1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/mgmt.h>
32#include <net/bluetooth/a2mp.h>
33#include <net/bluetooth/amp.h>
34
35
36
37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38{
39 __u8 status = *((__u8 *) skb->data);
40
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
47 return;
48 }
49
50 clear_bit(HCI_INQUIRY, &hdev->flags);
51 smp_mb__after_clear_bit();
52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53
54 hci_dev_lock(hdev);
55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_dev_unlock(hdev);
57
58 hci_conn_check_pending(hdev);
59}
60
61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71}
72
73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
76
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79 if (status)
80 return;
81
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84 hci_conn_check_pending(hdev);
85}
86
87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
111 }
112
113 hci_dev_unlock(hdev);
114}
115
116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136{
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
139 void *sent;
140
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
149
150 hci_dev_lock(hdev);
151
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 if (conn)
154 conn->link_policy = get_unaligned_le16(sent + 2);
155
156 hci_dev_unlock(hdev);
157}
158
159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186}
187
188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
191
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194 clear_bit(HCI_RESET, &hdev->flags);
195
196
197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
198
199 hdev->discovery.state = DISCOVERY_STOPPED;
200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
205}
206
207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
211
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
217
218 hci_dev_lock(hdev);
219
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225 hci_dev_unlock(hdev);
226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234 if (rp->status)
235 return;
236
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
259 }
260
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263}
264
265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
266{
267 __u8 status = *((__u8 *) skb->data);
268 void *sent;
269
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
271
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
275
276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
284}
285
286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
290 void *sent;
291
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
293
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
297
298 param = *((__u8 *) sent);
299
300 hci_dev_lock(hdev);
301
302 if (status) {
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
314 mgmt_discoverable(hdev, 1);
315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
329
330done:
331 hci_dev_unlock(hdev);
332}
333
334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339
340 if (rp->status)
341 return;
342
343 memcpy(hdev->dev_class, rp->dev_class, 3);
344
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347}
348
349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
353
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
355
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
359
360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
369}
370
371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
383 if (hdev->voice_setting == setting)
384 return;
385
386 hdev->voice_setting = setting;
387
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389
390 if (hdev->notify)
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392}
393
394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
396{
397 __u8 status = *((__u8 *) skb->data);
398 __u16 setting;
399 void *sent;
400
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403 if (status)
404 return;
405
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
409
410 setting = get_unaligned_le16(sent);
411
412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
416
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418
419 if (hdev->notify)
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421}
422
423static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 __u8 status = *((__u8 *) skb->data);
426 struct hci_cp_write_ssp_mode *sent;
427
428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
429
430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431 if (!sent)
432 return;
433
434 if (!status) {
435 if (sent->mode)
436 hdev->features[1][0] |= LMP_HOST_SSP;
437 else
438 hdev->features[1][0] &= ~LMP_HOST_SSP;
439 }
440
441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
442 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443 else if (!status) {
444 if (sent->mode)
445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446 else
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 }
449}
450
451static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452{
453 struct hci_rp_read_local_version *rp = (void *) skb->data;
454
455 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
456
457 if (rp->status)
458 return;
459
460 hdev->hci_ver = rp->hci_ver;
