
1520 hci_dev_unlock(hdev);
1521 }
1522
1523 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1524 {
1525 struct hci_conn *conn;
1526
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528
1529 if (status) {
1530 hci_dev_lock(hdev);
1531
1532 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1533 if (!conn) {
1534 hci_dev_unlock(hdev);
1535 return;
1536 }
1537
1538 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1539
1540 conn->state = BT_CLOSED;
1541 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1542 conn->dst_type, status);
1543 hci_proto_connect_cfm(conn, status);
1544 hci_conn_del(conn);
1545
1546 hci_dev_unlock(hdev);
1547 }
1548 }
1549
1550 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1551 {
1552 struct hci_cp_create_phy_link *cp;
1553
1554 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555
1556 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1557 if (!cp)
1558 return;
1559
1560 hci_dev_lock(hdev);
1561
1562 if (status) {
1563 struct hci_conn *hcon;
1564
1565 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1566 if (hcon)
1567 hci_conn_del(hcon);
1568 } else {
1569 amp_write_remote_assoc(hdev, cp->phy_handle);
1570 }
1571
1572 hci_dev_unlock(hdev);
1573 }
1574
1575 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1576 {
1577 struct hci_cp_accept_phy_link *cp;
1578
1579 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1580
1581 if (status)
1582 return;
1583
1584 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1585 if (!cp)
1586 return;
1587
1588 amp_write_remote_assoc(hdev, cp->phy_handle);
1589 }
1590
1591 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1592 {
1593 __u8 status = *((__u8 *) skb->data);
1594 struct discovery_state *discov = &hdev->discovery;
1595 struct inquiry_entry *e;
1596
1597 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1598
1599 hci_conn_check_pending(hdev);
1600
1601 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1602 return;
1603
1604 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1605 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
1607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1608 return;
1609
1610 hci_dev_lock(hdev);
1611
1612 if (discov->state != DISCOVERY_FINDING)
1613 goto unlock;
1614
1615 if (list_empty(&discov->resolve)) {
1616 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1617 goto unlock;
1618 }
1619
1620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1621 if (e && hci_resolve_name(hdev, e) == 0) {
1622 e->name_state = NAME_PENDING;
1623 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1624 } else {
1625 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1626 }
1627
1628 unlock:
1629 hci_dev_unlock(hdev);
1630 }
1631
1632 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1633 {
1634 struct inquiry_data data;
1635 struct inquiry_info *info = (void *) (skb->data + 1);
1636 int num_rsp = *((__u8 *) skb->data);
1637
1638 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1639
1640 if (!num_rsp)
1641 return;
1642
1643 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1644 return;
1645
1646 hci_dev_lock(hdev);
1647
1648 for (; num_rsp; num_rsp--, info++) {
1649 bool name_known, ssp;
1650
1651 bacpy(&data.bdaddr, &info->bdaddr);
1652 data.pscan_rep_mode = info->pscan_rep_mode;
1653 data.pscan_period_mode = info->pscan_period_mode;
1654 data.pscan_mode = info->pscan_mode;
1655 memcpy(data.dev_class, info->dev_class, 3);
1656 data.clock_offset = info->clock_offset;
1657 data.rssi = 0x00;
1658 data.ssp_mode = 0x00;
1659
1660 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1661 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1662 info->dev_class, 0, !name_known, ssp, NULL,
1663 0);
1664 }
1665
1666 hci_dev_unlock(hdev);
1667 }
1668
1669 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1670 {
1671 struct hci_ev_conn_complete *ev = (void *) skb->data;
1672 struct hci_conn *conn;
1673
1674 BT_DBG("%s", hdev->name);
1675
1676 hci_dev_lock(hdev);
1677
1678 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1679 if (!conn) {
1680 if (ev->link_type != SCO_LINK)
1681 goto unlock;
1682
1683 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1684 if (!conn)
1685 goto unlock;
1686
1687 conn->type = SCO_LINK;
1688 }
1689
1690 if (!ev->status) {
1691 conn->handle = __le16_to_cpu(ev->handle);
1692
1693 if (conn->type == ACL_LINK) {
1694 conn->state = BT_CONFIG;
1695 hci_conn_hold(conn);
1696
1697 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1698 !hci_find_link_key(hdev, &ev->bdaddr))
1699 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1700 else
1701 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1702 } else
1703 conn->state = BT_CONNECTED;
1704
1705 hci_conn_add_sysfs(conn);
1706
1707 if (test_bit(HCI_AUTH, &hdev->flags))
1708 conn->link_mode |= HCI_LM_AUTH;
1709
1710 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1711 conn->link_mode |= HCI_LM_ENCRYPT;
1712
1713 /* Get remote features */
1714 if (conn->type == ACL_LINK) {
1715 struct hci_cp_read_remote_features cp;
1716 cp.handle = ev->handle;
1717 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1718 sizeof(cp), &cp);
1719 }
1720
1721 /* Set packet type for incoming connection */
1722 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1723 struct hci_cp_change_conn_ptype cp;
1724 cp.handle = ev->handle;
1725 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1726 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1727 &cp);
1728 }
1729 } else {
1730 conn->state = BT_CLOSED;
1731 if (conn->type == ACL_LINK)
1732 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1733 conn->dst_type, ev->status);
1734 }
1735
1736 if (conn->type == ACL_LINK)
1737 hci_sco_setup(conn, ev->status);
1738
1739 if (ev->status) {
1740 hci_proto_connect_cfm(conn, ev->status);
1741 hci_conn_del(conn);
1742 } else if (ev->link_type != ACL_LINK)
1743 hci_proto_connect_cfm(conn, ev->status);
1744
1745 unlock:
1746 hci_dev_unlock(hdev);
1747
1748 hci_conn_check_pending(hdev);
1749 }
1750
1751 static inline bool is_sco_active(struct hci_dev *hdev)
1752 {
1753 if (hci_conn_hash_lookup_state(hdev, SCO_LINK, BT_CONNECTED) ||
1754 (hci_conn_hash_lookup_state(hdev, ESCO_LINK,
1755 BT_CONNECTED)))
1756 return true;
1757 return false;
1758 }
1759
1760 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1761 {
1762 struct hci_ev_conn_request *ev = (void *) skb->data;
1763 int mask = hdev->link_mode;
1764 __u8 flags = 0;
1765
1766 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1767 ev->link_type);
1768
1769 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1770 &flags);
1771
1772 if ((mask & HCI_LM_ACCEPT) &&
1773 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1774 /* Connection accepted */
1775 struct inquiry_entry *ie;
1776 struct hci_conn *conn;
1777
1778 hci_dev_lock(hdev);
1779
1780 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1781 if (ie)
1782 memcpy(ie->data.dev_class, ev->dev_class, 3);
1783
1784 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1785 &ev->bdaddr);
1786 if (!conn) {
1787 /* pkt_type not yet used for incoming connections */
1788 conn = hci_conn_add(hdev, ev->link_type, 0, &ev->bdaddr);
1789 if (!conn) {
1790 BT_ERR("No memory for new connection");
1791 hci_dev_unlock(hdev);
1792 return;
1793 }
1794 }
1795
1796 memcpy(conn->dev_class, ev->dev_class, 3);
1797
1798 hci_dev_unlock(hdev);
1799
1800 if (ev->link_type == ACL_LINK ||
1801 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1802 struct hci_cp_accept_conn_req cp;
1803 conn->state = BT_CONNECT;
1804
1805 bacpy(&cp.bdaddr, &ev->bdaddr);
1806
1807 if (lmp_rswitch_capable(hdev) && ((mask & HCI_LM_MASTER)
1808 || is_sco_active(hdev)))
1809 cp.role = 0x00; /* Become master */
1810 else
1811 cp.role = 0x01; /* Remain slave */
1812
1813 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1814 &cp);
1815 } else if (!(flags & HCI_PROTO_DEFER)) {
1816 struct hci_cp_accept_sync_conn_req cp;
1817 conn->state = BT_CONNECT;
1818
1819 bacpy(&cp.bdaddr, &ev->bdaddr);
1820 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1821
1822 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1823 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1824 cp.max_latency = __constant_cpu_to_le16(0xffff);
