projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Use the updated key structures for handling LTKs
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 static bool enable_le;
49
50 /* Handle HCI Event packets */
51
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
53 {
54 __u8 status = *((__u8 *) skb->data);
55
56 BT_DBG("%s status 0x%x", hdev->name, status);
57
58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
62 return;
63 }
64
65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
67 hci_dev_lock(hdev);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
69 hci_dev_unlock(hdev);
70
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
72
73 hci_conn_check_pending(hdev);
74 }
75
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77 {
78 __u8 status = *((__u8 *) skb->data);
79
80 BT_DBG("%s status 0x%x", hdev->name, status);
81
82 if (status)
83 return;
84
85 hci_conn_check_pending(hdev);
86 }
87
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89 {
90 BT_DBG("%s", hdev->name);
91 }
92
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 {
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
111 }
112
113 hci_dev_unlock(hdev);
114 }
115
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 {
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133 }
134
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 {
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
139 void *sent;
140
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
149
150 hci_dev_lock(hdev);
151
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 if (conn)
154 conn->link_policy = get_unaligned_le16(sent + 2);
155
156 hci_dev_unlock(hdev);
157 }
158
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160 {
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169 }
170
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172 {
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
186 }
187
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 {
190 __u8 status = *((__u8 *) skb->data);
191
192 BT_DBG("%s status 0x%x", hdev->name, status);
193
194 clear_bit(HCI_RESET, &hdev->flags);
195
196 hci_req_complete(hdev, HCI_OP_RESET, status);
197
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
201 }
202
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204 {
205 __u8 status = *((__u8 *) skb->data);
206 void *sent;
207
208 BT_DBG("%s status 0x%x", hdev->name, status);
209
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
211 if (!sent)
212 return;
213
214 hci_dev_lock(hdev);
215
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
218
219 if (status == 0)
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
221
222 hci_dev_unlock(hdev);
223 }
224
225 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226 {
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
228
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
230
231 if (rp->status)
232 return;
233
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 }
236
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238 {
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
255 }
256
257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
258 }
259
260 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
261 {
262 __u8 status = *((__u8 *) skb->data);
263 void *sent;
264
265 BT_DBG("%s status 0x%x", hdev->name, status);
266
267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
268 if (!sent)
269 return;
270
271 if (!status) {
272 __u8 param = *((__u8 *) sent);
273
274 if (param)
275 set_bit(HCI_ENCRYPT, &hdev->flags);
276 else
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 }
279
280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
281 }
282
283 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284 {
285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
287 void *sent;
288
289 BT_DBG("%s status 0x%x", hdev->name, status);
290
291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
292 if (!sent)
293 return;
294
295 param = *((__u8 *) sent);
296
297 hci_dev_lock(hdev);
298
299 if (status != 0) {
300 mgmt_write_scan_failed(hdev, param, status);
301 hdev->discov_timeout = 0;
302 goto done;
303 }
304
305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
307
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
310 if (!old_iscan)
311 mgmt_discoverable(hdev, 1);
312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 to);
316 }
317 } else if (old_iscan)
318 mgmt_discoverable(hdev, 0);
319
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
322 if (!old_pscan)
323 mgmt_connectable(hdev, 1);
324 } else if (old_pscan)
325 mgmt_connectable(hdev, 0);
326
327 done:
328 hci_dev_unlock(hdev);
329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
330 }
331
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 {
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335
336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
337
338 if (rp->status)
339 return;
340
341 memcpy(hdev->dev_class, rp->dev_class, 3);
342
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 }
346
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 {
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
351
352 BT_DBG("%s status 0x%x", hdev->name, status);
353
354 if (status)
355 return;
356
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358 if (!sent)
359 return;
360
361 memcpy(hdev->dev_class, sent, 3);
362 }
363
364 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 {
366 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 __u16 setting;
368
369 BT_DBG("%s status 0x%x", hdev->name, rp->status);
370
371 if (rp->status)
372 return;
373
374 setting = __le16_to_cpu(rp->voice_setting);
375
376 if (hdev->voice_setting == setting)
377 return;
378
379 hdev->voice_setting = setting;
380
381 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382
383 if (hdev->notify)
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 }
386
387 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
388 {
389 __u8 status = *((__u8 *) skb->data);
390 __u16 setting;
391 void *sent;
392
393 BT_DBG("%s status 0x%x", hdev->name, status);
394
395 if (status)
396 return;
397
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
399 if (!sent)
400 return;
401
402 setting = get_unaligned_le16(sent);
403
404 if (hdev->voice_setting == setting)
405 return;
406
407 hdev->voice_setting = setting;
408
409 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
410
411 if (hdev->notify)
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 }
414
415 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
416 {
417 __u8 status = *((__u8 *) skb->data);
418
419 BT_DBG("%s status 0x%x", hdev->name, status);
420
421 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 }
423
424 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425 {
426 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
427
428 BT_DBG("%s status 0x%x", hdev->name, rp->status);
429
430 if (rp->status)
431 return;
432
433 if (rp->mode)
434 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
435 else
436 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
437 }
438
439 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440 {
441 __u8 status = *((__u8 *) skb->data);
442 void *sent;
443
444 BT_DBG("%s status 0x%x", hdev->name, status);
445
446 if (status)
447 return;
448
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
450 if (!sent)
451 return;
452
453 if (*((u8 *) sent))
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 else
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 }
458
459 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460 {
461 if (hdev->features[6] & LMP_EXT_INQ)
462 return 2;
463
464 if (hdev->features[3] & LMP_RSSI_INQ)
465 return 1;
466
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
469 return 1;
470
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
477 return 1;
478 }
479
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
482 return 1;
483
484 return 0;
485 }
486
487 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
488 {
489 u8 mode;
490
491 mode = hci_get_inquiry_mode(hdev);
492
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
494 }
495
496 static void hci_setup_event_mask(struct hci_dev *hdev)
497 {
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502
503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
506 return;
507
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
513
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
516
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
519
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
525
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
528
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
543 }
544
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
547
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
549 }
550
551 static void hci_set_le_support(struct hci_dev *hdev)
552 {
553 struct hci_cp_write_le_host_supported cp;
554
555 memset(&cp, 0, sizeof(cp));
556
557 if (enable_le) {
558 cp.le = 1;
559 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
560 }
561
562 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
563 }
564
565 static void hci_setup(struct hci_dev *hdev)
566 {
567 if (hdev->dev_type != HCI_BREDR)
568 return;
569
570 hci_setup_event_mask(hdev);
571
572 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
573 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
574
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
576 u8 mode = 0x01;
577 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
578 }
579
580 if (hdev->features[3] & LMP_RSSI_INQ)
581 hci_setup_inquiry_mode(hdev);
582
583 if (hdev->features[7] & LMP_INQ_TX_PWR)
584 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
585
586 if (hdev->features[7] & LMP_EXTFEATURES) {
587 struct hci_cp_read_local_ext_features cp;
588
589 cp.page = 0x01;
590 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
591 sizeof(cp), &cp);
592 }
593
594 if (hdev->features[4] & LMP_LE)
595 hci_set_le_support(hdev);
596 }
597
598 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
599 {
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
601
602 BT_DBG("%s status 0x%x", hdev->name, rp->status);
603
604 if (rp->status)
605 return;
606
607 hdev->hci_ver = rp->hci_ver;
608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
609 hdev->lmp_ver = rp->lmp_ver;
610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
612
613 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
614 hdev->manufacturer,
615 hdev->hci_ver, hdev->hci_rev);
616
617 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_setup(hdev);
619 }
620
621 static void hci_setup_link_policy(struct hci_dev *hdev)
622 {
623 u16 link_policy = 0;
624