461 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462 hdev->lmp_ver = rp->lmp_ver;
463 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
465
466 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468}
469
470static void hci_cc_read_local_commands(struct hci_dev *hdev,
471 struct sk_buff *skb)
472{
473 struct hci_rp_read_local_commands *rp = (void *) skb->data;
474
475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477 if (!rp->status)
478 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479}
480
481static void hci_cc_read_local_features(struct hci_dev *hdev,
482 struct sk_buff *skb)
483{
484 struct hci_rp_read_local_features *rp = (void *) skb->data;
485
486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
487
488 if (rp->status)
489 return;
490
491 memcpy(hdev->features, rp->features, 8);
492
493
494
495
496 if (hdev->features[0][0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498
499 if (hdev->features[0][0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501
502 if (hdev->features[0][1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2);
505 }
506
507 if (hdev->features[0][1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3);
510 }
511
512 if (lmp_esco_capable(hdev))
513 hdev->esco_type |= (ESCO_EV3);
514
515 if (hdev->features[0][4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4);
517
518 if (hdev->features[0][4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5);
520
521 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3);
523
524 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3);
526
527 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531 hdev->features[0][0], hdev->features[0][1],
532 hdev->features[0][2], hdev->features[0][3],
533 hdev->features[0][4], hdev->features[0][5],
534 hdev->features[0][6], hdev->features[0][7]);
535}
536
537static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538 struct sk_buff *skb)
539{
540 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
543
544 if (rp->status)
545 return;
546
547 hdev->max_page = rp->max_page;
548
549 if (rp->page < HCI_MAX_PAGES)
550 memcpy(hdev->features[rp->page], rp->features, 8);
551}
552
553static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
554 struct sk_buff *skb)
555{
556 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
557
558 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
559
560 if (!rp->status)
561 hdev->flow_ctl_mode = rp->mode;
562}
563
564static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
565{
566 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
567
568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
569
570 if (rp->status)
571 return;
572
573 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
574 hdev->sco_mtu = rp->sco_mtu;
575 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
576 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
577
578 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
579 hdev->sco_mtu = 64;
580 hdev->sco_pkts = 8;
581 }
582
583 hdev->acl_cnt = hdev->acl_pkts;
584 hdev->sco_cnt = hdev->sco_pkts;
585
586 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
587 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
588}
589
590static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
593
594 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595
596 if (!rp->status)
597 bacpy(&hdev->bdaddr, &rp->bdaddr);
598}
599
600static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
601 struct sk_buff *skb)
602{
603 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
604
605 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606
607 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
608 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
609 hdev->page_scan_window = __le16_to_cpu(rp->window);
610 }
611}
612
613static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
614 struct sk_buff *skb)
615{
616 u8 status = *((u8 *) skb->data);
617 struct hci_cp_write_page_scan_activity *sent;
618
619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
620
621 if (status)
622 return;
623
624 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
625 if (!sent)
626 return;
627
628 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
629 hdev->page_scan_window = __le16_to_cpu(sent->window);
630}
631
632static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
633 struct sk_buff *skb)
634{
635 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
636
637 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638
639 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
640 hdev->page_scan_type = rp->type;
641}
642
643static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
644 struct sk_buff *skb)
645{
646 u8 status = *((u8 *) skb->data);
647 u8 *type;
648
649 BT_DBG("%s status 0x%2.2x", hdev->name, status);
650
651 if (status)
652 return;
653
654 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
655 if (type)
656 hdev->page_scan_type = *type;
657}
658
659static void hci_cc_read_data_block_size(struct hci_dev *hdev,
660 struct sk_buff *skb)
661{
662 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
663
664 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
665
666 if (rp->status)
667 return;
668