1825 cp.content_format = cpu_to_le16(hdev->voice_setting);
1826 cp.retrans_effort = 0xff;
1827
1828 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1829 sizeof(cp), &cp);
1830 } else {
1831 conn->state = BT_CONNECT2;
1832 hci_proto_connect_cfm(conn, 0);
1833 }
1834 } else {
1835 /* Connection rejected */
1836 struct hci_cp_reject_conn_req cp;
1837
1838 bacpy(&cp.bdaddr, &ev->bdaddr);
1839 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1840 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1841 }
1842 }
1843
1844 static u8 hci_to_mgmt_reason(u8 err)
1845 {
1846 switch (err) {
1847 case HCI_ERROR_CONNECTION_TIMEOUT:
1848 return MGMT_DEV_DISCONN_TIMEOUT;
1849 case HCI_ERROR_REMOTE_USER_TERM:
1850 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1851 case HCI_ERROR_REMOTE_POWER_OFF:
1852 return MGMT_DEV_DISCONN_REMOTE;
1853 case HCI_ERROR_LOCAL_HOST_TERM:
1854 return MGMT_DEV_DISCONN_LOCAL_HOST;
1855 default:
1856 return MGMT_DEV_DISCONN_UNKNOWN;
1857 }
1858 }
1859
1860 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1861 {
1862 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1863 struct hci_conn *conn;
1864
1865 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1866
1867 hci_dev_lock(hdev);
1868
1869 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1870 if (!conn)
1871 goto unlock;
1872
1873 if (ev->status == 0)
1874 conn->state = BT_CLOSED;
1875
1876 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1877 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1878 if (ev->status) {
1879 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1880 conn->dst_type, ev->status);
1881 } else {
1882 u8 reason = hci_to_mgmt_reason(ev->reason);
1883
1884 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1885 conn->dst_type, reason);
1886 }
1887 }
1888
1889 if (ev->status == 0) {
1890 if (conn->type == ACL_LINK && conn->flush_key)
1891 hci_remove_link_key(hdev, &conn->dst);
1892 hci_proto_disconn_cfm(conn, ev->reason);
1893 hci_conn_del(conn);
1894 }
1895
1896 unlock:
1897 hci_dev_unlock(hdev);
1898 }
1899
1900 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1901 {
1902 struct hci_ev_auth_complete *ev = (void *) skb->data;
1903 struct hci_conn *conn;
1904
1905 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1906
1907 hci_dev_lock(hdev);
1908
1909 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1910 if (!conn)
1911 goto unlock;
1912
1913 if (!ev->status) {
1914 if (!hci_conn_ssp_enabled(conn) &&
1915 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1916 BT_INFO("re-auth of legacy device is not possible.");
1917 } else {
1918 conn->link_mode |= HCI_LM_AUTH;
1919 conn->sec_level = conn->pending_sec_level;
1920 }
1921 } else {
1922 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1923 ev->status);
1924 }
1925
1926 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1927 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1928
1929 if (conn->state == BT_CONFIG) {
1930 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1931 struct hci_cp_set_conn_encrypt cp;
1932 cp.handle = ev->handle;
1933 cp.encrypt = 0x01;
1934 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1935 &cp);
1936 } else {
1937 conn->state = BT_CONNECTED;
1938 hci_proto_connect_cfm(conn, ev->status);
1939 hci_conn_drop(conn);
1940 }
1941 } else {
1942 hci_auth_cfm(conn, ev->status);
1943
1944 hci_conn_hold(conn);
1945 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1946 hci_conn_drop(conn);
1947 }
1948
1949 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1950 if (!ev->status) {
1951 struct hci_cp_set_conn_encrypt cp;
1952 cp.handle = ev->handle;
1953 cp.encrypt = 0x01;
1954 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1955 &cp);
1956 } else {
1957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1958 hci_encrypt_cfm(conn, ev->status, 0x00);
1959 }
1960 }
1961
1962 unlock:
1963 hci_dev_unlock(hdev);
1964 }
1965
1966 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1967 {
1968 struct hci_ev_remote_name *ev = (void *) skb->data;
1969 struct hci_conn *conn;
1970
1971 BT_DBG("%s", hdev->name);
1972
1973 hci_conn_check_pending(hdev);
1974
1975 hci_dev_lock(hdev);
1976
1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1978
1979 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1980 goto check_auth;
1981
1982 if (ev->status == 0)
1983 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1984 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1985 else
1986 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1987
1988 check_auth:
1989 if (!conn)
1990 goto unlock;
1991
1992 if (!hci_outgoing_auth_needed(hdev, conn))
1993 goto unlock;
1994
1995 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1996 struct hci_cp_auth_requested cp;
1997 cp.handle = __cpu_to_le16(conn->handle);
1998 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1999 }
2000
2001 unlock:
2002 hci_dev_unlock(hdev);
2003 }
2004
2005 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2006 {
2007 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2008 struct hci_conn *conn;
2009
2010 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2011
2012 hci_dev_lock(hdev);
2013
2014 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2015 if (conn) {
2016 if (!ev->status) {
2017 if (ev->encrypt) {
2018 /* Encryption implies authentication */
2019 conn->link_mode |= HCI_LM_AUTH;
2020 conn->link_mode |= HCI_LM_ENCRYPT;
2021 conn->sec_level = conn->pending_sec_level;
2022 } else
2023 conn->link_mode &= ~HCI_LM_ENCRYPT;
2024 }
2025
2026 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2027
2028 if (ev->status && conn->state == BT_CONNECTED) {
2029 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2030 hci_conn_drop(conn);
2031 goto unlock;
2032 }
2033
2034 if (conn->state == BT_CONFIG) {
2035 if (!ev->status)
2036 conn->state = BT_CONNECTED;
2037
2038 hci_proto_connect_cfm(conn, ev->status);
2039 hci_conn_drop(conn);
2040 } else
2041 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2042 }
2043
2044 unlock:
2045 hci_dev_unlock(hdev);
2046 }
2047
2048 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2049 struct sk_buff *skb)
2050 {
2051 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2052 struct hci_conn *conn;
2053
2054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2055
2056 hci_dev_lock(hdev);
2057
2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2059 if (conn) {
2060 if (!ev->status)
2061 conn->link_mode |= HCI_LM_SECURE;
2062
2063 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2064
2065 hci_key_change_cfm(conn, ev->status);
2066 }
2067
2068 hci_dev_unlock(hdev);
2069 }
2070
2071 static void hci_remote_features_evt(struct hci_dev *hdev,
2072 struct sk_buff *skb)
2073 {
2074 struct hci_ev_remote_features *ev = (void *) skb->data;
2075 struct hci_conn *conn;
2076
2077 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2078
2079 hci_dev_lock(hdev);
2080
2081 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2082 if (!conn)
2083 goto unlock;
2084
2085 if (!ev->status)
2086 memcpy(conn->features[0], ev->features, 8);
2087
2088 if (conn->state != BT_CONFIG)
2089 goto unlock;
2090
2091 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2092 struct hci_cp_read_remote_ext_features cp;
2093 cp.handle = ev->handle;
2094 cp.page = 0x01;
2095 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2096 sizeof(cp), &cp);
2097 goto unlock;
2098 }
2099
2100 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2101 struct hci_cp_remote_name_req cp;
2102 memset(&cp, 0, sizeof(cp));
2103 bacpy(&cp.bdaddr, &conn->dst);
2104 cp.pscan_rep_mode = 0x02;
2105 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2106 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2107 mgmt_device_connected(hdev, &conn->dst, conn->type,
2108 conn->dst_type, 0, NULL, 0,
2109 conn->dev_class);
2110
2111 if (!hci_outgoing_auth_needed(hdev, conn)) {
2112 conn->state = BT_CONNECTED;
2113 hci_proto_connect_cfm(conn, ev->status);
2114 hci_conn_drop(conn);
2115 }
2116
2117 unlock:
2118 hci_dev_unlock(hdev);
2119 }
2120
2121 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2122 {
2123 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2124 u8 status = skb->data[sizeof(*ev)];
2125 __u16 opcode;
2126
2127 skb_pull(skb, sizeof(*ev));