625 if (hdev->features[0] & LMP_RSWITCH)
626 link_policy |= HCI_LP_RSWITCH;
627 if (hdev->features[0] & LMP_HOLD)
628 link_policy |= HCI_LP_HOLD;
629 if (hdev->features[0] & LMP_SNIFF)
630 link_policy |= HCI_LP_SNIFF;
631 if (hdev->features[1] & LMP_PARK)
632 link_policy |= HCI_LP_PARK;
633
634 link_policy = cpu_to_le16(link_policy);
635 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
636 sizeof(link_policy), &link_policy);
637 }
638
639 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
640 {
641 struct hci_rp_read_local_commands *rp = (void *) skb->data;
642
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
644
645 if (rp->status)
646 goto done;
647
648 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
649
650 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
651 hci_setup_link_policy(hdev);
652
653 done:
654 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
655 }
656
657 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
658 {
659 struct hci_rp_read_local_features *rp = (void *) skb->data;
660
661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
662
663 if (rp->status)
664 return;
665
666 memcpy(hdev->features, rp->features, 8);
667
668 /* Adjust default settings according to features
669 * supported by device. */
670
671 if (hdev->features[0] & LMP_3SLOT)
672 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
673
674 if (hdev->features[0] & LMP_5SLOT)
675 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
676
677 if (hdev->features[1] & LMP_HV2) {
678 hdev->pkt_type |= (HCI_HV2);
679 hdev->esco_type |= (ESCO_HV2);
680 }
681
682 if (hdev->features[1] & LMP_HV3) {
683 hdev->pkt_type |= (HCI_HV3);
684 hdev->esco_type |= (ESCO_HV3);
685 }
686
687 if (hdev->features[3] & LMP_ESCO)
688 hdev->esco_type |= (ESCO_EV3);
689
690 if (hdev->features[4] & LMP_EV4)
691 hdev->esco_type |= (ESCO_EV4);
692
693 if (hdev->features[4] & LMP_EV5)
694 hdev->esco_type |= (ESCO_EV5);
695
696 if (hdev->features[5] & LMP_EDR_ESCO_2M)
697 hdev->esco_type |= (ESCO_2EV3);
698
699 if (hdev->features[5] & LMP_EDR_ESCO_3M)
700 hdev->esco_type |= (ESCO_3EV3);
701
702 if (hdev->features[5] & LMP_EDR_3S_ESCO)
703 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
704
705 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
706 hdev->features[0], hdev->features[1],
707 hdev->features[2], hdev->features[3],
708 hdev->features[4], hdev->features[5],
709 hdev->features[6], hdev->features[7]);
710 }
711
712 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
713 struct sk_buff *skb)
714 {
715 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
716
717 BT_DBG("%s status 0x%x", hdev->name, rp->status);
718
719 if (rp->status)
720 return;
721
722 switch (rp->page) {
723 case 0:
724 memcpy(hdev->features, rp->features, 8);
725 break;
726 case 1:
727 memcpy(hdev->host_features, rp->features, 8);
728 break;
729 }
730
731 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
732 }
733
734 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
735 struct sk_buff *skb)
736 {
737 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
738
739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740
741 if (rp->status)
742 return;
743
744 hdev->flow_ctl_mode = rp->mode;
745
746 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
747 }
748
749 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
750 {
751 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
752
753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
754
755 if (rp->status)
756 return;
757
758 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
759 hdev->sco_mtu = rp->sco_mtu;
760 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
761 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
762
763 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
764 hdev->sco_mtu = 64;
765 hdev->sco_pkts = 8;
766 }
767
768 hdev->acl_cnt = hdev->acl_pkts;
769 hdev->sco_cnt = hdev->sco_pkts;
770
771 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
772 hdev->acl_mtu, hdev->acl_pkts,
773 hdev->sco_mtu, hdev->sco_pkts);
774 }
775
776 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
777 {
778 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
779
780 BT_DBG("%s status 0x%x", hdev->name, rp->status);
781
782 if (!rp->status)
783 bacpy(&hdev->bdaddr, &rp->bdaddr);
784
785 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
786 }
787
788 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
789 struct sk_buff *skb)
790 {
791 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
792
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
794
795 if (rp->status)
796 return;
797
798 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
799 hdev->block_len = __le16_to_cpu(rp->block_len);
800 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
801
802 hdev->block_cnt = hdev->num_blocks;
803
804 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
805 hdev->block_cnt, hdev->block_len);
806
807 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
808 }
809
810 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
811 {
812 __u8 status = *((__u8 *) skb->data);
813
814 BT_DBG("%s status 0x%x", hdev->name, status);
815
816 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
817 }
818
819 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
820 struct sk_buff *skb)
821 {
822 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
823
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
825
826 if (rp->status)
827 return;
828
829 hdev->amp_status = rp->amp_status;
830 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
831 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
832 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
833 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
834 hdev->amp_type = rp->amp_type;
835 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
836 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
837 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
838 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
839
840 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
841 }
842
843 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
844 struct sk_buff *skb)
845 {
846 __u8 status = *((__u8 *) skb->data);
847
848 BT_DBG("%s status 0x%x", hdev->name, status);
849
850 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
851 }
852
853 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
854 {
855 __u8 status = *((__u8 *) skb->data);
856
857 BT_DBG("%s status 0x%x", hdev->name, status);
858
859 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
860 }
861
862 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
863 struct sk_buff *skb)
864 {
865 __u8 status = *((__u8 *) skb->data);
866
867 BT_DBG("%s status 0x%x", hdev->name, status);
868
869 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
870 }
871
872 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
873 struct sk_buff *skb)
874 {
875 __u8 status = *((__u8 *) skb->data);
876
877 BT_DBG("%s status 0x%x", hdev->name, status);
878
879 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
880 }
881
882 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
883 {
884 __u8 status = *((__u8 *) skb->data);
885
886 BT_DBG("%s status 0x%x", hdev->name, status);
887
888 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
889 }
890
891 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
892 {
893 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
894 struct hci_cp_pin_code_reply *cp;
895 struct hci_conn *conn;
896
897 BT_DBG("%s status 0x%x", hdev->name, rp->status);
898
899 hci_dev_lock(hdev);
900
901 if (test_bit(HCI_MGMT, &hdev->dev_flags))
902 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
903
904 if (rp->status != 0)
905 goto unlock;
906
907 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
908 if (!cp)
909 goto unlock;
910
911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
912 if (conn)
913 conn->pin_length = cp->pin_len;
914
915 unlock:
916 hci_dev_unlock(hdev);
917 }
918
919 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
920 {
921 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
922
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
924
925 hci_dev_lock(hdev);
926
927 if (test_bit(HCI_MGMT, &hdev->dev_flags))
928 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
929 rp->status);
930
931 hci_dev_unlock(hdev);
932 }
933
934 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
935 struct sk_buff *skb)
936 {
937 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
938
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
940
941 if (rp->status)
942 return;
943
944 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
945 hdev->le_pkts = rp->le_max_pkt;
946
947 hdev->le_cnt = hdev->le_pkts;
948
949 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
950
951 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
952 }
953
954 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
955 {
956 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
957
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
959
960 hci_dev_lock(hdev);
961
962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
963 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
964 rp->status);
965
966 hci_dev_unlock(hdev);
967 }
968
969 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
970 struct sk_buff *skb)
971 {
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
975
976 hci_dev_lock(hdev);
977
978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
979 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
980 rp->status);
981
982 hci_dev_unlock(hdev);
983 }
984
985 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
986 {
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
988
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
990
991 hci_dev_lock(hdev);
992
993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
994 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
995 rp->status);
996
997 hci_dev_unlock(hdev);
998 }
999
1000 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1002 {
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1004
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1006
1007 hci_dev_lock(hdev);
1008
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1011 rp->status);
1012
1013 hci_dev_unlock(hdev);
1014 }
1015
1016 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1018 {
1019 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1020
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1022
1023 hci_dev_lock(hdev);
1024 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1025 rp->randomizer, rp->status);
1026 hci_dev_unlock(hdev);
1027 }
1028
1029 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1030 {