669 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
670 hdev->block_len = __le16_to_cpu(rp->block_len);
671 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
672
673 hdev->block_cnt = hdev->num_blocks;
674
675 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
676 hdev->block_cnt, hdev->block_len);
677}
678
679static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
680 struct sk_buff *skb)
681{
682 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
683
684 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685
686 if (rp->status)
687 goto a2mp_rsp;
688
689 hdev->amp_status = rp->amp_status;
690 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
691 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
692 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
693 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
694 hdev->amp_type = rp->amp_type;
695 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
696 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
697 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
698 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
699
700a2mp_rsp:
701 a2mp_send_getinfo_rsp(hdev);
702}
703
704static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
705 struct sk_buff *skb)
706{
707 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
708 struct amp_assoc *assoc = &hdev->loc_assoc;
709 size_t rem_len, frag_len;
710
711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712
713 if (rp->status)
714 goto a2mp_rsp;
715
716 frag_len = skb->len - sizeof(*rp);
717 rem_len = __le16_to_cpu(rp->rem_len);
718
719 if (rem_len > frag_len) {
720 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
721
722 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
723 assoc->offset += frag_len;
724
725
726 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
727
728 return;
729 }
730
731 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
732 assoc->len = assoc->offset + rem_len;
733 assoc->offset = 0;
734
735a2mp_rsp:
736
737 a2mp_send_getampassoc_rsp(hdev, rp->status);
738 a2mp_send_create_phy_link_req(hdev, rp->status);
739}
740
741static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
742 struct sk_buff *skb)
743{
744 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
745
746 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
747
748 if (!rp->status)
749 hdev->inq_tx_power = rp->tx_power;
750}
751
752static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
753{
754 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
755 struct hci_cp_pin_code_reply *cp;
756 struct hci_conn *conn;
757
758 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759
760 hci_dev_lock(hdev);
761
762 if (test_bit(HCI_MGMT, &hdev->dev_flags))
763 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
764
765 if (rp->status)
766 goto unlock;
767
768 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
769 if (!cp)
770 goto unlock;
771
772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
773 if (conn)
774 conn->pin_length = cp->pin_len;
775
776unlock:
777 hci_dev_unlock(hdev);
778}
779
780static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785
786 hci_dev_lock(hdev);
787
788 if (test_bit(HCI_MGMT, &hdev->dev_flags))
789 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
790 rp->status);
791
792 hci_dev_unlock(hdev);
793}
794
795static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
796 struct sk_buff *skb)
797{
798 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
799
800 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801
802 if (rp->status)
803 return;
804
805 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
806 hdev->le_pkts = rp->le_max_pkt;
807
808 hdev->le_cnt = hdev->le_pkts;
809
810 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
811}
812
813static void hci_cc_le_read_local_features(struct hci_dev *hdev,
814 struct sk_buff *skb)
815{
816 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
817
818 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819
820 if (!rp->status)
821 memcpy(hdev->le_features, rp->features, 8);
822}
823
824static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
825 struct sk_buff *skb)
826{
827 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
828
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
830
831 if (!rp->status)
832 hdev->adv_tx_power = rp->tx_power;
833}
834
835static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
836{
837 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
838
839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
840
841 hci_dev_lock(hdev);
842
843 if (test_bit(HCI_MGMT, &hdev->dev_flags))
844 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
845 rp->status);
846
847 hci_dev_unlock(hdev);
848}
849
850static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
851 struct sk_buff *skb)
852{
853 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
854
855 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856
857 hci_dev_lock(hdev);
858
859 if (test_bit(HCI_MGMT, &hdev->dev_flags))
860 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
861 ACL_LINK, 0, rp->status);
862
863 hci_dev_unlock(hdev);
864}
865
866static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
867{