2128
2129 opcode = __le16_to_cpu(ev->opcode);
2130
2131 switch (opcode) {
2132 case HCI_OP_INQUIRY_CANCEL:
2133 hci_cc_inquiry_cancel(hdev, skb);
2134 break;
2135
2136 case HCI_OP_PERIODIC_INQ:
2137 hci_cc_periodic_inq(hdev, skb);
2138 break;
2139
2140 case HCI_OP_EXIT_PERIODIC_INQ:
2141 hci_cc_exit_periodic_inq(hdev, skb);
2142 break;
2143
2144 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2145 hci_cc_remote_name_req_cancel(hdev, skb);
2146 break;
2147
2148 case HCI_OP_ROLE_DISCOVERY:
2149 hci_cc_role_discovery(hdev, skb);
2150 break;
2151
2152 case HCI_OP_READ_LINK_POLICY:
2153 hci_cc_read_link_policy(hdev, skb);
2154 break;
2155
2156 case HCI_OP_WRITE_LINK_POLICY:
2157 hci_cc_write_link_policy(hdev, skb);
2158 break;
2159
2160 case HCI_OP_READ_DEF_LINK_POLICY:
2161 hci_cc_read_def_link_policy(hdev, skb);
2162 break;
2163
2164 case HCI_OP_WRITE_DEF_LINK_POLICY:
2165 hci_cc_write_def_link_policy(hdev, skb);
2166 break;
2167
2168 case HCI_OP_RESET:
2169 hci_cc_reset(hdev, skb);
2170 break;
2171
2172 case HCI_OP_WRITE_LOCAL_NAME:
2173 hci_cc_write_local_name(hdev, skb);
2174 break;
2175
2176 case HCI_OP_READ_LOCAL_NAME:
2177 hci_cc_read_local_name(hdev, skb);
2178 break;
2179
2180 case HCI_OP_WRITE_AUTH_ENABLE:
2181 hci_cc_write_auth_enable(hdev, skb);
2182 break;
2183
2184 case HCI_OP_WRITE_ENCRYPT_MODE:
2185 hci_cc_write_encrypt_mode(hdev, skb);
2186 break;
2187
2188 case HCI_OP_WRITE_SCAN_ENABLE:
2189 hci_cc_write_scan_enable(hdev, skb);
2190 break;
2191
2192 case HCI_OP_READ_CLASS_OF_DEV:
2193 hci_cc_read_class_of_dev(hdev, skb);
2194 break;
2195
2196 case HCI_OP_WRITE_CLASS_OF_DEV:
2197 hci_cc_write_class_of_dev(hdev, skb);
2198 break;
2199
2200 case HCI_OP_READ_VOICE_SETTING:
2201 hci_cc_read_voice_setting(hdev, skb);
2202 break;
2203
2204 case HCI_OP_WRITE_VOICE_SETTING:
2205 hci_cc_write_voice_setting(hdev, skb);
2206 break;
2207
2208 case HCI_OP_WRITE_SSP_MODE:
2209 hci_cc_write_ssp_mode(hdev, skb);
2210 break;
2211
2212 case HCI_OP_READ_LOCAL_VERSION:
2213 hci_cc_read_local_version(hdev, skb);
2214 break;
2215
2216 case HCI_OP_READ_LOCAL_COMMANDS:
2217 hci_cc_read_local_commands(hdev, skb);
2218 break;
2219
2220 case HCI_OP_READ_LOCAL_FEATURES:
2221 hci_cc_read_local_features(hdev, skb);
2222 break;
2223
2224 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2225 hci_cc_read_local_ext_features(hdev, skb);
2226 break;
2227
2228 case HCI_OP_READ_BUFFER_SIZE:
2229 hci_cc_read_buffer_size(hdev, skb);
2230 break;
2231
2232 case HCI_OP_READ_BD_ADDR:
2233 hci_cc_read_bd_addr(hdev, skb);
2234 break;
2235
2236 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2237 hci_cc_read_page_scan_activity(hdev, skb);
2238 break;
2239
2240 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2241 hci_cc_write_page_scan_activity(hdev, skb);
2242 break;
2243
2244 case HCI_OP_READ_PAGE_SCAN_TYPE:
2245 hci_cc_read_page_scan_type(hdev, skb);
2246 break;
2247
2248 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2249 hci_cc_write_page_scan_type(hdev, skb);
2250 break;
2251
2252 case HCI_OP_READ_DATA_BLOCK_SIZE:
2253 hci_cc_read_data_block_size(hdev, skb);
2254 break;
2255
2256 case HCI_OP_READ_FLOW_CONTROL_MODE:
2257 hci_cc_read_flow_control_mode(hdev, skb);
2258 break;
2259
2260 case HCI_OP_READ_LOCAL_AMP_INFO:
2261 hci_cc_read_local_amp_info(hdev, skb);
2262 break;
2263
2264 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2265 hci_cc_read_local_amp_assoc(hdev, skb);
2266 break;
2267
2268 case HCI_OP_READ_INQ_RSP_TX_POWER:
2269 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2270 break;
2271
2272 case HCI_OP_PIN_CODE_REPLY:
2273 hci_cc_pin_code_reply(hdev, skb);
2274 break;
2275
2276 case HCI_OP_PIN_CODE_NEG_REPLY:
2277 hci_cc_pin_code_neg_reply(hdev, skb);
2278 break;
2279
2280 case HCI_OP_READ_LOCAL_OOB_DATA:
2281 hci_cc_read_local_oob_data_reply(hdev, skb);
2282 break;
2283
2284 case HCI_OP_LE_READ_BUFFER_SIZE:
2285 hci_cc_le_read_buffer_size(hdev, skb);
2286 break;
2287
2288 case HCI_OP_LE_READ_LOCAL_FEATURES:
2289 hci_cc_le_read_local_features(hdev, skb);
2290 break;
2291
2292 case HCI_OP_LE_READ_ADV_TX_POWER:
2293 hci_cc_le_read_adv_tx_power(hdev, skb);
2294 break;
2295
2296 case HCI_OP_USER_CONFIRM_REPLY:
2297 hci_cc_user_confirm_reply(hdev, skb);
2298 break;
2299
2300 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2301 hci_cc_user_confirm_neg_reply(hdev, skb);
2302 break;
2303
2304 case HCI_OP_USER_PASSKEY_REPLY:
2305 hci_cc_user_passkey_reply(hdev, skb);
2306 break;
2307
2308 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2309 hci_cc_user_passkey_neg_reply(hdev, skb);
2310 break;
2311
2312 case HCI_OP_LE_SET_SCAN_PARAM:
2313 hci_cc_le_set_scan_param(hdev, skb);
2314 break;
2315
2316 case HCI_OP_LE_SET_ADV_ENABLE:
2317 hci_cc_le_set_adv_enable(hdev, skb);
2318 break;
2319
2320 case HCI_OP_LE_SET_SCAN_ENABLE:
2321 hci_cc_le_set_scan_enable(hdev, skb);
2322 break;
2323
2324 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2325 hci_cc_le_read_white_list_size(hdev, skb);
2326 break;
2327
2328 case HCI_OP_LE_READ_SUPPORTED_STATES:
2329 hci_cc_le_read_supported_states(hdev, skb);
2330 break;
2331
2332 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2333 hci_cc_write_le_host_supported(hdev, skb);
2334 break;
2335
2336 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2337 hci_cc_write_remote_amp_assoc(hdev, skb);
2338 break;
2339
2340 default:
2341 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2342 break;
2343 }
2344
2345 if (opcode != HCI_OP_NOP)
2346 del_timer(&hdev->cmd_timer);
2347
2348 hci_req_cmd_complete(hdev, opcode, status);
2349
2350 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2351 atomic_set(&hdev->cmd_cnt, 1);
2352 if (!skb_queue_empty(&hdev->cmd_q))
2353 queue_work(hdev->workqueue, &hdev->cmd_work);
2354 }
2355 }
2356
2357 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2358 {
2359 struct hci_ev_cmd_status *ev = (void *) skb->data;
2360 __u16 opcode;
2361
2362 skb_pull(skb, sizeof(*ev));
2363
2364 opcode = __le16_to_cpu(ev->opcode);
2365
2366 switch (opcode) {
2367 case HCI_OP_INQUIRY:
2368 hci_cs_inquiry(hdev, ev->status);
2369 break;
2370
2371 case HCI_OP_CREATE_CONN:
2372 hci_cs_create_conn(hdev, ev->status);
2373 break;
2374
2375 case HCI_OP_ADD_SCO:
2376 hci_cs_add_sco(hdev, ev->status);
2377 break;
2378
2379 case HCI_OP_AUTH_REQUESTED:
2380 hci_cs_auth_requested(hdev, ev->status);
2381 break;
2382
2383 case HCI_OP_SET_CONN_ENCRYPT:
2384 hci_cs_set_conn_encrypt(hdev, ev->status);
2385 break;
2386
2387 case HCI_OP_REMOTE_NAME_REQ:
2388 hci_cs_remote_name_req(hdev, ev->status);
2389 break;
2390
2391 case HCI_OP_READ_REMOTE_FEATURES:
2392 hci_cs_read_remote_features(hdev, ev->status);
2393 break;
2394
2395 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2396 hci_cs_read_remote_ext_features(hdev, ev->status);
2397 break;
2398
2399 case HCI_OP_SETUP_SYNC_CONN:
2400 hci_cs_setup_sync_conn(hdev, ev->status);
2401 break;
2402
2403 case HCI_OP_SNIFF_MODE:
2404 hci_cs_sniff_mode(hdev, ev->status);
2405 break;
2406
2407 case HCI_OP_EXIT_SNIFF_MODE:
2408 hci_cs_exit_sniff_mode(hdev, ev->status);
2409 break;
2410
2411 case HCI_OP_DISCONNECT:
2412 hci_cs_disconnect(hdev, ev->status);
2413 break;
2414
2415 case HCI_OP_LE_CREATE_CONN:
2416 hci_cs_le_create_conn(hdev, ev->status);
2417 break;
2418
2419 case HCI_OP_CREATE_PHY_LINK:
2420 hci_cs_create_phylink(hdev, ev->status);
2421 break;
2422
2423 case HCI_OP_ACCEPT_PHY_LINK:
2424 hci_cs_accept_phylink(hdev, ev->status);
2425 break;
2426
2427 default:
2428 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2429 break;
2430 }
2431
2432 if (opcode != HCI_OP_NOP)
2433 del_timer(&hdev->cmd_timer);
2434
2435 if (ev->status ||
2436 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2437 hci_req_cmd_complete(hdev, opcode, ev->status);
2438
2439 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2440 atomic_set(&hdev->cmd_cnt, 1);
2441 if (!skb_queue_empty(&hdev->cmd_q))
2442 queue_work(hdev->workqueue, &hdev->cmd_work);
2443 }
2444 }
2445
2446 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2447 {
2448 struct hci_ev_role_change *ev = (void *) skb->data;
2449 struct hci_conn *conn;
2450
2451 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2452
2453 hci_dev_lock(hdev);
2454