1031 __u8 status = *((__u8 *) skb->data);
1032
1033 BT_DBG("%s status 0x%x", hdev->name, status);
1034 }
1035
1036 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1038 {
1039 struct hci_cp_le_set_scan_enable *cp;
1040 __u8 status = *((__u8 *) skb->data);
1041
1042 BT_DBG("%s status 0x%x", hdev->name, status);
1043
1044 if (status)
1045 return;
1046
1047 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1048 if (!cp)
1049 return;
1050
1051 switch (cp->enable) {
1052 case LE_SCANNING_ENABLED:
1053 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1054
1055 cancel_delayed_work_sync(&hdev->adv_work);
1056
1057 hci_dev_lock(hdev);
1058 hci_adv_entries_clear(hdev);
1059 hci_dev_unlock(hdev);
1060 break;
1061
1062 case LE_SCANNING_DISABLED:
1063 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1064
1065 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1066 break;
1067
1068 default:
1069 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1070 break;
1071 }
1072 }
1073
1074 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1075 {
1076 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1077
1078 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1079
1080 if (rp->status)
1081 return;
1082
1083 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1084 }
1085
1086 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1087 {
1088 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1089
1090 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1091
1092 if (rp->status)
1093 return;
1094
1095 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1096 }
1097
1098 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1099 struct sk_buff *skb)
1100 {
1101 struct hci_cp_read_local_ext_features cp;
1102 __u8 status = *((__u8 *) skb->data);
1103
1104 BT_DBG("%s status 0x%x", hdev->name, status);
1105
1106 if (status)
1107 return;
1108
1109 cp.page = 0x01;
1110 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1111 }
1112
1113 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1114 {
1115 BT_DBG("%s status 0x%x", hdev->name, status);
1116
1117 if (status) {
1118 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1119 hci_conn_check_pending(hdev);
1120 hci_dev_lock(hdev);
1121 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1122 mgmt_start_discovery_failed(hdev, status);
1123 hci_dev_unlock(hdev);
1124 return;
1125 }
1126
1127 set_bit(HCI_INQUIRY, &hdev->flags);
1128
1129 hci_dev_lock(hdev);
1130 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
1131 hci_dev_unlock(hdev);
1132 }
1133
1134 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1135 {
1136 struct hci_cp_create_conn *cp;
1137 struct hci_conn *conn;
1138
1139 BT_DBG("%s status 0x%x", hdev->name, status);
1140
1141 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1142 if (!cp)
1143 return;
1144
1145 hci_dev_lock(hdev);
1146
1147 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1148
1149 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1150
1151 if (status) {
1152 if (conn && conn->state == BT_CONNECT) {
1153 if (status != 0x0c || conn->attempt > 2) {
1154 conn->state = BT_CLOSED;
1155 hci_proto_connect_cfm(conn, status);
1156 hci_conn_del(conn);
1157 } else
1158 conn->state = BT_CONNECT2;
1159 }
1160 } else {
1161 if (!conn) {
1162 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1163 if (conn) {
1164 conn->out = true;
1165 conn->link_mode |= HCI_LM_MASTER;
1166 } else
1167 BT_ERR("No memory for new connection");
1168 }
1169 }
1170
1171 hci_dev_unlock(hdev);
1172 }
1173
1174 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1175 {
1176 struct hci_cp_add_sco *cp;
1177 struct hci_conn *acl, *sco;
1178 __u16 handle;
1179
1180 BT_DBG("%s status 0x%x", hdev->name, status);
1181
1182 if (!status)
1183 return;
1184
1185 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1186 if (!cp)
1187 return;
1188
1189 handle = __le16_to_cpu(cp->handle);
1190
1191 BT_DBG("%s handle %d", hdev->name, handle);
1192
1193 hci_dev_lock(hdev);
1194
1195 acl = hci_conn_hash_lookup_handle(hdev, handle);
1196 if (acl) {
1197 sco = acl->link;
1198 if (sco) {
1199 sco->state = BT_CLOSED;
1200
1201 hci_proto_connect_cfm(sco, status);
1202 hci_conn_del(sco);
1203 }
1204 }
1205
1206 hci_dev_unlock(hdev);
1207 }
1208
1209 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1210 {
1211 struct hci_cp_auth_requested *cp;
1212 struct hci_conn *conn;
1213
1214 BT_DBG("%s status 0x%x", hdev->name, status);
1215
1216 if (!status)
1217 return;
1218
1219 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1220 if (!cp)
1221 return;
1222
1223 hci_dev_lock(hdev);
1224
1225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1226 if (conn) {
1227 if (conn->state == BT_CONFIG) {
1228 hci_proto_connect_cfm(conn, status);
1229 hci_conn_put(conn);
1230 }
1231 }
1232
1233 hci_dev_unlock(hdev);
1234 }
1235
1236 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1237 {
1238 struct hci_cp_set_conn_encrypt *cp;
1239 struct hci_conn *conn;
1240
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1242
1243 if (!status)
1244 return;
1245
1246 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1247 if (!cp)
1248 return;
1249
1250 hci_dev_lock(hdev);
1251
1252 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1253 if (conn) {
1254 if (conn->state == BT_CONFIG) {
1255 hci_proto_connect_cfm(conn, status);
1256 hci_conn_put(conn);
1257 }
1258 }
1259
1260 hci_dev_unlock(hdev);
1261 }
1262
1263 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1264 struct hci_conn *conn)
1265 {
1266 if (conn->state != BT_CONFIG || !conn->out)
1267 return 0;
1268
1269 if (conn->pending_sec_level == BT_SECURITY_SDP)
1270 return 0;
1271
1272 /* Only request authentication for SSP connections or non-SSP
1273 * devices with sec_level HIGH or if MITM protection is requested */
1274 if (!hci_conn_ssp_enabled(conn) &&
1275 conn->pending_sec_level != BT_SECURITY_HIGH &&
1276 !(conn->auth_type & 0x01))
1277 return 0;
1278
1279 return 1;
1280 }
1281
1282 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1283 {
1284 struct hci_cp_remote_name_req cp;
1285
1286 memset(&cp, 0, sizeof(cp));
1287
1288 bacpy(&cp.bdaddr, &e->data.bdaddr);
1289 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1290 cp.pscan_mode = e->data.pscan_mode;
1291 cp.clock_offset = e->data.clock_offset;
1292
1293 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1294 }
1295
1296 static bool hci_resolve_next_name(struct hci_dev *hdev)
1297 {
1298 struct discovery_state *discov = &hdev->discovery;
1299 struct inquiry_entry *e;
1300
1301 if (list_empty(&discov->resolve))
1302 return false;
1303
1304 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1305 if (hci_resolve_name(hdev, e) == 0) {
1306 e->name_state = NAME_PENDING;
1307 return true;
1308 }
1309
1310 return false;
1311 }
1312
1313 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1314 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1315 {
1316 struct discovery_state *discov = &hdev->discovery;
1317 struct inquiry_entry *e;
1318
1319 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1320 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1321 name, name_len, conn->dev_class);
1322
1323 if (discov->state == DISCOVERY_STOPPED)
1324 return;
1325
1326 if (discov->state == DISCOVERY_STOPPING)
1327 goto discov_complete;
1328
1329 if (discov->state != DISCOVERY_RESOLVING)
1330 return;
1331
1332 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1333 if (e) {
1334 e->name_state = NAME_KNOWN;
1335 list_del(&e->list);
1336 if (name)
1337 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1338 e->data.rssi, name, name_len);
1339 }
1340
1341 if (hci_resolve_next_name(hdev))
1342 return;
1343
1344 discov_complete:
1345 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1346 }
1347
1348 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1349 {
1350 struct hci_cp_remote_name_req *cp;
1351 struct hci_conn *conn;
1352
1353 BT_DBG("%s status 0x%x", hdev->name, status);
1354
1355 /* If successful wait for the name req complete event before
1356 * checking for the need to do authentication */
1357 if (!status)
1358 return;
1359
1360 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1361 if (!cp)
1362 return;
1363
1364 hci_dev_lock(hdev);
1365
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1367
1368 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1369 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1370
1371 if (!conn)
1372 goto unlock;
1373
1374 if (!hci_outgoing_auth_needed(hdev, conn))
1375 goto unlock;
1376
1377 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1378 struct hci_cp_auth_requested cp;
1379 cp.handle = __cpu_to_le16(conn->handle);
1380 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1381 }
1382
1383 unlock:
1384 hci_dev_unlock(hdev);
1385 }
1386
1387 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1388 {
1389 struct hci_cp_read_remote_features *cp;
1390 struct hci_conn *conn;
1391
1392 BT_DBG("%s status 0x%x", hdev->name, status);
1393
1394 if (!status)
1395 return;
1396
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1398 if (!cp)
1399 return;
1400
1401 hci_dev_lock(hdev);
1402
1403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1404 if (conn) {
1405 if (conn->state == BT_CONFIG) {
1406 hci_proto_connect_cfm(conn, status);
1407 hci_conn_put(conn);
1408 }
1409 }
1410
1411 hci_dev_unlock(hdev);
1412 }
1413
1414 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1415 {
1416 struct hci_cp_read_remote_ext_features *cp;
1417 struct hci_conn *conn;
1418
1419 BT_DBG("%s status 0x%x", hdev->name, status);
1420
1421 if (!status)
1422 return;
1423
1424 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1425 if (!cp)
1426 return;
1427
1428 hci_dev_lock(hdev);
1429
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1431 if (conn) {
1432 if (conn->state == BT_CONFIG) {
1433 hci_proto_connect_cfm(conn, status);
1434 hci_conn_put(conn);
1435 }
1436 }
1437
1438 hci_dev_unlock(hdev);
1439 }
1440
1441 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1442 {
1443 struct hci_cp_setup_sync_conn *cp;
1444 struct hci_conn *acl, *sco;
1445 __u16 handle;
1446
1447 BT_DBG("%s status 0x%x", hdev->name, status);
1448
1449 if (!status)
1450 return;
1451
1452 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1453 if (!cp)
1454 return;
1455
1456 handle = __le16_to_cpu(cp->handle);
1457
1458 BT_DBG("%s handle %d", hdev->name, handle);
1459
1460 hci_dev_lock(hdev);
1461
1462 acl = hci_conn_hash_lookup_handle(hdev, handle);
1463 if (acl) {
1464 sco = acl->link;
1465 if (sco) {
1466 sco->state = BT_CLOSED;
1467
1468 hci_proto_connect_cfm(sco, status);
1469 hci_conn_del(sco);
1470 }
1471 }
1472
1473 hci_dev_unlock(hdev);
1474 }
1475