868 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
869
870 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871
872 hci_dev_lock(hdev);
873
874 if (test_bit(HCI_MGMT, &hdev->dev_flags))
875 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
876 0, rp->status);
877
878 hci_dev_unlock(hdev);
879}
880
881static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
882 struct sk_buff *skb)
883{
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
885
886 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887
888 hci_dev_lock(hdev);
889
890 if (test_bit(HCI_MGMT, &hdev->dev_flags))
891 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
892 ACL_LINK, 0, rp->status);
893
894 hci_dev_unlock(hdev);
895}
896
897static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
898 struct sk_buff *skb)
899{
900 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
901
902 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903
904 hci_dev_lock(hdev);
905 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
906 rp->randomizer, rp->status);
907 hci_dev_unlock(hdev);
908}
909
910static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
911{
912 __u8 *sent, status = *((__u8 *) skb->data);
913
914 BT_DBG("%s status 0x%2.2x", hdev->name, status);
915
916 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
917 if (!sent)
918 return;
919
920 hci_dev_lock(hdev);
921
922 if (!status) {
923 if (*sent)
924 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
925 else
926 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
927 }
928
929 if (!test_bit(HCI_INIT, &hdev->flags)) {
930 struct hci_request req;
931
932 hci_req_init(&req, hdev);
933 hci_update_ad(&req);
934 hci_req_run(&req, NULL);
935 }
936
937 hci_dev_unlock(hdev);
938}
939
940static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
941{
942 __u8 status = *((__u8 *) skb->data);
943
944 BT_DBG("%s status 0x%2.2x", hdev->name, status);
945
946 if (status) {
947 hci_dev_lock(hdev);
948 mgmt_start_discovery_failed(hdev, status);
949 hci_dev_unlock(hdev);
950 return;
951 }
952}
953
954static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
955 struct sk_buff *skb)
956{
957 struct hci_cp_le_set_scan_enable *cp;
958 __u8 status = *((__u8 *) skb->data);
959
960 BT_DBG("%s status 0x%2.2x", hdev->name, status);
961
962 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
963 if (!cp)
964 return;
965
966 switch (cp->enable) {
967 case LE_SCAN_ENABLE:
968 if (status) {
969 hci_dev_lock(hdev);
970 mgmt_start_discovery_failed(hdev, status);
971 hci_dev_unlock(hdev);
972 return;
973 }
974
975 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
976
977 hci_dev_lock(hdev);
978 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
979 hci_dev_unlock(hdev);
980 break;
981
982 case LE_SCAN_DISABLE:
983 if (status) {
984 hci_dev_lock(hdev);
985 mgmt_stop_discovery_failed(hdev, status);
986 hci_dev_unlock(hdev);
987 return;
988 }
989
990 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
991
992 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
993 hdev->discovery.state == DISCOVERY_FINDING) {
994 mgmt_interleaved_discovery(hdev);
995 } else {
996 hci_dev_lock(hdev);
997 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
998 hci_dev_unlock(hdev);
999 }
1000
1001 break;
1002
1003 default:
1004 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1005 break;
1006 }
1007}
1008
1009static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1011{
1012 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1015
1016 if (!rp->status)
1017 hdev->le_white_list_size = rp->size;
1018}
1019
1020static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1021 struct sk_buff *skb)
1022{
1023 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1024
1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1026
1027 if (!rp->status)
1028 memcpy(hdev->le_states, rp->le_states, 8);
1029}
1030
1031static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1032 struct sk_buff *skb)
1033{
1034 struct hci_cp_write_le_host_supported *sent;
1035 __u8 status = *((__u8 *) skb->data);
1036
1037 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1038
1039 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1040 if (!sent)
1041 return;
1042
1043 if (!status) {
1044 if (sent->le)
1045 hdev->features[1][0] |= LMP_HOST_LE;
1046 else
1047 hdev->features[1][0] &= ~LMP_HOST_LE;
1048
1049 if (sent->simul)
1050 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1051 else
1052 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1053 }
1054
1055 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1056 !test_bit(HCI_INIT, &hdev->flags))
1057 mgmt_le_enable_complete(hdev, sent->le, status);
1058}
1059
1060static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1061 struct sk_buff *skb)
1062{
1063 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1064
1065 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1066 hdev->name, rp->status, rp->phy_handle);
1067
1068 if (rp->status)
1069 return;
1070
1071 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1072}
1073
1074static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1075{
1076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1077
1078 if (status) {