2455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2456 if (conn) {
2457 if (!ev->status) {
2458 if (ev->role)
2459 conn->link_mode &= ~HCI_LM_MASTER;
2460 else
2461 conn->link_mode |= HCI_LM_MASTER;
2462 }
2463
2464 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2465
2466 hci_role_switch_cfm(conn, ev->status, ev->role);
2467 }
2468
2469 hci_dev_unlock(hdev);
2470 }
2471
2472 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2473 {
2474 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2475 int i;
2476
2477 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2478 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2479 return;
2480 }
2481
2482 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2483 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2484 BT_DBG("%s bad parameters", hdev->name);
2485 return;
2486 }
2487
2488 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2489
2490 for (i = 0; i < ev->num_hndl; i++) {
2491 struct hci_comp_pkts_info *info = &ev->handles[i];
2492 struct hci_conn *conn;
2493 __u16 handle, count;
2494
2495 handle = __le16_to_cpu(info->handle);
2496 count = __le16_to_cpu(info->count);
2497
2498 conn = hci_conn_hash_lookup_handle(hdev, handle);
2499 if (!conn)
2500 continue;
2501
2502 conn->sent -= count;
2503
2504 switch (conn->type) {
2505 case ACL_LINK:
2506 hdev->acl_cnt += count;
2507 if (hdev->acl_cnt > hdev->acl_pkts)
2508 hdev->acl_cnt = hdev->acl_pkts;
2509 break;
2510
2511 case LE_LINK:
2512 if (hdev->le_pkts) {
2513 hdev->le_cnt += count;
2514 if (hdev->le_cnt > hdev->le_pkts)
2515 hdev->le_cnt = hdev->le_pkts;
2516 } else {
2517 hdev->acl_cnt += count;
2518 if (hdev->acl_cnt > hdev->acl_pkts)
2519 hdev->acl_cnt = hdev->acl_pkts;
2520 }
2521 break;
2522
2523 case SCO_LINK:
2524 hdev->sco_cnt += count;
2525 if (hdev->sco_cnt > hdev->sco_pkts)
2526 hdev->sco_cnt = hdev->sco_pkts;
2527 break;
2528
2529 default:
2530 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2531 break;
2532 }
2533 }
2534
2535 queue_work(hdev->workqueue, &hdev->tx_work);
2536 }
2537
2538 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2539 __u16 handle)
2540 {
2541 struct hci_chan *chan;
2542
2543 switch (hdev->dev_type) {
2544 case HCI_BREDR:
2545 return hci_conn_hash_lookup_handle(hdev, handle);
2546 case HCI_AMP:
2547 chan = hci_chan_lookup_handle(hdev, handle);
2548 if (chan)
2549 return chan->conn;
2550 break;
2551 default:
2552 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2553 break;
2554 }
2555
2556 return NULL;
2557 }
2558
2559 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2560 {
2561 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2562 int i;
2563
2564 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2565 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2566 return;
2567 }
2568
2569 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2570 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2571 BT_DBG("%s bad parameters", hdev->name);
2572 return;
2573 }
2574
2575 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2576 ev->num_hndl);
2577
2578 for (i = 0; i < ev->num_hndl; i++) {
2579 struct hci_comp_blocks_info *info = &ev->handles[i];
2580 struct hci_conn *conn = NULL;
2581 __u16 handle, block_count;
2582
2583 handle = __le16_to_cpu(info->handle);
2584 block_count = __le16_to_cpu(info->blocks);
2585
2586 conn = __hci_conn_lookup_handle(hdev, handle);
2587 if (!conn)
2588 continue;
2589
2590 conn->sent -= block_count;
2591
2592 switch (conn->type) {
2593 case ACL_LINK:
2594 case AMP_LINK:
2595 hdev->block_cnt += block_count;
2596 if (hdev->block_cnt > hdev->num_blocks)
2597 hdev->block_cnt = hdev->num_blocks;
2598 break;
2599
2600 default:
2601 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2602 break;
2603 }
2604 }
2605
2606 queue_work(hdev->workqueue, &hdev->tx_work);
2607 }
2608
2609 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2610 {
2611 struct hci_ev_mode_change *ev = (void *) skb->data;
2612 struct hci_conn *conn;
2613
2614 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2615
2616 hci_dev_lock(hdev);
2617
2618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2619 if (conn) {
2620 conn->mode = ev->mode;
2621 conn->interval = __le16_to_cpu(ev->interval);
2622
2623 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2624 &conn->flags)) {
2625 if (conn->mode == HCI_CM_ACTIVE)
2626 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2627 else
2628 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2629 }
2630
2631 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2632 hci_sco_setup(conn, ev->status);
2633 }
2634
2635 hci_dev_unlock(hdev);
2636 }
2637
2638 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2639 {
2640 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2642
2643 BT_DBG("%s", hdev->name);
2644
2645 hci_dev_lock(hdev);
2646
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2648 if (!conn)
2649 goto unlock;
2650
2651 if (conn->state == BT_CONNECTED) {
2652 hci_conn_hold(conn);
2653 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2654 hci_conn_drop(conn);
2655 }
2656
2657 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2658 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(ev->bdaddr), &ev->bdaddr);
2660 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2661 u8 secure;
2662
2663 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2664 secure = 1;
2665 else
2666 secure = 0;
2667
2668 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2669 }
2670
2671 unlock:
2672 hci_dev_unlock(hdev);
2673 }
2674
2675 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2676 {
2677 struct hci_ev_link_key_req *ev = (void *) skb->data;
2678 struct hci_cp_link_key_reply cp;
2679 struct hci_conn *conn;
2680 struct link_key *key;
2681
2682 BT_DBG("%s", hdev->name);
2683
2684 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2685 return;
2686
2687 hci_dev_lock(hdev);
2688
2689 key = hci_find_link_key(hdev, &ev->bdaddr);
2690 if (!key) {
2691 BT_DBG("%s link key not found for %pMR", hdev->name,
2692 &ev->bdaddr);
2693 goto not_found;
2694 }
2695
2696 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2697 &ev->bdaddr);
2698
2699 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2700 key->type == HCI_LK_DEBUG_COMBINATION) {
2701 BT_DBG("%s ignoring debug key", hdev->name);
2702 goto not_found;
2703 }
2704
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2706 if (conn) {
2707 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2708 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2709 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2710 goto not_found;
2711 }
2712
2713 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2714 conn->pending_sec_level == BT_SECURITY_HIGH) {
2715 BT_DBG("%s ignoring key unauthenticated for high security",
2716 hdev->name);
2717 goto not_found;
2718 }
2719
2720 conn->key_type = key->type;
2721 conn->pin_length = key->pin_len;
2722 }
2723
2724 bacpy(&cp.bdaddr, &ev->bdaddr);
2725 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2726
2727 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2728
2729 hci_dev_unlock(hdev);
2730
2731 return;
2732
2733 not_found:
2734 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2735 hci_dev_unlock(hdev);
2736 }
2737
2738 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2739 {
2740 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2741 struct hci_conn *conn;
2742 u8 pin_len = 0;
2743
2744 BT_DBG("%s", hdev->name);
2745
2746 hci_dev_lock(hdev);
2747
2748 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2749 if (conn) {
2750 hci_conn_hold(conn);
2751 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2752 pin_len = conn->pin_length;
2753
2754 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2755 conn->key_type = ev->key_type;
2756
2757 hci_conn_drop(conn);
2758 }
2759
2760 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2761 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2762 ev->key_type, pin_len);
2763
2764 hci_dev_unlock(hdev);
2765 }
2766
2767 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2768 {
2769 struct hci_ev_clock_offset *ev = (void *) skb->data;
2770 struct hci_conn *conn;
2771
2772 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2773
2774 hci_dev_lock(hdev);