1476 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1477 {
1478 struct hci_cp_sniff_mode *cp;
1479 struct hci_conn *conn;
1480
1481 BT_DBG("%s status 0x%x", hdev->name, status);
1482
1483 if (!status)
1484 return;
1485
1486 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1487 if (!cp)
1488 return;
1489
1490 hci_dev_lock(hdev);
1491
1492 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1493 if (conn) {
1494 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1495
1496 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1497 hci_sco_setup(conn, status);
1498 }
1499
1500 hci_dev_unlock(hdev);
1501 }
1502
1503 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1504 {
1505 struct hci_cp_exit_sniff_mode *cp;
1506 struct hci_conn *conn;
1507
1508 BT_DBG("%s status 0x%x", hdev->name, status);
1509
1510 if (!status)
1511 return;
1512
1513 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1514 if (!cp)
1515 return;
1516
1517 hci_dev_lock(hdev);
1518
1519 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1520 if (conn) {
1521 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1522
1523 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1524 hci_sco_setup(conn, status);
1525 }
1526
1527 hci_dev_unlock(hdev);
1528 }
1529
1530 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1531 {
1532 struct hci_cp_le_create_conn *cp;
1533 struct hci_conn *conn;
1534
1535 BT_DBG("%s status 0x%x", hdev->name, status);
1536
1537 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1538 if (!cp)
1539 return;
1540
1541 hci_dev_lock(hdev);
1542
1543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1544
1545 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1546 conn);
1547
1548 if (status) {
1549 if (conn && conn->state == BT_CONNECT) {
1550 conn->state = BT_CLOSED;
1551 hci_proto_connect_cfm(conn, status);
1552 hci_conn_del(conn);
1553 }
1554 } else {
1555 if (!conn) {
1556 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1557 if (conn) {
1558 conn->dst_type = cp->peer_addr_type;
1559 conn->out = true;
1560 } else {
1561 BT_ERR("No memory for new connection");
1562 }
1563 }
1564 }
1565
1566 hci_dev_unlock(hdev);
1567 }
1568
1569 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1570 {
1571 BT_DBG("%s status 0x%x", hdev->name, status);
1572 }
1573
1574 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1575 {
1576 __u8 status = *((__u8 *) skb->data);
1577 struct discovery_state *discov = &hdev->discovery;
1578 struct inquiry_entry *e;
1579
1580 BT_DBG("%s status %d", hdev->name, status);
1581
1582 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1583
1584 hci_conn_check_pending(hdev);
1585
1586 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1587 return;
1588
1589 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1590 return;
1591
1592 hci_dev_lock(hdev);
1593
1594 if (discov->state != DISCOVERY_INQUIRY)
1595 goto unlock;
1596
1597 if (list_empty(&discov->resolve)) {
1598 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1599 goto unlock;
1600 }
1601
1602 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1603 if (e && hci_resolve_name(hdev, e) == 0) {
1604 e->name_state = NAME_PENDING;
1605 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1606 } else {
1607 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1608 }
1609
1610 unlock:
1611 hci_dev_unlock(hdev);
1612 }
1613
1614 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1615 {
1616 struct inquiry_data data;
1617 struct inquiry_info *info = (void *) (skb->data + 1);
1618 int num_rsp = *((__u8 *) skb->data);
1619
1620 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1621
1622 if (!num_rsp)
1623 return;
1624
1625 hci_dev_lock(hdev);
1626
1627 for (; num_rsp; num_rsp--, info++) {
1628 bool name_known;
1629
1630 bacpy(&data.bdaddr, &info->bdaddr);
1631 data.pscan_rep_mode = info->pscan_rep_mode;
1632 data.pscan_period_mode = info->pscan_period_mode;
1633 data.pscan_mode = info->pscan_mode;
1634 memcpy(data.dev_class, info->dev_class, 3);
1635 data.clock_offset = info->clock_offset;
1636 data.rssi = 0x00;
1637 data.ssp_mode = 0x00;
1638
1639 name_known = hci_inquiry_cache_update(hdev, &data, false);
1640 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1641 info->dev_class, 0, !name_known,
1642 NULL, 0);
1643 }
1644
1645 hci_dev_unlock(hdev);
1646 }
1647
1648 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1649 {
1650 struct hci_ev_conn_complete *ev = (void *) skb->data;
1651 struct hci_conn *conn;
1652
1653 BT_DBG("%s", hdev->name);
1654
1655 hci_dev_lock(hdev);
1656
1657 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1658 if (!conn) {
1659 if (ev->link_type != SCO_LINK)
1660 goto unlock;
1661
1662 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1663 if (!conn)
1664 goto unlock;
1665
1666 conn->type = SCO_LINK;
1667 }
1668
1669 if (!ev->status) {
1670 conn->handle = __le16_to_cpu(ev->handle);
1671
1672 if (conn->type == ACL_LINK) {
1673 conn->state = BT_CONFIG;
1674 hci_conn_hold(conn);
1675 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1676 } else
1677 conn->state = BT_CONNECTED;
1678
1679 hci_conn_hold_device(conn);
1680 hci_conn_add_sysfs(conn);
1681
1682 if (test_bit(HCI_AUTH, &hdev->flags))
1683 conn->link_mode |= HCI_LM_AUTH;
1684
1685 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1686 conn->link_mode |= HCI_LM_ENCRYPT;
1687
1688 /* Get remote features */
1689 if (conn->type == ACL_LINK) {
1690 struct hci_cp_read_remote_features cp;
1691 cp.handle = ev->handle;
1692 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1693 sizeof(cp), &cp);
1694 }
1695
1696 /* Set packet type for incoming connection */
1697 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1698 struct hci_cp_change_conn_ptype cp;
1699 cp.handle = ev->handle;
1700 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1701 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1702 sizeof(cp), &cp);
1703 }
1704 } else {
1705 conn->state = BT_CLOSED;
1706 if (conn->type == ACL_LINK)
1707 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1708 conn->dst_type, ev->status);
1709 }
1710
1711 if (conn->type == ACL_LINK)
1712 hci_sco_setup(conn, ev->status);
1713
1714 if (ev->status) {
1715 hci_proto_connect_cfm(conn, ev->status);
1716 hci_conn_del(conn);
1717 } else if (ev->link_type != ACL_LINK)
1718 hci_proto_connect_cfm(conn, ev->status);
1719
1720 unlock:
1721 hci_dev_unlock(hdev);
1722
1723 hci_conn_check_pending(hdev);
1724 }
1725
1726 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727 {
1728 struct hci_ev_conn_request *ev = (void *) skb->data;
1729 int mask = hdev->link_mode;
1730
1731 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1732 batostr(&ev->bdaddr), ev->link_type);
1733
1734 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1735
1736 if ((mask & HCI_LM_ACCEPT) &&
1737 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1738 /* Connection accepted */
1739 struct inquiry_entry *ie;
1740 struct hci_conn *conn;
1741
1742 hci_dev_lock(hdev);
1743
1744 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1745 if (ie)
1746 memcpy(ie->data.dev_class, ev->dev_class, 3);
1747
1748 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1749 if (!conn) {
1750 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1751 if (!conn) {
1752 BT_ERR("No memory for new connection");
1753 hci_dev_unlock(hdev);
1754 return;
1755 }
1756 }
1757
1758 memcpy(conn->dev_class, ev->dev_class, 3);
1759 conn->state = BT_CONNECT;
1760
1761 hci_dev_unlock(hdev);
1762
1763 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1764 struct hci_cp_accept_conn_req cp;
1765
1766 bacpy(&cp.bdaddr, &ev->bdaddr);
1767
1768 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1769 cp.role = 0x00; /* Become master */
1770 else
1771 cp.role = 0x01; /* Remain slave */
1772
1773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1774 sizeof(cp), &cp);
1775 } else {
1776 struct hci_cp_accept_sync_conn_req cp;
1777
1778 bacpy(&cp.bdaddr, &ev->bdaddr);
1779 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1780
1781 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1782 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1783 cp.max_latency = cpu_to_le16(0xffff);
1784 cp.content_format = cpu_to_le16(hdev->voice_setting);
1785 cp.retrans_effort = 0xff;
1786
1787 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1788 sizeof(cp), &cp);
1789 }
1790 } else {
1791 /* Connection rejected */
1792 struct hci_cp_reject_conn_req cp;
1793
1794 bacpy(&cp.bdaddr, &ev->bdaddr);
1795 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1796 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1797 }
1798 }
1799
1800 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1801 {
1802 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1803 struct hci_conn *conn;
1804
1805 BT_DBG("%s status %d", hdev->name, ev->status);
1806
1807 hci_dev_lock(hdev);
1808
1809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1810 if (!conn)
1811 goto unlock;
1812
1813 if (ev->status == 0)
1814 conn->state = BT_CLOSED;
1815
1816 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1817 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1818 if (ev->status != 0)
1819 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1820 else
1821 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1822 conn->dst_type);
1823 }
1824
1825 if (ev->status == 0) {
1826 hci_proto_disconn_cfm(conn, ev->reason);
1827 hci_conn_del(conn);
1828 }
1829
1830 unlock:
1831 hci_dev_unlock(hdev);
1832 }
1833
1834 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1835 {
1836 struct hci_ev_auth_complete *ev = (void *) skb->data;
1837 struct hci_conn *conn;
1838
1839 BT_DBG("%s status %d", hdev->name, ev->status);
1840
1841 hci_dev_lock(hdev);
1842
1843 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1844 if (!conn)
1845 goto unlock;
1846
1847 if (!ev->status) {
1848 if (!hci_conn_ssp_enabled(conn) &&
1849 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1850 BT_INFO("re-auth of legacy device is not possible.");
1851 } else {
1852 conn->link_mode |= HCI_LM_AUTH;
1853 conn->sec_level = conn->pending_sec_level;
1854 }
1855 } else {
1856 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1857 }
1858
1859 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1860 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1861
1862 if (conn->state == BT_CONFIG) {
1863 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1864 struct hci_cp_set_conn_encrypt cp;
1865 cp.handle = ev->handle;
1866 cp.encrypt = 0x01;
1867 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1868 &cp);
1869 } else {
1870 conn->state = BT_CONNECTED;
1871 hci_proto_connect_cfm(conn, ev->status);
1872 hci_conn_put(conn);
1873 }