1079 hci_conn_check_pending(hdev);
1080 hci_dev_lock(hdev);
1081 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1082 mgmt_start_discovery_failed(hdev, status);
1083 hci_dev_unlock(hdev);
1084 return;
1085 }
1086
1087 set_bit(HCI_INQUIRY, &hdev->flags);
1088
1089 hci_dev_lock(hdev);
1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1091 hci_dev_unlock(hdev);
1092}
1093
1094static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1095{
1096 struct hci_cp_create_conn *cp;
1097 struct hci_conn *conn;
1098
1099 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100
1101 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1102 if (!cp)
1103 return;
1104
1105 hci_dev_lock(hdev);
1106
1107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1108
1109 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1110
1111 if (status) {
1112 if (conn && conn->state == BT_CONNECT) {
1113 if (status != 0x0c || conn->attempt > 2) {
1114 conn->state = BT_CLOSED;
1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_del(conn);
1117 } else
1118 conn->state = BT_CONNECT2;
1119 }
1120 } else {
1121 if (!conn) {
1122 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1123 if (conn) {
1124 conn->out = true;
1125 conn->link_mode |= HCI_LM_MASTER;
1126 } else
1127 BT_ERR("No memory for new connection");
1128 }
1129 }
1130
1131 hci_dev_unlock(hdev);
1132}
1133
1134static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1135{
1136 struct hci_cp_add_sco *cp;
1137 struct hci_conn *acl, *sco;
1138 __u16 handle;
1139
1140 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1141
1142 if (!status)
1143 return;
1144
1145 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146 if (!cp)
1147 return;
1148
1149 handle = __le16_to_cpu(cp->handle);
1150
1151 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1152
1153 hci_dev_lock(hdev);
1154
1155 acl = hci_conn_hash_lookup_handle(hdev, handle);
1156 if (acl) {
1157 sco = acl->link;
1158 if (sco) {
1159 sco->state = BT_CLOSED;
1160
1161 hci_proto_connect_cfm(sco, status);
1162 hci_conn_del(sco);
1163 }
1164 }
1165
1166 hci_dev_unlock(hdev);
1167}
1168
1169static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1170{
1171 struct hci_cp_auth_requested *cp;
1172 struct hci_conn *conn;
1173
1174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175
1176 if (!status)
1177 return;
1178
1179 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1180 if (!cp)
1181 return;
1182
1183 hci_dev_lock(hdev);
1184
1185 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1186 if (conn) {
1187 if (conn->state == BT_CONFIG) {
1188 hci_proto_connect_cfm(conn, status);
1189 hci_conn_drop(conn);
1190 }
1191 }
1192
1193 hci_dev_unlock(hdev);
1194}
1195
1196static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1197{
1198 struct hci_cp_set_conn_encrypt *cp;
1199 struct hci_conn *conn;
1200
1201 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1202
1203 if (!status)
1204 return;
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1207 if (!cp)
1208 return;
1209
1210 hci_dev_lock(hdev);
1211
1212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1213 if (conn) {
1214 if (conn->state == BT_CONFIG) {
1215 hci_proto_connect_cfm(conn, status);
1216 hci_conn_drop(conn);
1217 }
1218 }
1219
1220 hci_dev_unlock(hdev);
1221}
1222
1223static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1224 struct hci_conn *conn)
1225{
1226 if (conn->state != BT_CONFIG || !conn->out)
1227 return 0;
1228
1229 if (conn->pending_sec_level == BT_SECURITY_SDP)
1230 return 0;
1231
1232
1233
1234 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1235 conn->pending_sec_level != BT_SECURITY_HIGH)
1236 return 0;
1237
1238 return 1;
1239}
1240
1241static int hci_resolve_name(struct hci_dev *hdev,
1242 struct inquiry_entry *e)
1243{
1244 struct hci_cp_remote_name_req cp;
1245
1246 memset(&cp, 0, sizeof(cp));
1247
1248 bacpy(&cp.bdaddr, &e->data.bdaddr);
1249 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1250 cp.pscan_mode = e->data.pscan_mode;
1251 cp.clock_offset = e->data.clock_offset;
1252
1253 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1254}
1255
1256static bool hci_resolve_next_name(struct hci_dev *hdev)
1257{
1258 struct discovery_state *discov = &hdev->discovery;
1259 struct inquiry_entry *e;
1260
1261 if (list_empty(&discov->resolve))
1262 return false;
1263
1264 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1265 if (!e)
1266 return false;
1267
1268 if (hci_resolve_name(hdev, e) == 0) {
1269 e->name_state = NAME_PENDING;
1270 return true;
1271 }
1272
1273 return false;
1274}
1275
1276static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1277 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1278{
1279 struct discovery_state *discov = &hdev->discovery;
1280 struct inquiry_entry *e;
1281
1282 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1283 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1284 name_len, conn->dev_class);
1285
1286 if (discov->state == DISCOVERY_STOPPED)
1287 return;
1288
1289 if (discov->state == DISCOVERY_STOPPING)
1290 goto discov_complete;
1291
1292 if (discov->state != DISCOVERY_RESOLVING)
1293 return;
1294
1295 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1296
1297
1298
1299
1300 if (!e)