2775
2776 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2777 if (conn && !ev->status) {
2778 struct inquiry_entry *ie;
2779
2780 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2781 if (ie) {
2782 ie->data.clock_offset = ev->clock_offset;
2783 ie->timestamp = jiffies;
2784 }
2785 }
2786
2787 hci_dev_unlock(hdev);
2788 }
2789
2790 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2791 {
2792 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2793 struct hci_conn *conn;
2794
2795 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2796
2797 hci_dev_lock(hdev);
2798
2799 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2800 if (conn && !ev->status)
2801 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2802
2803 hci_dev_unlock(hdev);
2804 }
2805
2806 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2807 {
2808 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2809 struct inquiry_entry *ie;
2810
2811 BT_DBG("%s", hdev->name);
2812
2813 hci_dev_lock(hdev);
2814
2815 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2816 if (ie) {
2817 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2818 ie->timestamp = jiffies;
2819 }
2820
2821 hci_dev_unlock(hdev);
2822 }
2823
2824 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2825 struct sk_buff *skb)
2826 {
2827 struct inquiry_data data;
2828 int num_rsp = *((__u8 *) skb->data);
2829 bool name_known, ssp;
2830
2831 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2832
2833 if (!num_rsp)
2834 return;
2835
2836 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2837 return;
2838
2839 hci_dev_lock(hdev);
2840
2841 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2842 struct inquiry_info_with_rssi_and_pscan_mode *info;
2843 info = (void *) (skb->data + 1);
2844
2845 for (; num_rsp; num_rsp--, info++) {
2846 bacpy(&data.bdaddr, &info->bdaddr);
2847 data.pscan_rep_mode = info->pscan_rep_mode;
2848 data.pscan_period_mode = info->pscan_period_mode;
2849 data.pscan_mode = info->pscan_mode;
2850 memcpy(data.dev_class, info->dev_class, 3);
2851 data.clock_offset = info->clock_offset;
2852 data.rssi = info->rssi;
2853 data.ssp_mode = 0x00;
2854
2855 name_known = hci_inquiry_cache_update(hdev, &data,
2856 false, &ssp);
2857 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2858 info->dev_class, info->rssi,
2859 !name_known, ssp, NULL, 0);
2860 }
2861 } else {
2862 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2863
2864 for (; num_rsp; num_rsp--, info++) {
2865 bacpy(&data.bdaddr, &info->bdaddr);
2866 data.pscan_rep_mode = info->pscan_rep_mode;
2867 data.pscan_period_mode = info->pscan_period_mode;
2868 data.pscan_mode = 0x00;
2869 memcpy(data.dev_class, info->dev_class, 3);
2870 data.clock_offset = info->clock_offset;
2871 data.rssi = info->rssi;
2872 data.ssp_mode = 0x00;
2873 name_known = hci_inquiry_cache_update(hdev, &data,
2874 false, &ssp);
2875 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2876 info->dev_class, info->rssi,
2877 !name_known, ssp, NULL, 0);
2878 }
2879 }
2880
2881 hci_dev_unlock(hdev);
2882 }
2883
2884 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2885 struct sk_buff *skb)
2886 {
2887 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2888 struct hci_conn *conn;
2889
2890 BT_DBG("%s", hdev->name);
2891
2892 hci_dev_lock(hdev);
2893
2894 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2895 if (!conn)
2896 goto unlock;
2897
2898 if (ev->page < HCI_MAX_PAGES)
2899 memcpy(conn->features[ev->page], ev->features, 8);
2900
2901 if (!ev->status && ev->page == 0x01) {
2902 struct inquiry_entry *ie;
2903
2904 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2905 if (ie)
2906 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2907
2908 if (ev->features[0] & LMP_HOST_SSP) {
2909 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2910 } else {
2911 /* It is mandatory by the Bluetooth specification that
2912 * Extended Inquiry Results are only used when Secure
2913 * Simple Pairing is enabled, but some devices violate
2914 * this.
2915 *
2916 * To make these devices work, the internal SSP
2917 * enabled flag needs to be cleared if the remote host
2918 * features do not indicate SSP support */
2919 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2920 }
2921 }
2922
2923 if (conn->state != BT_CONFIG)
2924 goto unlock;
2925
2926 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2927 struct hci_cp_remote_name_req cp;
2928 memset(&cp, 0, sizeof(cp));
2929 bacpy(&cp.bdaddr, &conn->dst);
2930 cp.pscan_rep_mode = 0x02;
2931 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2932 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2933 mgmt_device_connected(hdev, &conn->dst, conn->type,
2934 conn->dst_type, 0, NULL, 0,
2935 conn->dev_class);
2936
2937 if (!hci_outgoing_auth_needed(hdev, conn)) {
2938 conn->state = BT_CONNECTED;
2939 hci_proto_connect_cfm(conn, ev->status);
2940 hci_conn_drop(conn);
2941 }
2942
2943 unlock:
2944 hci_dev_unlock(hdev);
2945 }
2946
2947 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2948 struct sk_buff *skb)
2949 {
2950 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2951 struct hci_conn *conn;
2952
2953 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2954
2955 hci_dev_lock(hdev);
2956
2957 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2958 if (!conn) {
2959 if (ev->link_type == ESCO_LINK)
2960 goto unlock;
2961
2962 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2963 if (!conn)
2964 goto unlock;
2965
2966 conn->type = SCO_LINK;
2967 }
2968
2969 switch (ev->status) {
2970 case 0x00:
2971 conn->handle = __le16_to_cpu(ev->handle);
2972 conn->state = BT_CONNECTED;
2973
2974 hci_conn_add_sysfs(conn);
2975 break;
2976
2977 case 0x10: /* Connection Accept Timeout */
2978 case 0x11: /* Unsupported Feature or Parameter Value */
2979 case 0x1c: /* SCO interval rejected */
2980 case 0x1a: /* Unsupported Remote Feature */
2981 case 0x1f: /* Unspecified error */
2982 if (conn->out && conn->attempt < 2) {
2983 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2984 (hdev->esco_type & EDR_ESCO_MASK);
2985 hci_setup_sync(conn, conn->link->handle);
2986 goto unlock;
2987 }
2988 /* fall through */
2989
2990 default:
2991 conn->state = BT_CLOSED;
2992 break;
2993 }
2994
2995 hci_proto_connect_cfm(conn, ev->status);
2996 if (ev->status)
2997 hci_conn_del(conn);
2998
2999 unlock:
3000 hci_dev_unlock(hdev);
3001 }
3002
3003 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3004 struct sk_buff *skb)
3005 {
3006 struct inquiry_data data;
3007 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3008 int num_rsp = *((__u8 *) skb->data);
3009 size_t eir_len;
3010
3011 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3012
3013 if (!num_rsp)
3014 return;
3015
3016 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3017 return;
3018
3019 hci_dev_lock(hdev);
3020
3021 for (; num_rsp; num_rsp--, info++) {
3022 bool name_known, ssp;
3023
3024 bacpy(&data.bdaddr, &info->bdaddr);
3025 data.pscan_rep_mode = info->pscan_rep_mode;
3026 data.pscan_period_mode = info->pscan_period_mode;
3027 data.pscan_mode = 0x00;
3028 memcpy(data.dev_class, info->dev_class, 3);
3029 data.clock_offset = info->clock_offset;
3030 data.rssi = info->rssi;
3031 data.ssp_mode = 0x01;
3032
3033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3034 name_known = eir_has_data_type(info->data,
3035 sizeof(info->data),
3036 EIR_NAME_COMPLETE);
3037 else
3038 name_known = true;
3039
3040 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3041 &ssp);
3042 eir_len = eir_get_length(info->data, sizeof(info->data));
3043 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3044 info->dev_class, info->rssi, !name_known,
3045 ssp, info->data, eir_len);
3046 }
3047
3048 hci_dev_unlock(hdev);
3049 }
3050
3051 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3052 struct sk_buff *skb)
3053 {
3054 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3055 struct hci_conn *conn;
3056
3057 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3058 __le16_to_cpu(ev->handle));
3059
3060 hci_dev_lock(hdev);
3061
3062 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3063 if (!conn)
3064 goto unlock;
3065
3066 /* For BR/EDR the necessary steps are taken through the
3067 * auth_complete event.