1874 } else {
1875 hci_auth_cfm(conn, ev->status);
1876
1877 hci_conn_hold(conn);
1878 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1879 hci_conn_put(conn);
1880 }
1881
1882 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1883 if (!ev->status) {
1884 struct hci_cp_set_conn_encrypt cp;
1885 cp.handle = ev->handle;
1886 cp.encrypt = 0x01;
1887 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1888 &cp);
1889 } else {
1890 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1891 hci_encrypt_cfm(conn, ev->status, 0x00);
1892 }
1893 }
1894
1895 unlock:
1896 hci_dev_unlock(hdev);
1897 }
1898
1899 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1900 {
1901 struct hci_ev_remote_name *ev = (void *) skb->data;
1902 struct hci_conn *conn;
1903
1904 BT_DBG("%s", hdev->name);
1905
1906 hci_conn_check_pending(hdev);
1907
1908 hci_dev_lock(hdev);
1909
1910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1911
1912 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1913 goto check_auth;
1914
1915 if (ev->status == 0)
1916 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1917 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1918 else
1919 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1920
1921 check_auth:
1922 if (!conn)
1923 goto unlock;
1924
1925 if (!hci_outgoing_auth_needed(hdev, conn))
1926 goto unlock;
1927
1928 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1929 struct hci_cp_auth_requested cp;
1930 cp.handle = __cpu_to_le16(conn->handle);
1931 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1932 }
1933
1934 unlock:
1935 hci_dev_unlock(hdev);
1936 }
1937
1938 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 {
1940 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1941 struct hci_conn *conn;
1942
1943 BT_DBG("%s status %d", hdev->name, ev->status);
1944
1945 hci_dev_lock(hdev);
1946
1947 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1948 if (conn) {
1949 if (!ev->status) {
1950 if (ev->encrypt) {
1951 /* Encryption implies authentication */
1952 conn->link_mode |= HCI_LM_AUTH;
1953 conn->link_mode |= HCI_LM_ENCRYPT;
1954 conn->sec_level = conn->pending_sec_level;
1955 } else
1956 conn->link_mode &= ~HCI_LM_ENCRYPT;
1957 }
1958
1959 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1960
1961 if (conn->state == BT_CONFIG) {
1962 if (!ev->status)
1963 conn->state = BT_CONNECTED;
1964
1965 hci_proto_connect_cfm(conn, ev->status);
1966 hci_conn_put(conn);
1967 } else
1968 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1969 }
1970
1971 hci_dev_unlock(hdev);
1972 }
1973
1974 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1975 {
1976 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1977 struct hci_conn *conn;
1978
1979 BT_DBG("%s status %d", hdev->name, ev->status);
1980
1981 hci_dev_lock(hdev);
1982
1983 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1984 if (conn) {
1985 if (!ev->status)
1986 conn->link_mode |= HCI_LM_SECURE;
1987
1988 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1989
1990 hci_key_change_cfm(conn, ev->status);
1991 }
1992
1993 hci_dev_unlock(hdev);
1994 }
1995
1996 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1997 {
1998 struct hci_ev_remote_features *ev = (void *) skb->data;
1999 struct hci_conn *conn;
2000
2001 BT_DBG("%s status %d", hdev->name, ev->status);
2002
2003 hci_dev_lock(hdev);
2004
2005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2006 if (!conn)
2007 goto unlock;
2008
2009 if (!ev->status)
2010 memcpy(conn->features, ev->features, 8);
2011
2012 if (conn->state != BT_CONFIG)
2013 goto unlock;
2014
2015 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2016 struct hci_cp_read_remote_ext_features cp;
2017 cp.handle = ev->handle;
2018 cp.page = 0x01;
2019 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2020 sizeof(cp), &cp);
2021 goto unlock;
2022 }
2023
2024 if (!ev->status) {
2025 struct hci_cp_remote_name_req cp;
2026 memset(&cp, 0, sizeof(cp));
2027 bacpy(&cp.bdaddr, &conn->dst);
2028 cp.pscan_rep_mode = 0x02;
2029 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2030 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2031 mgmt_device_connected(hdev, &conn->dst, conn->type,
2032 conn->dst_type, NULL, 0,
2033 conn->dev_class);
2034
2035 if (!hci_outgoing_auth_needed(hdev, conn)) {
2036 conn->state = BT_CONNECTED;
2037 hci_proto_connect_cfm(conn, ev->status);
2038 hci_conn_put(conn);
2039 }
2040
2041 unlock:
2042 hci_dev_unlock(hdev);
2043 }
2044
2045 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2046 {
2047 BT_DBG("%s", hdev->name);
2048 }
2049
2050 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2051 {
2052 BT_DBG("%s", hdev->name);
2053 }
2054
2055 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2056 {
2057 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2058 __u16 opcode;
2059
2060 skb_pull(skb, sizeof(*ev));
2061
2062 opcode = __le16_to_cpu(ev->opcode);
2063
2064 switch (opcode) {
2065 case HCI_OP_INQUIRY_CANCEL:
2066 hci_cc_inquiry_cancel(hdev, skb);
2067 break;
2068
2069 case HCI_OP_EXIT_PERIODIC_INQ:
2070 hci_cc_exit_periodic_inq(hdev, skb);
2071 break;
2072
2073 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2074 hci_cc_remote_name_req_cancel(hdev, skb);
2075 break;
2076
2077 case HCI_OP_ROLE_DISCOVERY:
2078 hci_cc_role_discovery(hdev, skb);
2079 break;
2080
2081 case HCI_OP_READ_LINK_POLICY:
2082 hci_cc_read_link_policy(hdev, skb);
2083 break;
2084
2085 case HCI_OP_WRITE_LINK_POLICY:
2086 hci_cc_write_link_policy(hdev, skb);
2087 break;
2088
2089 case HCI_OP_READ_DEF_LINK_POLICY:
2090 hci_cc_read_def_link_policy(hdev, skb);
2091 break;
2092
2093 case HCI_OP_WRITE_DEF_LINK_POLICY:
2094 hci_cc_write_def_link_policy(hdev, skb);
2095 break;
2096
2097 case HCI_OP_RESET:
2098 hci_cc_reset(hdev, skb);
2099 break;
2100
2101 case HCI_OP_WRITE_LOCAL_NAME:
2102 hci_cc_write_local_name(hdev, skb);
2103 break;
2104
2105 case HCI_OP_READ_LOCAL_NAME:
2106 hci_cc_read_local_name(hdev, skb);
2107 break;
2108
2109 case HCI_OP_WRITE_AUTH_ENABLE:
2110 hci_cc_write_auth_enable(hdev, skb);
2111 break;
2112
2113 case HCI_OP_WRITE_ENCRYPT_MODE:
2114 hci_cc_write_encrypt_mode(hdev, skb);
2115 break;
2116
2117 case HCI_OP_WRITE_SCAN_ENABLE:
2118 hci_cc_write_scan_enable(hdev, skb);
2119 break;
2120
2121 case HCI_OP_READ_CLASS_OF_DEV:
2122 hci_cc_read_class_of_dev(hdev, skb);
2123 break;
2124
2125 case HCI_OP_WRITE_CLASS_OF_DEV:
2126 hci_cc_write_class_of_dev(hdev, skb);
2127 break;
2128
2129 case HCI_OP_READ_VOICE_SETTING:
2130 hci_cc_read_voice_setting(hdev, skb);
2131 break;
2132
2133 case HCI_OP_WRITE_VOICE_SETTING:
2134 hci_cc_write_voice_setting(hdev, skb);
2135 break;
2136
2137 case HCI_OP_HOST_BUFFER_SIZE:
2138 hci_cc_host_buffer_size(hdev, skb);
2139 break;
2140
2141 case HCI_OP_READ_SSP_MODE:
2142 hci_cc_read_ssp_mode(hdev, skb);
2143 break;
2144
2145 case HCI_OP_WRITE_SSP_MODE:
2146 hci_cc_write_ssp_mode(hdev, skb);
2147 break;
2148
2149 case HCI_OP_READ_LOCAL_VERSION:
2150 hci_cc_read_local_version(hdev, skb);
2151 break;
2152
2153 case HCI_OP_READ_LOCAL_COMMANDS:
2154 hci_cc_read_local_commands(hdev, skb);
2155 break;
2156
2157 case HCI_OP_READ_LOCAL_FEATURES:
2158 hci_cc_read_local_features(hdev, skb);
2159 break;
2160
2161 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2162 hci_cc_read_local_ext_features(hdev, skb);
2163 break;
2164
2165 case HCI_OP_READ_BUFFER_SIZE:
2166 hci_cc_read_buffer_size(hdev, skb);
2167 break;
2168
2169 case HCI_OP_READ_BD_ADDR:
2170 hci_cc_read_bd_addr(hdev, skb);
2171 break;
2172
2173 case HCI_OP_READ_DATA_BLOCK_SIZE:
2174 hci_cc_read_data_block_size(hdev, skb);
2175 break;
2176
2177 case HCI_OP_WRITE_CA_TIMEOUT:
2178 hci_cc_write_ca_timeout(hdev, skb);
2179 break;
2180
2181 case HCI_OP_READ_FLOW_CONTROL_MODE:
2182 hci_cc_read_flow_control_mode(hdev, skb);
2183 break;
2184
2185 case HCI_OP_READ_LOCAL_AMP_INFO:
2186 hci_cc_read_local_amp_info(hdev, skb);
2187 break;
2188
2189 case HCI_OP_DELETE_STORED_LINK_KEY:
2190 hci_cc_delete_stored_link_key(hdev, skb);
2191 break;
2192
2193 case HCI_OP_SET_EVENT_MASK:
2194 hci_cc_set_event_mask(hdev, skb);
2195 break;
2196
2197 case HCI_OP_WRITE_INQUIRY_MODE:
2198 hci_cc_write_inquiry_mode(hdev, skb);
2199 break;
2200
2201 case HCI_OP_READ_INQ_RSP_TX_POWER:
2202 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2203 break;
2204
2205 case HCI_OP_SET_EVENT_FLT:
2206 hci_cc_set_event_flt(hdev, skb);
2207 break;
2208
2209 case HCI_OP_PIN_CODE_REPLY:
2210 hci_cc_pin_code_reply(hdev, skb);
2211 break;
2212
2213 case HCI_OP_PIN_CODE_NEG_REPLY:
2214 hci_cc_pin_code_neg_reply(hdev, skb);
2215 break;
2216
2217 case HCI_OP_READ_LOCAL_OOB_DATA:
2218 hci_cc_read_local_oob_data_reply(hdev, skb);
2219 break;
2220
2221 case HCI_OP_LE_READ_BUFFER_SIZE:
2222 hci_cc_le_read_buffer_size(hdev, skb);
2223 break;
2224
2225 case HCI_OP_USER_CONFIRM_REPLY:
2226 hci_cc_user_confirm_reply(hdev, skb);
2227 break;
2228
2229 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2230 hci_cc_user_confirm_neg_reply(hdev, skb);
2231 break;
2232
2233 case HCI_OP_USER_PASSKEY_REPLY:
2234 hci_cc_user_passkey_reply(hdev, skb);
2235 break;
2236
2237 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2238 hci_cc_user_passkey_neg_reply(hdev, skb);
2239
2240 case HCI_OP_LE_SET_SCAN_PARAM:
2241 hci_cc_le_set_scan_param(hdev, skb);
2242 break;
2243
2244 case HCI_OP_LE_SET_SCAN_ENABLE:
2245 hci_cc_le_set_scan_enable(hdev, skb);
2246 break;
2247
2248 case HCI_OP_LE_LTK_REPLY:
2249 hci_cc_le_ltk_reply(hdev, skb);
2250 break;
2251
2252 case HCI_OP_LE_LTK_NEG_REPLY:
2253 hci_cc_le_ltk_neg_reply(hdev, skb);
2254 break;
2255
2256 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2257 hci_cc_write_le_host_supported(hdev, skb);
2258 break;
2259
2260 default:
2261 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2262 break;
2263 }
2264
2265 if (ev->opcode != HCI_OP_NOP)
2266 del_timer(&hdev->cmd_timer);
2267
2268 if (ev->ncmd) {
2269 atomic_set(&hdev->cmd_cnt, 1);
2270 if (!skb_queue_empty(&hdev->cmd_q))
2271 queue_work(hdev->workqueue, &hdev->cmd_work);
2272 }
2273 }
2274
2275 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2276 {
2277 struct hci_ev_cmd_status *ev = (void *) skb->data;
2278 __u16 opcode;
2279
2280 skb_pull(skb, sizeof(*ev));
2281
2282 opcode = __le16_to_cpu(ev->opcode);
2283
2284 switch (opcode) {
2285 case HCI_OP_INQUIRY:
2286 hci_cs_inquiry(hdev, ev->status);
2287 break;
2288
2289 case HCI_OP_CREATE_CONN:
2290 hci_cs_create_conn(hdev, ev->status);
2291 break;
2292
2293 case HCI_OP_ADD_SCO:
2294 hci_cs_add_sco(hdev, ev->status);
2295 break;
2296
2297 case HCI_OP_AUTH_REQUESTED:
2298 hci_cs_auth_requested(hdev, ev->status);
2299 break;
2300
2301 case HCI_OP_SET_CONN_ENCRYPT:
2302 hci_cs_set_conn_encrypt(hdev, ev->status);