1301 return;
1302
1303 list_del(&e->list);
1304 if (name) {
1305 e->name_state = NAME_KNOWN;
1306 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1307 e->data.rssi, name, name_len);
1308 } else {
1309 e->name_state = NAME_NOT_KNOWN;
1310 }
1311
1312 if (hci_resolve_next_name(hdev))
1313 return;
1314
1315discov_complete:
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317}
1318
1319static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320{
1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1323
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326
1327
1328 if (!status)
1329 return;
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
1337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1338
1339 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1340 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1341
1342 if (!conn)
1343 goto unlock;
1344
1345 if (!hci_outgoing_auth_needed(hdev, conn))
1346 goto unlock;
1347
1348 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1349 struct hci_cp_auth_requested cp;
1350 cp.handle = __cpu_to_le16(conn->handle);
1351 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1352 }
1353
1354unlock:
1355 hci_dev_unlock(hdev);
1356}
1357
1358static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1359{
1360 struct hci_cp_read_remote_features *cp;
1361 struct hci_conn *conn;
1362
1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364
1365 if (!status)
1366 return;
1367
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1369 if (!cp)
1370 return;
1371
1372 hci_dev_lock(hdev);
1373
1374 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1375 if (conn) {
1376 if (conn->state == BT_CONFIG) {
1377 hci_proto_connect_cfm(conn, status);
1378 hci_conn_drop(conn);
1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383}
1384
1385static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1386{
1387 struct hci_cp_read_remote_ext_features *cp;
1388 struct hci_conn *conn;
1389
1390 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1391
1392 if (!status)
1393 return;
1394
1395 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1396 if (!cp)
1397 return;
1398
1399 hci_dev_lock(hdev);
1400
1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1402 if (conn) {
1403 if (conn->state == BT_CONFIG) {
1404 hci_proto_connect_cfm(conn, status);
1405 hci_conn_drop(conn);
1406 }
1407 }
1408
1409 hci_dev_unlock(hdev);
1410}
1411
1412static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1413{
1414 struct hci_cp_setup_sync_conn *cp;
1415 struct hci_conn *acl, *sco;
1416 __u16 handle;
1417
1418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1419
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1424 if (!cp)
1425 return;
1426
1427 handle = __le16_to_cpu(cp->handle);
1428
1429 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1430
1431 hci_dev_lock(hdev);
1432
1433 acl = hci_conn_hash_lookup_handle(hdev, handle);
1434 if (acl) {
1435 sco = acl->link;
1436 if (sco) {
1437 sco->state = BT_CLOSED;
1438
1439 hci_proto_connect_cfm(sco, status);
1440 hci_conn_del(sco);
1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
1447static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1448{
1449 struct hci_cp_sniff_mode *cp;
1450 struct hci_conn *conn;
1451
1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1453
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 if (conn) {
1465 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1466
1467 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1468 hci_sco_setup(conn, status);
1469 }
1470
1471 hci_dev_unlock(hdev);
1472}
1473
1474static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1475{
1476 struct hci_cp_exit_sniff_mode *cp;
1477 struct hci_conn *conn;
1478
1479 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1480
1481 if (!status)
1482 return;
1483
1484 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1485 if (!cp)
1486 return;
1487
1488 hci_dev_lock(hdev);
1489
1490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1491 if (conn) {
1492 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1493
1494 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1495 hci_sco_setup(conn, status);
1496 }
1497
1498 hci_dev_unlock(hdev);
1499}
1500
1501static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1502{
1503 struct hci_cp_disconnect *cp;
1504 struct hci_conn *conn;
1505
1506 if (!status)
1507 return;
1508
1509 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1510 if (!cp)
1511 return;
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn)
1517 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1518 conn->dst_type, status);
1519
1520 hci_dev_unlock(hdev);
1521}
1522
1523static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1524{
1525 struct hci_conn *conn;
1526
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528
1529 if (status) {
1530 hci_dev_lock(hdev);
1531
1532 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1533 if (!conn) {
1534 hci_dev_unlock(hdev);
1535 return;
1536 }
1537
1538 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1539
1540 conn->state = BT_CLOSED;
1541 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1542 conn->dst_type, status);
1543 hci_proto_connect_cfm(conn, status);