3068 */
3069 if (conn->type != LE_LINK)
3070 goto unlock;
3071
3072 if (!ev->status)
3073 conn->sec_level = conn->pending_sec_level;
3074
3075 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3076
3077 if (ev->status && conn->state == BT_CONNECTED) {
3078 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3079 hci_conn_drop(conn);
3080 goto unlock;
3081 }
3082
3083 if (conn->state == BT_CONFIG) {
3084 if (!ev->status)
3085 conn->state = BT_CONNECTED;
3086
3087 hci_proto_connect_cfm(conn, ev->status);
3088 hci_conn_drop(conn);
3089 } else {
3090 hci_auth_cfm(conn, ev->status);
3091
3092 hci_conn_hold(conn);
3093 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3094 hci_conn_drop(conn);
3095 }
3096
3097 unlock:
3098 hci_dev_unlock(hdev);
3099 }
3100
3101 static u8 hci_get_auth_req(struct hci_conn *conn)
3102 {
3103 /* If remote requests dedicated bonding follow that lead */
3104 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3105 /* If both remote and local IO capabilities allow MITM
3106 * protection then require it, otherwise don't */
3107 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3108 return 0x02;
3109 else
3110 return 0x03;
3111 }
3112
3113 /* If remote requests no-bonding follow that lead */
3114 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3115 return conn->remote_auth | (conn->auth_type & 0x01);
3116
3117 return conn->auth_type;
3118 }
3119
3120 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3121 {
3122 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3123 struct hci_conn *conn;
3124
3125 BT_DBG("%s", hdev->name);
3126
3127 hci_dev_lock(hdev);
3128
3129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3130 if (!conn)
3131 goto unlock;
3132
3133 hci_conn_hold(conn);
3134
3135 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3136 goto unlock;
3137
3138 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3139 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3140 struct hci_cp_io_capability_reply cp;
3141
3142 bacpy(&cp.bdaddr, &ev->bdaddr);
3143 /* Change the IO capability from KeyboardDisplay
3144 * to DisplayYesNo as it is not supported by BT spec. */
3145 cp.capability = (conn->io_capability == 0x04) ?
3146 0x01 : conn->io_capability;
3147 conn->auth_type = hci_get_auth_req(conn);
3148 cp.authentication = conn->auth_type;
3149
3150 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3151 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3152 cp.oob_data = 0x01;
3153 else
3154 cp.oob_data = 0x00;
3155
3156 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3157 sizeof(cp), &cp);
3158 } else {
3159 struct hci_cp_io_capability_neg_reply cp;
3160
3161 bacpy(&cp.bdaddr, &ev->bdaddr);
3162 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3163
3164 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3165 sizeof(cp), &cp);
3166 }
3167
3168 unlock:
3169 hci_dev_unlock(hdev);
3170 }
3171
3172 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3173 {
3174 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s", hdev->name);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3182 if (!conn)
3183 goto unlock;
3184
3185 conn->remote_cap = ev->capability;
3186 conn->remote_auth = ev->authentication;
3187 if (ev->oob_data)
3188 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3189
3190 unlock:
3191 hci_dev_unlock(hdev);
3192 }
3193
3194 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3195 struct sk_buff *skb)
3196 {
3197 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3198 int loc_mitm, rem_mitm, confirm_hint = 0;
3199 struct hci_conn *conn;
3200
3201 BT_DBG("%s", hdev->name);
3202
3203 hci_dev_lock(hdev);
3204
3205 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3206 goto unlock;
3207
3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3209 if (!conn)
3210 goto unlock;
3211
3212 loc_mitm = (conn->auth_type & 0x01);
3213 rem_mitm = (conn->remote_auth & 0x01);
3214
3215 /* If we require MITM but the remote device can't provide that
3216 * (it has NoInputNoOutput) then reject the confirmation
3217 * request. The only exception is when we're dedicated bonding
3218 * initiators (connect_cfm_cb set) since then we always have the MITM
3219 * bit set. */
3220 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3221 BT_DBG("Rejecting request: remote device can't provide MITM");
3222 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3223 sizeof(ev->bdaddr), &ev->bdaddr);
3224 goto unlock;
3225 }
3226
3227 /* If no side requires MITM protection; auto-accept */
3228 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3229 (!rem_mitm || conn->io_capability == 0x03)) {
3230
3231 /* If we're not the initiators request authorization to
3232 * proceed from user space (mgmt_user_confirm with
3233 * confirm_hint set to 1). The exception is if neither
3234 * side had MITM in which case we do auto-accept.