2303 break;
2304
2305 case HCI_OP_REMOTE_NAME_REQ:
2306 hci_cs_remote_name_req(hdev, ev->status);
2307 break;
2308
2309 case HCI_OP_READ_REMOTE_FEATURES:
2310 hci_cs_read_remote_features(hdev, ev->status);
2311 break;
2312
2313 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2314 hci_cs_read_remote_ext_features(hdev, ev->status);
2315 break;
2316
2317 case HCI_OP_SETUP_SYNC_CONN:
2318 hci_cs_setup_sync_conn(hdev, ev->status);
2319 break;
2320
2321 case HCI_OP_SNIFF_MODE:
2322 hci_cs_sniff_mode(hdev, ev->status);
2323 break;
2324
2325 case HCI_OP_EXIT_SNIFF_MODE:
2326 hci_cs_exit_sniff_mode(hdev, ev->status);
2327 break;
2328
2329 case HCI_OP_DISCONNECT:
2330 if (ev->status != 0)
2331 mgmt_disconnect_failed(hdev, NULL, ev->status);
2332 break;
2333
2334 case HCI_OP_LE_CREATE_CONN:
2335 hci_cs_le_create_conn(hdev, ev->status);
2336 break;
2337
2338 case HCI_OP_LE_START_ENC:
2339 hci_cs_le_start_enc(hdev, ev->status);
2340 break;
2341
2342 default:
2343 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2344 break;
2345 }
2346
2347 if (ev->opcode != HCI_OP_NOP)
2348 del_timer(&hdev->cmd_timer);
2349
2350 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2351 atomic_set(&hdev->cmd_cnt, 1);
2352 if (!skb_queue_empty(&hdev->cmd_q))
2353 queue_work(hdev->workqueue, &hdev->cmd_work);
2354 }
2355 }
2356
2357 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2358 {
2359 struct hci_ev_role_change *ev = (void *) skb->data;
2360 struct hci_conn *conn;
2361
2362 BT_DBG("%s status %d", hdev->name, ev->status);
2363
2364 hci_dev_lock(hdev);
2365
2366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2367 if (conn) {
2368 if (!ev->status) {
2369 if (ev->role)
2370 conn->link_mode &= ~HCI_LM_MASTER;
2371 else
2372 conn->link_mode |= HCI_LM_MASTER;
2373 }
2374
2375 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2376
2377 hci_role_switch_cfm(conn, ev->status, ev->role);
2378 }
2379
2380 hci_dev_unlock(hdev);
2381 }
2382
2383 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2384 {
2385 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2386 int i;
2387
2388 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2389 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2390 return;
2391 }
2392
2393 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2394 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2395 BT_DBG("%s bad parameters", hdev->name);
2396 return;
2397 }
2398
2399 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2400
2401 for (i = 0; i < ev->num_hndl; i++) {
2402 struct hci_comp_pkts_info *info = &ev->handles[i];
2403 struct hci_conn *conn;
2404 __u16 handle, count;
2405
2406 handle = __le16_to_cpu(info->handle);
2407 count = __le16_to_cpu(info->count);
2408
2409 conn = hci_conn_hash_lookup_handle(hdev, handle);
2410 if (!conn)
2411 continue;
2412
2413 conn->sent -= count;
2414
2415 switch (conn->type) {
2416 case ACL_LINK:
2417 hdev->acl_cnt += count;
2418 if (hdev->acl_cnt > hdev->acl_pkts)
2419 hdev->acl_cnt = hdev->acl_pkts;
2420 break;
2421
2422 case LE_LINK:
2423 if (hdev->le_pkts) {
2424 hdev->le_cnt += count;
2425 if (hdev->le_cnt > hdev->le_pkts)
2426 hdev->le_cnt = hdev->le_pkts;
2427 } else {
2428 hdev->acl_cnt += count;
2429 if (hdev->acl_cnt > hdev->acl_pkts)
2430 hdev->acl_cnt = hdev->acl_pkts;
2431 }
2432 break;
2433
2434 case SCO_LINK:
2435 hdev->sco_cnt += count;
2436 if (hdev->sco_cnt > hdev->sco_pkts)
2437 hdev->sco_cnt = hdev->sco_pkts;
2438 break;
2439
2440 default:
2441 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2442 break;
2443 }
2444 }
2445
2446 queue_work(hdev->workqueue, &hdev->tx_work);
2447 }
2448
2449 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2450 struct sk_buff *skb)
2451 {
2452 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2453 int i;
2454
2455 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2456 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2457 return;
2458 }
2459
2460 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2461 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2462 BT_DBG("%s bad parameters", hdev->name);
2463 return;
2464 }
2465
2466 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2467 ev->num_hndl);
2468
2469 for (i = 0; i < ev->num_hndl; i++) {
2470 struct hci_comp_blocks_info *info = &ev->handles[i];
2471 struct hci_conn *conn;
2472 __u16 handle, block_count;
2473
2474 handle = __le16_to_cpu(info->handle);
2475 block_count = __le16_to_cpu(info->blocks);
2476
2477 conn = hci_conn_hash_lookup_handle(hdev, handle);
2478 if (!conn)
2479 continue;
2480
2481 conn->sent -= block_count;
2482
2483 switch (conn->type) {
2484 case ACL_LINK:
2485 hdev->block_cnt += block_count;
2486 if (hdev->block_cnt > hdev->num_blocks)
2487 hdev->block_cnt = hdev->num_blocks;
2488 break;
2489
2490 default:
2491 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2492 break;
2493 }
2494 }
2495
2496 queue_work(hdev->workqueue, &hdev->tx_work);
2497 }
2498
2499 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2500 {
2501 struct hci_ev_mode_change *ev = (void *) skb->data;
2502 struct hci_conn *conn;
2503
2504 BT_DBG("%s status %d", hdev->name, ev->status);
2505
2506 hci_dev_lock(hdev);
2507
2508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2509 if (conn) {
2510 conn->mode = ev->mode;
2511 conn->interval = __le16_to_cpu(ev->interval);
2512
2513 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2514 if (conn->mode == HCI_CM_ACTIVE)
2515 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2516 else
2517 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2518 }
2519
2520 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2521 hci_sco_setup(conn, ev->status);
2522 }
2523
2524 hci_dev_unlock(hdev);
2525 }
2526
2527 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2528 {
2529 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2530 struct hci_conn *conn;
2531
2532 BT_DBG("%s", hdev->name);
2533
2534 hci_dev_lock(hdev);
2535
2536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2537 if (!conn)
2538 goto unlock;
2539
2540 if (conn->state == BT_CONNECTED) {
2541 hci_conn_hold(conn);
2542 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2543 hci_conn_put(conn);
2544 }
2545
2546 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2547 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2548 sizeof(ev->bdaddr), &ev->bdaddr);
2549 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2550 u8 secure;
2551
2552 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2553 secure = 1;
2554 else
2555 secure = 0;
2556
2557 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2558 }
2559
2560 unlock:
2561 hci_dev_unlock(hdev);
2562 }
2563
2564 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2565 {
2566 struct hci_ev_link_key_req *ev = (void *) skb->data;
2567 struct hci_cp_link_key_reply cp;
2568 struct hci_conn *conn;
2569 struct link_key *key;
2570
2571 BT_DBG("%s", hdev->name);
2572
2573 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2574 return;
2575
2576 hci_dev_lock(hdev);
2577
2578 key = hci_find_link_key(hdev, &ev->bdaddr);
2579 if (!key) {
2580 BT_DBG("%s link key not found for %s", hdev->name,
2581 batostr(&ev->bdaddr));
2582 goto not_found;
2583 }
2584
2585 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2586 batostr(&ev->bdaddr));
2587
2588 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2589 key->type == HCI_LK_DEBUG_COMBINATION) {
2590 BT_DBG("%s ignoring debug key", hdev->name);
2591 goto not_found;
2592 }
2593
2594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2595 if (conn) {
2596 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2597 conn->auth_type != 0xff &&
2598 (conn->auth_type & 0x01)) {
2599 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2600 goto not_found;
2601 }
2602
2603 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2604 conn->pending_sec_level == BT_SECURITY_HIGH) {
2605 BT_DBG("%s ignoring key unauthenticated for high \
2606 security", hdev->name);
2607 goto not_found;
2608 }
2609
2610 conn->key_type = key->type;
2611 conn->pin_length = key->pin_len;
2612 }
2613
2614 bacpy(&cp.bdaddr, &ev->bdaddr);
2615 memcpy(cp.link_key, key->val, 16);
2616
2617 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2618
2619 hci_dev_unlock(hdev);
2620
2621 return;
2622
2623 not_found:
2624 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2625 hci_dev_unlock(hdev);
2626 }
2627
2628 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2629 {
2630 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2631 struct hci_conn *conn;
2632 u8 pin_len = 0;
2633
2634 BT_DBG("%s", hdev->name);
2635
2636 hci_dev_lock(hdev);
2637
2638 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2639 if (conn) {
2640 hci_conn_hold(conn);
2641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2642 pin_len = conn->pin_length;
2643
2644 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2645 conn->key_type = ev->key_type;
2646
2647 hci_conn_put(conn);
2648 }
2649
2650 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2651 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2652 ev->key_type, pin_len);
2653
2654 hci_dev_unlock(hdev);
2655 }
2656
2657 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2658 {
2659 struct hci_ev_clock_offset *ev = (void *) skb->data;
2660 struct hci_conn *conn;
2661
2662 BT_DBG("%s status %d", hdev->name, ev->status);
2663
2664 hci_dev_lock(hdev);
2665
2666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2667 if (conn && !ev->status) {
2668 struct inquiry_entry *ie;
2669
2670 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2671 if (ie) {
2672 ie->data.clock_offset = ev->clock_offset;
2673 ie->timestamp = jiffies;
2674 }
2675 }
2676
2677 hci_dev_unlock(hdev);
2678 }
2679
2680 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2681 {
2682 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2683 struct hci_conn *conn;
2684
2685 BT_DBG("%s status %d", hdev->name, ev->status);
2686
2687 hci_dev_lock(hdev);
2688
2689 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2690 if (conn && !ev->status)
2691 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2692
2693 hci_dev_unlock(hdev);
2694 }
2695
2696 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2697 {
2698 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2699 struct inquiry_entry *ie;
2700
2701 BT_DBG("%s", hdev->name);
2702
2703 hci_dev_lock(hdev);
2704
2705 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2706 if (ie) {
2707 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2708 ie->timestamp = jiffies;
2709 }
2710
2711 hci_dev_unlock(hdev);
2712 }
2713
2714 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2715 {
2716 struct inquiry_data data;