1544 hci_conn_del(conn);
1545
1546 hci_dev_unlock(hdev);
1547 }
1548}
1549
1550static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1551{
1552 struct hci_cp_create_phy_link *cp;
1553
1554 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555
1556 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1557 if (!cp)
1558 return;
1559
1560 hci_dev_lock(hdev);
1561
1562 if (status) {
1563 struct hci_conn *hcon;
1564
1565 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1566 if (hcon)
1567 hci_conn_del(hcon);
1568 } else {
1569 amp_write_remote_assoc(hdev, cp->phy_handle);
1570 }
1571
1572 hci_dev_unlock(hdev);
1573}
1574
1575static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1576{
1577 struct hci_cp_accept_phy_link *cp;
1578
1579 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1580
1581 if (status)
1582 return;
1583
1584 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1585 if (!cp)
1586 return;
1587
1588 amp_write_remote_assoc(hdev, cp->phy_handle);
1589}
1590
1591static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1592{
1593 __u8 status = *((__u8 *) skb->data);
1594 struct discovery_state *discov = &hdev->discovery;
1595 struct inquiry_entry *e;
1596
1597 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1598
1599 hci_conn_check_pending(hdev);
1600
1601 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1602 return;
1603
1604 smp_mb__after_clear_bit();
1605 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
1607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1608 return;
1609
1610 hci_dev_lock(hdev);
1611
1612 if (discov->state != DISCOVERY_FINDING)
1613 goto unlock;
1614
1615 if (list_empty(&discov->resolve)) {
1616 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1617 goto unlock;
1618 }
1619
1620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1621 if (e && hci_resolve_name(hdev, e) == 0) {
1622 e->name_state = NAME_PENDING;
1623 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1624 } else {
1625 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1626 }
1627
1628unlock:
1629 hci_dev_unlock(hdev);
1630}
1631
1632static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1633{
1634 struct inquiry_data data;
1635 struct inquiry_info *info = (void *) (skb->data + 1);
1636 int num_rsp = *((__u8 *) skb->data);
1637
1638 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1639
1640 if (!num_rsp)
1641 return;
1642
1643 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1644 return;
1645
1646 hci_dev_lock(hdev);
1647
1648 for (; num_rsp; num_rsp--, info++) {
1649 bool name_known, ssp;
1650
1651 bacpy(&data.bdaddr, &info->bdaddr);
1652 data.pscan_rep_mode = info->pscan_rep_mode;
1653 data.pscan_period_mode = info->pscan_period_mode;
1654 data.pscan_mode = info->pscan_mode;
1655 memcpy(data.dev_class, info->dev_class, 3);
1656 data.clock_offset = info->clock_offset;
1657 data.rssi = 0x00;
1658 data.ssp_mode = 0x00;
1659
1660 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1661 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1662 info->dev_class, 0, !name_known, ssp, NULL,
1663 0);
1664 }
1665
1666 hci_dev_unlock(hdev);
1667}
1668
1669static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1670{
1671 struct hci_ev_conn_complete *ev = (void *) skb->data;
1672 struct hci_conn *conn;
1673
1674 BT_DBG("%s", hdev->name);
1675
1676 hci_dev_lock(hdev);
1677
1678 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1679 if (!conn) {
1680 if (ev->link_type != SCO_LINK)
1681 goto unlock;
1682
1683 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1684 if (!conn)
1685 goto unlock;
1686
1687 conn->type = SCO_LINK;
1688 }
1689
1690 if (!ev->status) {
1691 conn->handle = __le16_to_cpu(ev->handle);
1692
1693 if (conn->type == ACL_LINK) {
1694 conn->state = BT_CONFIG;
1695 hci_conn_hold(conn);
1696
1697 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1698 !hci_find_link_key(hdev, &ev->bdaddr))
1699 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1700 else
1701 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1702 } else
1703 conn->state = BT_CONNECTED;
1704
1705 hci_conn_add_sysfs(conn);
1706
1707 if (test_bit(HCI_AUTH, &hdev->flags))
1708 conn->link_mode |= HCI_LM_AUTH;
1709
1710 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1711 conn->link_mode |= HCI_LM_ENCRYPT;
1712
1713
1714 if (conn->type == ACL_LINK) {
1715 struct hci_cp_read_remote_features cp;
1716 cp.handle = ev->handle;
1717 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1718 sizeof(cp), &cp);
1719 }
1720
1721
1722 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1723 struct hci_cp_change_conn_ptype cp;
1724 cp.handle = ev->handle;
1725 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1726 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1727 &cp);
1728 }
1729 } else {
1730 conn->state = BT_CLOSED;
1731 if (conn->type == ACL_LINK)
1732 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1733 conn->dst_type, ev->status);
1734 }
1735
1736 if (conn->type == ACL_LINK)
1737 hci_sco_setup(conn, ev->status);
1738
1739 if (ev->status) {
1740 hci_proto_connect_cfm(conn, ev->status);
1741 hci_conn_del(conn);
1742 } else if (ev->link_type != ACL_LINK)
1743 hci_proto_connect_cfm(conn, ev->status);