3235 */
3236 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3237 (loc_mitm || rem_mitm)) {
3238 BT_DBG("Confirming auto-accept as acceptor");
3239 confirm_hint = 1;
3240 goto confirm;
3241 }
3242
3243 BT_DBG("Auto-accept of user confirmation with %ums delay",
3244 hdev->auto_accept_delay);
3245
3246 if (hdev->auto_accept_delay > 0) {
3247 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3248 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3249 goto unlock;
3250 }
3251
3252 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3253 sizeof(ev->bdaddr), &ev->bdaddr);
3254 goto unlock;
3255 }
3256
3257 confirm:
3258 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3259 confirm_hint);
3260
3261 unlock:
3262 hci_dev_unlock(hdev);
3263 }
3264
3265 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3266 struct sk_buff *skb)
3267 {
3268 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3269
3270 BT_DBG("%s", hdev->name);
3271
3272 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3273 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3274 }
3275
3276 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3277 struct sk_buff *skb)
3278 {
3279 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3280 struct hci_conn *conn;
3281
3282 BT_DBG("%s", hdev->name);
3283
3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3285 if (!conn)
3286 return;
3287
3288 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3289 conn->passkey_entered = 0;
3290
3291 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3292 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3293 conn->dst_type, conn->passkey_notify,
3294 conn->passkey_entered);
3295 }
3296
3297 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3298 {
3299 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3300 struct hci_conn *conn;
3301
3302 BT_DBG("%s", hdev->name);
3303
3304 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3305 if (!conn)
3306 return;
3307
3308 switch (ev->type) {
3309 case HCI_KEYPRESS_STARTED:
3310 conn->passkey_entered = 0;
3311 return;
3312
3313 case HCI_KEYPRESS_ENTERED:
3314 conn->passkey_entered++;
3315 break;
3316
3317 case HCI_KEYPRESS_ERASED:
3318 conn->passkey_entered--;
3319 break;
3320
3321 case HCI_KEYPRESS_CLEARED:
3322 conn->passkey_entered = 0;
3323 break;
3324
3325 case HCI_KEYPRESS_COMPLETED:
3326 return;
3327 }
3328
3329 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3330 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3331 conn->dst_type, conn->passkey_notify,
3332 conn->passkey_entered);
3333 }
3334
3335 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3336 struct sk_buff *skb)
3337 {
3338 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3339 struct hci_conn *conn;
3340
3341 BT_DBG("%s", hdev->name);
3342
3343 hci_dev_lock(hdev);
3344
3345 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3346 if (!conn)
3347 goto unlock;
3348
3349 /* To avoid duplicate auth_failed events to user space we check
3350 * the HCI_CONN_AUTH_PEND flag which will be set if we
3351 * initiated the authentication. A traditional auth_complete
3352 * event gets always produced as initiator and is also mapped to
3353 * the mgmt_auth_failed event */
3354 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3355 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3356 ev->status);
3357
3358 hci_conn_drop(conn);
3359
3360 unlock:
3361 hci_dev_unlock(hdev);
3362 }
3363
3364 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3365 struct sk_buff *skb)
3366 {
3367 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3368 struct inquiry_entry *ie;
3369 struct hci_conn *conn;
3370
3371 BT_DBG("%s", hdev->name);
3372
3373 hci_dev_lock(hdev);
3374
3375 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3376 if (conn)
3377 memcpy(conn->features[1], ev->features, 8);
3378
3379 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3380 if (ie)
3381 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3382
3383 hci_dev_unlock(hdev);
3384 }
3385
3386 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
3388 {
3389 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3390 struct oob_data *data;
3391
3392 BT_DBG("%s", hdev->name);
3393
3394 hci_dev_lock(hdev);
3395
3396 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3397 goto unlock;
3398
3399 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3400 if (data) {
3401 struct hci_cp_remote_oob_data_reply cp;
3402
3403 bacpy(&cp.bdaddr, &ev->bdaddr);
3404 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3405 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3406
3407 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3408 &cp);
3409 } else {
3410 struct hci_cp_remote_oob_data_neg_reply cp;
3411
3412 bacpy(&cp.bdaddr, &ev->bdaddr);
3413 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3414 &cp);
3415 }
3416
3417 unlock:
3418 hci_dev_unlock(hdev);
3419 }
3420
3421 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3422 struct sk_buff *skb)
3423 {
3424 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3425 struct hci_conn *hcon, *bredr_hcon;
3426
3427 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3428 ev->status);
3429
3430 hci_dev_lock(hdev);
3431
3432 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3433 if (!hcon) {
3434 hci_dev_unlock(hdev);
3435 return;
3436 }
3437
3438 if (ev->status) {
3439 hci_conn_del(hcon);
3440 hci_dev_unlock(hdev);
3441 return;
3442 }
3443
3444 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3445
3446 hcon->state = BT_CONNECTED;
3447 bacpy(&hcon->dst, &bredr_hcon->dst);
3448
3449 hci_conn_hold(hcon);
3450 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3451 hci_conn_drop(hcon);
3452
3453 hci_conn_add_sysfs(hcon);
3454
3455 amp_physical_cfm(bredr_hcon, hcon);
3456
3457 hci_dev_unlock(hdev);
3458 }
3459
3460 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3461 {
3462 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3463 struct hci_conn *hcon;
3464 struct hci_chan *hchan;
3465 struct amp_mgr *mgr;
3466
3467 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3468 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3469 ev->status);
3470
3471 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3472 if (!hcon)
3473 return;
3474
3475 /* Create AMP hchan */
3476 hchan = hci_chan_create(hcon);
3477 if (!hchan)
3478 return;
3479
3480 hchan->handle = le16_to_cpu(ev->handle);
3481
3482 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3483
3484 mgr = hcon->amp_mgr;
3485 if (mgr && mgr->bredr_chan) {
3486 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3487
3488 l2cap_chan_lock(bredr_chan);
3489
3490 bredr_chan->conn->mtu = hdev->block_mtu;
3491 l2cap_logical_cfm(bredr_chan, hchan, 0);
3492 hci_conn_hold(hcon);
3493
3494 l2cap_chan_unlock(bredr_chan);
3495 }
3496 }
3497
3498 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3499 struct sk_buff *skb)
3500 {
3501 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3502 struct hci_chan *hchan;
3503
3504 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3505 le16_to_cpu(ev->handle), ev->status);
3506
3507 if (ev->status)
3508 return;
3509
3510 hci_dev_lock(hdev);
3511
3512 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3513 if (!hchan)
3514 goto unlock;
3515
3516 amp_destroy_logical_link(hchan, ev->reason);
3517
3518 unlock:
3519 hci_dev_unlock(hdev);
3520 }
3521
3522 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3523 struct sk_buff *skb)
3524 {
3525 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3526 struct hci_conn *hcon;
3527
3528 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3529
3530 if (ev->status)
3531 return;
3532
3533 hci_dev_lock(hdev);
3534
3535 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3536 if (hcon) {
3537 hcon->state = BT_CLOSED;
3538 hci_conn_del(hcon);
3539 }
3540
3541 hci_dev_unlock(hdev);
3542 }
3543
3544 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3545 {
3546 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3547 struct hci_conn *conn;
3548
3549 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3550
3551 hci_dev_lock(hdev);
3552
3553 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3554 if (!conn) {
3555 conn = hci_conn_add(hdev, LE_LINK, 0, &ev->bdaddr);
3556 if (!conn) {
3557 BT_ERR("No memory for new connection");
3558 goto unlock;
3559 }
3560
3561 conn->dst_type = ev->bdaddr_type;
3562
3563 if (ev->role == LE_CONN_ROLE_MASTER) {
3564 conn->out = true;
3565 conn->link_mode |= HCI_LM_MASTER;
3566 }
3567 }
3568
3569 if (ev->status) {
3570 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3571 conn->dst_type, ev->status);
3572 hci_proto_connect_cfm(conn, ev->status);
3573 conn->state = BT_CLOSED;
3574 hci_conn_del(conn);
3575 goto unlock;
3576 }
3577
3578 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3579 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3580 conn->dst_type, 0, NULL, 0, NULL);
3581
3582 conn->sec_level = BT_SECURITY_LOW;
3583 conn->handle = __le16_to_cpu(ev->handle);
3584 conn->state = BT_CONNECTED;
3585
3586 hci_conn_add_sysfs(conn);
3587
3588 hci_proto_connect_cfm(conn, ev->status);
3589
3590 unlock:
3591 hci_dev_unlock(hdev);
3592 }
3593
3594 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3595 {
3596 u8 num_reports = skb->data[0];
3597 void *ptr = &skb->data[1];
3598 s8 rssi;
3599
3600 while (num_reports--) {
3601 struct hci_ev_le_advertising_info *ev = ptr;
3602
3603 rssi = ev->data[ev->length];
3604 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3605 NULL, rssi, 0, 1, ev->data, ev->length);
3606
3607 ptr += sizeof(*ev) + ev->length + 1;
3608 }
3609 }
3610
3611 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3612 {
3613 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3614 struct hci_cp_le_ltk_reply cp;
3615 struct hci_cp_le_ltk_neg_reply neg;
3616 struct hci_conn *conn;
3617 struct smp_ltk *ltk;
3618
3619 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3620
3621 hci_dev_lock(hdev);
3622
3623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3624 if (conn == NULL)
3625 goto not_found;
3626
3627 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3628 if (ltk == NULL)
3629 goto not_found;
3630
3631 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3632 cp.handle = cpu_to_le16(conn->handle);
3633
3634 if (ltk->authenticated)
3635 conn->pending_sec_level = BT_SECURITY_HIGH;
3636 else
3637 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3638
3639 conn->enc_key_size = ltk->enc_size;
3640
3641 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3642
3643 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
3644 * temporary key used to encrypt a connection following
3645 * pairing. It is used during the Encrypted Session Setup to
3646 * distribute the keys. Later, security can be re-established
3647 * using a distributed LTK.