2717 int num_rsp = *((__u8 *) skb->data);
2718 bool name_known;
2719
2720 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2721
2722 if (!num_rsp)
2723 return;
2724
2725 hci_dev_lock(hdev);
2726
2727 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2728 struct inquiry_info_with_rssi_and_pscan_mode *info;
2729 info = (void *) (skb->data + 1);
2730
2731 for (; num_rsp; num_rsp--, info++) {
2732 bacpy(&data.bdaddr, &info->bdaddr);
2733 data.pscan_rep_mode = info->pscan_rep_mode;
2734 data.pscan_period_mode = info->pscan_period_mode;
2735 data.pscan_mode = info->pscan_mode;
2736 memcpy(data.dev_class, info->dev_class, 3);
2737 data.clock_offset = info->clock_offset;
2738 data.rssi = info->rssi;
2739 data.ssp_mode = 0x00;
2740
2741 name_known = hci_inquiry_cache_update(hdev, &data,
2742 false);
2743 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2744 info->dev_class, info->rssi,
2745 !name_known, NULL, 0);
2746 }
2747 } else {
2748 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2749
2750 for (; num_rsp; num_rsp--, info++) {
2751 bacpy(&data.bdaddr, &info->bdaddr);
2752 data.pscan_rep_mode = info->pscan_rep_mode;
2753 data.pscan_period_mode = info->pscan_period_mode;
2754 data.pscan_mode = 0x00;
2755 memcpy(data.dev_class, info->dev_class, 3);
2756 data.clock_offset = info->clock_offset;
2757 data.rssi = info->rssi;
2758 data.ssp_mode = 0x00;
2759 name_known = hci_inquiry_cache_update(hdev, &data,
2760 false);
2761 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2762 info->dev_class, info->rssi,
2763 !name_known, NULL, 0);
2764 }
2765 }
2766
2767 hci_dev_unlock(hdev);
2768 }
2769
2770 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2771 {
2772 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2773 struct hci_conn *conn;
2774
2775 BT_DBG("%s", hdev->name);
2776
2777 hci_dev_lock(hdev);
2778
2779 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2780 if (!conn)
2781 goto unlock;
2782
2783 if (!ev->status && ev->page == 0x01) {
2784 struct inquiry_entry *ie;
2785
2786 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2787 if (ie)
2788 ie->data.ssp_mode = (ev->features[0] & 0x01);
2789
2790 if (ev->features[0] & 0x01)
2791 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2792 }
2793
2794 if (conn->state != BT_CONFIG)
2795 goto unlock;
2796
2797 if (!ev->status) {
2798 struct hci_cp_remote_name_req cp;
2799 memset(&cp, 0, sizeof(cp));
2800 bacpy(&cp.bdaddr, &conn->dst);
2801 cp.pscan_rep_mode = 0x02;
2802 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2803 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2804 mgmt_device_connected(hdev, &conn->dst, conn->type,
2805 conn->dst_type, NULL, 0,
2806 conn->dev_class);
2807
2808 if (!hci_outgoing_auth_needed(hdev, conn)) {
2809 conn->state = BT_CONNECTED;
2810 hci_proto_connect_cfm(conn, ev->status);
2811 hci_conn_put(conn);
2812 }
2813
2814 unlock:
2815 hci_dev_unlock(hdev);
2816 }
2817
2818 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2819 {
2820 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2821 struct hci_conn *conn;
2822
2823 BT_DBG("%s status %d", hdev->name, ev->status);
2824
2825 hci_dev_lock(hdev);
2826
2827 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2828 if (!conn) {
2829 if (ev->link_type == ESCO_LINK)
2830 goto unlock;
2831
2832 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2833 if (!conn)
2834 goto unlock;
2835
2836 conn->type = SCO_LINK;
2837 }
2838
2839 switch (ev->status) {
2840 case 0x00:
2841 conn->handle = __le16_to_cpu(ev->handle);
2842 conn->state = BT_CONNECTED;
2843
2844 hci_conn_hold_device(conn);
2845 hci_conn_add_sysfs(conn);
2846 break;
2847
2848 case 0x11: /* Unsupported Feature or Parameter Value */
2849 case 0x1c: /* SCO interval rejected */
2850 case 0x1a: /* Unsupported Remote Feature */
2851 case 0x1f: /* Unspecified error */
2852 if (conn->out && conn->attempt < 2) {
2853 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2854 (hdev->esco_type & EDR_ESCO_MASK);
2855 hci_setup_sync(conn, conn->link->handle);
2856 goto unlock;
2857 }
2858 /* fall through */
2859
2860 default:
2861 conn->state = BT_CLOSED;
2862 break;
2863 }
2864
2865 hci_proto_connect_cfm(conn, ev->status);
2866 if (ev->status)
2867 hci_conn_del(conn);
2868
2869 unlock:
2870 hci_dev_unlock(hdev);
2871 }
2872
2873 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2874 {
2875 BT_DBG("%s", hdev->name);
2876 }
2877
2878 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2879 {
2880 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2881
2882 BT_DBG("%s status %d", hdev->name, ev->status);
2883 }
2884
2885 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2886 {
2887 struct inquiry_data data;
2888 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2889 int num_rsp = *((__u8 *) skb->data);
2890
2891 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2892
2893 if (!num_rsp)
2894 return;
2895
2896 hci_dev_lock(hdev);
2897
2898 for (; num_rsp; num_rsp--, info++) {
2899 bool name_known;
2900
2901 bacpy(&data.bdaddr, &info->bdaddr);
2902 data.pscan_rep_mode = info->pscan_rep_mode;
2903 data.pscan_period_mode = info->pscan_period_mode;
2904 data.pscan_mode = 0x00;
2905 memcpy(data.dev_class, info->dev_class, 3);
2906 data.clock_offset = info->clock_offset;
2907 data.rssi = info->rssi;
2908 data.ssp_mode = 0x01;
2909
2910 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2911 name_known = eir_has_data_type(info->data,
2912 sizeof(info->data),
2913 EIR_NAME_COMPLETE);
2914 else
2915 name_known = true;
2916
2917 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2918 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2919 info->dev_class, info->rssi,
2920 !name_known, info->data,
2921 sizeof(info->data));
2922 }
2923
2924 hci_dev_unlock(hdev);
2925 }
2926
2927 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2928 {
2929 /* If remote requests dedicated bonding follow that lead */
2930 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2931 /* If both remote and local IO capabilities allow MITM
2932 * protection then require it, otherwise don't */
2933 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2934 return 0x02;
2935 else
2936 return 0x03;
2937 }
2938
2939 /* If remote requests no-bonding follow that lead */
2940 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2941 return conn->remote_auth | (conn->auth_type & 0x01);
2942
2943 return conn->auth_type;
2944 }
2945
2946 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2947 {
2948 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2949 struct hci_conn *conn;
2950
2951 BT_DBG("%s", hdev->name);
2952
2953 hci_dev_lock(hdev);
2954
2955 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2956 if (!conn)
2957 goto unlock;
2958
2959 hci_conn_hold(conn);
2960
2961 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2962 goto unlock;
2963
2964 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2965 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2966 struct hci_cp_io_capability_reply cp;
2967
2968 bacpy(&cp.bdaddr, &ev->bdaddr);
2969 /* Change the IO capability from KeyboardDisplay
2970 * to DisplayYesNo as it is not supported by BT spec. */
2971 cp.capability = (conn->io_capability == 0x04) ?
2972 0x01 : conn->io_capability;
2973 conn->auth_type = hci_get_auth_req(conn);
2974 cp.authentication = conn->auth_type;
2975
2976 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
2977 hci_find_remote_oob_data(hdev, &conn->dst))
2978 cp.oob_data = 0x01;
2979 else
2980 cp.oob_data = 0x00;
2981
2982 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2983 sizeof(cp), &cp);
2984 } else {
2985 struct hci_cp_io_capability_neg_reply cp;
2986
2987 bacpy(&cp.bdaddr, &ev->bdaddr);
2988 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2989
2990 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2991 sizeof(cp), &cp);
2992 }
2993
2994 unlock:
2995 hci_dev_unlock(hdev);
2996 }
2997
2998 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2999 {
3000 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3001 struct hci_conn *conn;
3002
3003 BT_DBG("%s", hdev->name);
3004
3005 hci_dev_lock(hdev);
3006
3007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3008 if (!conn)
3009 goto unlock;
3010
3011 conn->remote_cap = ev->capability;
3012 conn->remote_auth = ev->authentication;
3013 if (ev->oob_data)
3014 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3015
3016 unlock:
3017 hci_dev_unlock(hdev);
3018 }
3019
3020 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3021 struct sk_buff *skb)
3022 {
3023 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3024 int loc_mitm, rem_mitm, confirm_hint = 0;
3025 struct hci_conn *conn;
3026
3027 BT_DBG("%s", hdev->name);
3028
3029 hci_dev_lock(hdev);
3030
3031 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3032 goto unlock;
3033
3034 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3035 if (!conn)
3036 goto unlock;
3037
3038 loc_mitm = (conn->auth_type & 0x01);
3039 rem_mitm = (conn->remote_auth & 0x01);
3040
3041 /* If we require MITM but the remote device can't provide that
3042 * (it has NoInputNoOutput) then reject the confirmation
3043 * request. The only exception is when we're dedicated bonding
3044 * initiators (connect_cfm_cb set) since then we always have the MITM
3045 * bit set. */
3046 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3047 BT_DBG("Rejecting request: remote device can't provide MITM");
3048 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3049 sizeof(ev->bdaddr), &ev->bdaddr);
3050 goto unlock;
3051 }
3052
3053 /* If no side requires MITM protection; auto-accept */
3054 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3055 (!rem_mitm || conn->io_capability == 0x03)) {
3056
3057 /* If we're not the initiators request authorization to
3058 * proceed from user space (mgmt_user_confirm with
3059 * confirm_hint set to 1). */
3060 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3061 BT_DBG("Confirming auto-accept as acceptor");
3062 confirm_hint = 1;
3063 goto confirm;
3064 }
3065
3066 BT_DBG("Auto-accept of user confirmation with %ums delay",
3067 hdev->auto_accept_delay);
3068
3069 if (hdev->auto_accept_delay > 0) {
3070 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3071 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3072 goto unlock;
3073 }
3074
3075 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3076 sizeof(ev->bdaddr), &ev->bdaddr);
3077 goto unlock;
3078 }
3079
3080 confirm:
3081 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
3082 confirm_hint);
3083
3084 unlock:
3085 hci_dev_unlock(hdev);
3086 }
3087
3088 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3089 struct sk_buff *skb)
3090 {