3648 */
3649 if (ltk->type == HCI_SMP_STK_SLAVE) {
3650 list_del(&ltk->list);
3651 kfree(ltk);
3652 }
3653
3654 hci_dev_unlock(hdev);
3655
3656 return;
3657
3658 not_found:
3659 neg.handle = ev->handle;
3660 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3661 hci_dev_unlock(hdev);
3662 }
3663
3664 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3665 {
3666 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3667
3668 skb_pull(skb, sizeof(*le_ev));
3669
3670 switch (le_ev->subevent) {
3671 case HCI_EV_LE_CONN_COMPLETE:
3672 hci_le_conn_complete_evt(hdev, skb);
3673 break;
3674
3675 case HCI_EV_LE_ADVERTISING_REPORT:
3676 hci_le_adv_report_evt(hdev, skb);
3677 break;
3678
3679 case HCI_EV_LE_LTK_REQ:
3680 hci_le_ltk_request_evt(hdev, skb);
3681 break;
3682
3683 default:
3684 break;
3685 }
3686 }
3687
3688 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3689 {
3690 struct hci_ev_channel_selected *ev = (void *) skb->data;
3691 struct hci_conn *hcon;
3692
3693 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3694
3695 skb_pull(skb, sizeof(*ev));
3696
3697 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3698 if (!hcon)
3699 return;
3700
3701 amp_read_loc_assoc_final_data(hdev, hcon);
3702 }
3703
3704 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3705 {
3706 struct hci_event_hdr *hdr = (void *) skb->data;
3707 __u8 event = hdr->evt;
3708
3709 hci_dev_lock(hdev);
3710
3711 /* Received events are (currently) only needed when a request is
3712 * ongoing so avoid unnecessary memory allocation.
3713 */
3714 if (hdev->req_status == HCI_REQ_PEND) {
3715 kfree_skb(hdev->recv_evt);
3716 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3717 }
3718
3719 hci_dev_unlock(hdev);
3720
3721 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3722
3723 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3724 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3725 u16 opcode = __le16_to_cpu(hdr->opcode);
3726
3727 hci_req_cmd_complete(hdev, opcode, 0);
3728 }
3729
3730 switch (event) {
3731 case HCI_EV_INQUIRY_COMPLETE:
3732 hci_inquiry_complete_evt(hdev, skb);
3733 break;
3734
3735 case HCI_EV_INQUIRY_RESULT:
3736 hci_inquiry_result_evt(hdev, skb);
3737 break;
3738
3739 case HCI_EV_CONN_COMPLETE:
3740 hci_conn_complete_evt(hdev, skb);
3741 break;
3742
3743 case HCI_EV_CONN_REQUEST:
3744 hci_conn_request_evt(hdev, skb);
3745 break;
3746
3747 case HCI_EV_DISCONN_COMPLETE:
3748 hci_disconn_complete_evt(hdev, skb);
3749 break;
3750
3751 case HCI_EV_AUTH_COMPLETE:
3752 hci_auth_complete_evt(hdev, skb);
3753 break;
3754
3755 case HCI_EV_REMOTE_NAME:
3756 hci_remote_name_evt(hdev, skb);
3757 break;
3758
3759 case HCI_EV_ENCRYPT_CHANGE:
3760 hci_encrypt_change_evt(hdev, skb);
3761 break;
3762
3763 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3764 hci_change_link_key_complete_evt(hdev, skb);
3765 break;
3766
3767 case HCI_EV_REMOTE_FEATURES:
3768 hci_remote_features_evt(hdev, skb);
3769 break;
3770
3771 case HCI_EV_CMD_COMPLETE:
3772 hci_cmd_complete_evt(hdev, skb);
3773 break;
3774
3775 case HCI_EV_CMD_STATUS:
3776 hci_cmd_status_evt(hdev, skb);
3777 break;
3778
3779 case HCI_EV_ROLE_CHANGE:
3780 hci_role_change_evt(hdev, skb);
3781 break;
3782
3783 case HCI_EV_NUM_COMP_PKTS:
3784 hci_num_comp_pkts_evt(hdev, skb);
3785 break;
3786
3787 case HCI_EV_MODE_CHANGE:
3788 hci_mode_change_evt(hdev, skb);
3789 break;
3790
3791 case HCI_EV_PIN_CODE_REQ:
3792 hci_pin_code_request_evt(hdev, skb);
3793 break;
3794
3795 case HCI_EV_LINK_KEY_REQ:
3796 hci_link_key_request_evt(hdev, skb);
3797 break;
3798
3799 case HCI_EV_LINK_KEY_NOTIFY:
3800 hci_link_key_notify_evt(hdev, skb);
3801 break;
3802
3803 case HCI_EV_CLOCK_OFFSET:
3804 hci_clock_offset_evt(hdev, skb);
3805 break;
3806
3807 case HCI_EV_PKT_TYPE_CHANGE:
3808 hci_pkt_type_change_evt(hdev, skb);
3809 break;
3810
3811 case HCI_EV_PSCAN_REP_MODE:
3812 hci_pscan_rep_mode_evt(hdev, skb);
3813 break;
3814
3815 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3816 hci_inquiry_result_with_rssi_evt(hdev, skb);
3817 break;
3818
3819 case HCI_EV_REMOTE_EXT_FEATURES:
3820 hci_remote_ext_features_evt(hdev, skb);
3821 break;
3822
3823 case HCI_EV_SYNC_CONN_COMPLETE:
3824 hci_sync_conn_complete_evt(hdev, skb);
3825 break;
3826
3827 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3828 hci_extended_inquiry_result_evt(hdev, skb);
3829 break;
3830
3831 case HCI_EV_KEY_REFRESH_COMPLETE:
3832 hci_key_refresh_complete_evt(hdev, skb);
3833 break;
3834
3835 case HCI_EV_IO_CAPA_REQUEST:
3836 hci_io_capa_request_evt(hdev, skb);
3837 break;
3838
3839 case HCI_EV_IO_CAPA_REPLY:
3840 hci_io_capa_reply_evt(hdev, skb);
3841 break;
3842
3843 case HCI_EV_USER_CONFIRM_REQUEST:
3844 hci_user_confirm_request_evt(hdev, skb);
3845 break;
3846
3847 case HCI_EV_USER_PASSKEY_REQUEST:
3848 hci_user_passkey_request_evt(hdev, skb);
3849 break;
3850
3851 case HCI_EV_USER_PASSKEY_NOTIFY:
3852 hci_user_passkey_notify_evt(hdev, skb);
3853 break;
3854
3855 case HCI_EV_KEYPRESS_NOTIFY:
3856 hci_keypress_notify_evt(hdev, skb);
3857 break;
3858
3859 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3860 hci_simple_pair_complete_evt(hdev, skb);
3861 break;
3862
3863 case HCI_EV_REMOTE_HOST_FEATURES:
3864 hci_remote_host_features_evt(hdev, skb);
3865 break;
3866
3867 case HCI_EV_LE_META:
3868 hci_le_meta_evt(hdev, skb);
3869 break;
3870
3871 case HCI_EV_CHANNEL_SELECTED:
3872 hci_chan_selected_evt(hdev, skb);
3873 break;
3874
3875 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3876 hci_remote_oob_data_request_evt(hdev, skb);
3877 break;
3878
3879 case HCI_EV_PHY_LINK_COMPLETE:
3880 hci_phy_link_complete_evt(hdev, skb);
3881 break;
3882
3883 case HCI_EV_LOGICAL_LINK_COMPLETE:
3884 hci_loglink_complete_evt(hdev, skb);
3885 break;
3886
3887 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3888 hci_disconn_loglink_complete_evt(hdev, skb);
3889 break;
3890
3891 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3892 hci_disconn_phylink_complete_evt(hdev, skb);
3893 break;
3894
3895 case HCI_EV_NUM_COMP_BLOCKS:
3896 hci_num_comp_blocks_evt(hdev, skb);
3897 break;
3898
3899 default:
3900 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3901 break;
3902 }
3903
3904 kfree_skb(skb);
3905 hdev->stat.evt_rx++;
3906 }
kernel source for telekom puls (alcatel/mediatek)