3091 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3092
3093 BT_DBG("%s", hdev->name);
3094
3095 hci_dev_lock(hdev);
3096
3097 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3098 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3099
3100 hci_dev_unlock(hdev);
3101 }
3102
3103 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3104 {
3105 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3106 struct hci_conn *conn;
3107
3108 BT_DBG("%s", hdev->name);
3109
3110 hci_dev_lock(hdev);
3111
3112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3113 if (!conn)
3114 goto unlock;
3115
3116 /* To avoid duplicate auth_failed events to user space we check
3117 * the HCI_CONN_AUTH_PEND flag which will be set if we
3118 * initiated the authentication. A traditional auth_complete
3119 * event gets always produced as initiator and is also mapped to
3120 * the mgmt_auth_failed event */
3121 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3122 mgmt_auth_failed(hdev, &conn->dst, ev->status);
3123
3124 hci_conn_put(conn);
3125
3126 unlock:
3127 hci_dev_unlock(hdev);
3128 }
3129
3130 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3131 {
3132 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3133 struct inquiry_entry *ie;
3134
3135 BT_DBG("%s", hdev->name);
3136
3137 hci_dev_lock(hdev);
3138
3139 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3140 if (ie)
3141 ie->data.ssp_mode = (ev->features[0] & 0x01);
3142
3143 hci_dev_unlock(hdev);
3144 }
3145
3146 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3147 struct sk_buff *skb)
3148 {
3149 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3150 struct oob_data *data;
3151
3152 BT_DBG("%s", hdev->name);
3153
3154 hci_dev_lock(hdev);
3155
3156 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3157 goto unlock;
3158
3159 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3160 if (data) {
3161 struct hci_cp_remote_oob_data_reply cp;
3162
3163 bacpy(&cp.bdaddr, &ev->bdaddr);
3164 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3165 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3166
3167 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3168 &cp);
3169 } else {
3170 struct hci_cp_remote_oob_data_neg_reply cp;
3171
3172 bacpy(&cp.bdaddr, &ev->bdaddr);
3173 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3174 &cp);
3175 }
3176
3177 unlock:
3178 hci_dev_unlock(hdev);
3179 }
3180
3181 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3182 {
3183 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3184 struct hci_conn *conn;
3185
3186 BT_DBG("%s status %d", hdev->name, ev->status);
3187
3188 hci_dev_lock(hdev);
3189
3190 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3191 if (!conn) {
3192 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3193 if (!conn) {
3194 BT_ERR("No memory for new connection");
3195 hci_dev_unlock(hdev);
3196 return;
3197 }
3198
3199 conn->dst_type = ev->bdaddr_type;
3200 }
3201
3202 if (ev->status) {
3203 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3204 conn->dst_type, ev->status);
3205 hci_proto_connect_cfm(conn, ev->status);
3206 conn->state = BT_CLOSED;
3207 hci_conn_del(conn);
3208 goto unlock;
3209 }
3210
3211 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3212 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3213 conn->dst_type, NULL, 0, 0);
3214
3215 conn->sec_level = BT_SECURITY_LOW;
3216 conn->handle = __le16_to_cpu(ev->handle);
3217 conn->state = BT_CONNECTED;
3218
3219 hci_conn_hold_device(conn);
3220 hci_conn_add_sysfs(conn);
3221
3222 hci_proto_connect_cfm(conn, ev->status);
3223
3224 unlock:
3225 hci_dev_unlock(hdev);
3226 }
3227
3228 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3229 struct sk_buff *skb)
3230 {
3231 u8 num_reports = skb->data[0];
3232 void *ptr = &skb->data[1];
3233 s8 rssi;
3234
3235 hci_dev_lock(hdev);
3236
3237 while (num_reports--) {
3238 struct hci_ev_le_advertising_info *ev = ptr;
3239
3240 hci_add_adv_entry(hdev, ev);
3241
3242 rssi = ev->data[ev->length];
3243 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3244 NULL, rssi, 0, ev->data, ev->length);
3245
3246 ptr += sizeof(*ev) + ev->length + 1;
3247 }
3248
3249 hci_dev_unlock(hdev);
3250 }
3251
3252 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3253 struct sk_buff *skb)
3254 {
3255 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3256 struct hci_cp_le_ltk_reply cp;
3257 struct hci_cp_le_ltk_neg_reply neg;
3258 struct hci_conn *conn;
3259 struct smp_ltk *ltk;
3260
3261 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3262
3263 hci_dev_lock(hdev);
3264
3265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3266 if (conn == NULL)
3267 goto not_found;
3268
3269 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3270 if (ltk == NULL)
3271 goto not_found;
3272
3273 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3274 cp.handle = cpu_to_le16(conn->handle);
3275
3276 if (ltk->authenticated)
3277 conn->sec_level = BT_SECURITY_HIGH;
3278
3279 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3280
3281 if (ltk->type & HCI_SMP_STK) {
3282 list_del(&ltk->list);
3283 kfree(ltk);
3284 }
3285
3286 hci_dev_unlock(hdev);
3287
3288 return;
3289
3290 not_found:
3291 neg.handle = ev->handle;
3292 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3293 hci_dev_unlock(hdev);
3294 }
3295
3296 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3297 {
3298 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3299
3300 skb_pull(skb, sizeof(*le_ev));
3301
3302 switch (le_ev->subevent) {
3303 case HCI_EV_LE_CONN_COMPLETE:
3304 hci_le_conn_complete_evt(hdev, skb);
3305 break;
3306
3307 case HCI_EV_LE_ADVERTISING_REPORT:
3308 hci_le_adv_report_evt(hdev, skb);
3309 break;
3310
3311 case HCI_EV_LE_LTK_REQ:
3312 hci_le_ltk_request_evt(hdev, skb);
3313 break;
3314
3315 default:
3316 break;
3317 }
3318 }
3319
3320 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3321 {
3322 struct hci_event_hdr *hdr = (void *) skb->data;
3323 __u8 event = hdr->evt;
3324
3325 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3326
3327 switch (event) {
3328 case HCI_EV_INQUIRY_COMPLETE:
3329 hci_inquiry_complete_evt(hdev, skb);
3330 break;
3331
3332 case HCI_EV_INQUIRY_RESULT:
3333 hci_inquiry_result_evt(hdev, skb);
3334 break;
3335
3336 case HCI_EV_CONN_COMPLETE:
3337 hci_conn_complete_evt(hdev, skb);
3338 break;
3339
3340 case HCI_EV_CONN_REQUEST:
3341 hci_conn_request_evt(hdev, skb);
3342 break;
3343
3344 case HCI_EV_DISCONN_COMPLETE:
3345 hci_disconn_complete_evt(hdev, skb);
3346 break;
3347
3348 case HCI_EV_AUTH_COMPLETE:
3349 hci_auth_complete_evt(hdev, skb);
3350 break;
3351
3352 case HCI_EV_REMOTE_NAME:
3353 hci_remote_name_evt(hdev, skb);
3354 break;
3355
3356 case HCI_EV_ENCRYPT_CHANGE:
3357 hci_encrypt_change_evt(hdev, skb);
3358 break;
3359
3360 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3361 hci_change_link_key_complete_evt(hdev, skb);
3362 break;
3363
3364 case HCI_EV_REMOTE_FEATURES:
3365 hci_remote_features_evt(hdev, skb);
3366 break;
3367
3368 case HCI_EV_REMOTE_VERSION:
3369 hci_remote_version_evt(hdev, skb);
3370 break;
3371
3372 case HCI_EV_QOS_SETUP_COMPLETE:
3373 hci_qos_setup_complete_evt(hdev, skb);
3374 break;
3375
3376 case HCI_EV_CMD_COMPLETE:
3377 hci_cmd_complete_evt(hdev, skb);
3378 break;
3379
3380 case HCI_EV_CMD_STATUS:
3381 hci_cmd_status_evt(hdev, skb);
3382 break;
3383
3384 case HCI_EV_ROLE_CHANGE:
3385 hci_role_change_evt(hdev, skb);
3386 break;
3387
3388 case HCI_EV_NUM_COMP_PKTS:
3389 hci_num_comp_pkts_evt(hdev, skb);
3390 break;
3391
3392 case HCI_EV_MODE_CHANGE:
3393 hci_mode_change_evt(hdev, skb);
3394 break;
3395
3396 case HCI_EV_PIN_CODE_REQ:
3397 hci_pin_code_request_evt(hdev, skb);
3398 break;
3399
3400 case HCI_EV_LINK_KEY_REQ:
3401 hci_link_key_request_evt(hdev, skb);
3402 break;
3403
3404 case HCI_EV_LINK_KEY_NOTIFY:
3405 hci_link_key_notify_evt(hdev, skb);
3406 break;
3407
3408 case HCI_EV_CLOCK_OFFSET:
3409 hci_clock_offset_evt(hdev, skb);
3410 break;
3411
3412 case HCI_EV_PKT_TYPE_CHANGE:
3413 hci_pkt_type_change_evt(hdev, skb);
3414 break;
3415
3416 case HCI_EV_PSCAN_REP_MODE:
3417 hci_pscan_rep_mode_evt(hdev, skb);
3418 break;
3419
3420 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3421 hci_inquiry_result_with_rssi_evt(hdev, skb);
3422 break;
3423
3424 case HCI_EV_REMOTE_EXT_FEATURES:
3425 hci_remote_ext_features_evt(hdev, skb);
3426 break;
3427
3428 case HCI_EV_SYNC_CONN_COMPLETE:
3429 hci_sync_conn_complete_evt(hdev, skb);
3430 break;
3431
3432 case HCI_EV_SYNC_CONN_CHANGED:
3433 hci_sync_conn_changed_evt(hdev, skb);
3434 break;
3435
3436 case HCI_EV_SNIFF_SUBRATE:
3437 hci_sniff_subrate_evt(hdev, skb);
3438 break;
3439
3440 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3441 hci_extended_inquiry_result_evt(hdev, skb);
3442 break;
3443
3444 case HCI_EV_IO_CAPA_REQUEST:
3445 hci_io_capa_request_evt(hdev, skb);
3446 break;
3447
3448 case HCI_EV_IO_CAPA_REPLY:
3449 hci_io_capa_reply_evt(hdev, skb);
3450 break;
3451
3452 case HCI_EV_USER_CONFIRM_REQUEST:
3453 hci_user_confirm_request_evt(hdev, skb);
3454 break;
3455
3456 case HCI_EV_USER_PASSKEY_REQUEST:
3457 hci_user_passkey_request_evt(hdev, skb);
3458 break;
3459
3460 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3461 hci_simple_pair_complete_evt(hdev, skb);
3462 break;
3463
3464 case HCI_EV_REMOTE_HOST_FEATURES:
3465 hci_remote_host_features_evt(hdev, skb);
3466 break;
3467
3468 case HCI_EV_LE_META:
3469 hci_le_meta_evt(hdev, skb);
3470 break;
3471
3472 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3473 hci_remote_oob_data_request_evt(hdev, skb);
3474 break;
3475
3476 case HCI_EV_NUM_COMP_BLOCKS:
3477 hci_num_comp_blocks_evt(hdev, skb);
3478 break;
3479
3480 default:
3481 BT_DBG("%s event 0x%x", hdev->name, event);
3482 break;
3483 }
3484
3485 kfree_skb(skb);
3486 hdev->stat.evt_rx++;
3487 }
3488
3489 /* Generate internal stack event */
3490 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3491 {
3492 struct hci_event_hdr *hdr;
3493 struct hci_ev_stack_internal *ev;
3494 struct sk_buff *skb;
3495
3496 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3497 if (!skb)
3498 return;
3499
3500 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3501 hdr->evt = HCI_EV_STACK_INTERNAL;
3502 hdr->plen = sizeof(*ev) + dlen;
3503
3504 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3505 ev->type = type;
3506 memcpy(ev->data, data, dlen);
3507
3508 bt_cb(skb)->incoming = 1;
3509 __net_timestamp(skb);
3510
3511 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3512 skb->dev = (void *) hdev;
3513 hci_send_to_sock(hdev, skb, NULL);
3514 kfree_skb(skb);
3515 }
3516
3517 module_param(enable_le, bool, 0644);
3518 MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)