1744
1745unlock:
1746 hci_dev_unlock(hdev);
1747
1748 hci_conn_check_pending(hdev);
1749}
1750
1751static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1752{
1753 struct hci_ev_conn_request *ev = (void *) skb->data;
1754 int mask = hdev->link_mode;
1755 __u8 flags = 0;
1756
1757 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1758 ev->link_type);
1759
1760 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1761 &flags);
1762
1763 if ((mask & HCI_LM_ACCEPT) &&
1764 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1765
1766 struct inquiry_entry *ie;
1767 struct hci_conn *conn;
1768
1769 hci_dev_lock(hdev);
1770
1771 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1772 if (ie)
1773 memcpy(ie->data.dev_class, ev->dev_class, 3);
1774
1775 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1776 &ev->bdaddr);
1777 if (!conn) {
1778 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1779 if (!conn) {
1780 BT_ERR("No memory for new connection");
1781 hci_dev_unlock(hdev);
1782 return;
1783 }
1784 }
1785
1786 memcpy(conn->dev_class, ev->dev_class, 3);
1787
1788 hci_dev_unlock(hdev);
1789
1790 if (ev->link_type == ACL_LINK ||
1791 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1792 struct hci_cp_accept_conn_req cp;
1793 conn->state = BT_CONNECT;
1794
1795 bacpy(&cp.bdaddr, &ev->bdaddr);
1796
1797 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1798 cp.role = 0x00;
1799 else
1800 cp.role = 0x01;
1801
1802 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1803 &cp);
1804 } else if (!(flags & HCI_PROTO_DEFER)) {
1805 struct hci_cp_accept_sync_conn_req cp;
1806 conn->state = BT_CONNECT;
1807
1808 bacpy(&cp.bdaddr, &ev->bdaddr);
1809 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1810
1811 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1812 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1813 cp.max_latency = __constant_cpu_to_le16(0xffff);
1814 cp.content_format = cpu_to_le16(hdev->voice_setting);
1815 cp.retrans_effort = 0xff;
1816
1817 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1818 sizeof(cp), &cp);
1819 } else {
1820 conn->state = BT_CONNECT2;
1821 hci_proto_connect_cfm(conn, 0);
1822 }
1823 } else {
1824
1825 struct hci_cp_reject_conn_req cp;
1826
1827 bacpy(&cp.bdaddr, &ev->bdaddr);
1828 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1829 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1830 }
1831}
1832
1833static u8 hci_to_mgmt_reason(u8 err)
1834{
1835 switch (err) {
1836 case HCI_ERROR_CONNECTION_TIMEOUT:
1837 return MGMT_DEV_DISCONN_TIMEOUT;
1838 case HCI_ERROR_REMOTE_USER_TERM:
1839 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1840 case HCI_ERROR_REMOTE_POWER_OFF:
1841 return MGMT_DEV_DISCONN_REMOTE;
1842 case HCI_ERROR_LOCAL_HOST_TERM:
1843 return MGMT_DEV_DISCONN_LOCAL_HOST;
1844 default:
1845 return MGMT_DEV_DISCONN_UNKNOWN;
1846 }
1847}
1848
1849static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1850{
1851 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1852 struct hci_conn *conn;
1853
1854 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1855
1856 hci_dev_lock(hdev);
1857
1858 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1859 if (!conn)
1860 goto unlock;
1861
1862 if (ev->status == 0)
1863 conn->state = BT_CLOSED;
1864
1865 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1866 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1867 if (ev->status) {
1868 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1869 conn->dst_type, ev->status);
1870 } else {
1871 u8 reason = hci_to_mgmt_reason(ev->reason);
1872
1873 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1874 conn->dst_type, reason);
1875 }
1876 }
1877
1878 if (ev->status == 0) {
1879 if (conn->type == ACL_LINK && conn->flush_key)
1880 hci_remove_link_key(hdev, &conn->dst);
1881 hci_proto_disconn_cfm(conn, ev->reason);
1882 hci_conn_del(conn);
1883 }
1884
1885unlock:
1886 hci_dev_unlock(hdev);
1887}
1888
1889static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1890{
1891 struct hci_ev_auth_complete *ev = (void *) skb->data;
1892 struct hci_conn *conn;
1893
1894 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1895
1896 hci_dev_lock(hdev);
1897
1898 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1899 if (!conn)
1900 goto unlock;
1901
1902 if (!ev->status) {
1903 if (!hci_conn_ssp_enabled(conn) &&
1904 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1905 BT_INFO("re-auth of legacy device is not possible.");
1906 } else {
1907 conn->link_mode |= HCI_LM_AUTH;
1908 conn->sec_level = conn->pending_sec_level;
1909 }
1910 } else {
1911 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1912 ev->status);
1913 }
1914
1915 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1916 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1917
1918 if (conn->state == BT_CONFIG) {
1919 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1920 struct hci_cp_set_conn_encrypt cp;
1921 cp.handle = ev->handle;
1922 cp.encrypt = 0x01;
1923 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1924 &cp);
1925 } else {
1926 conn->state = BT_CONNECTED;
1927 hci_proto_connect_cfm(conn, ev->status);
1928 hci_conn_drop(conn);
1929 }
1930 } else {
1931 hci_auth_cfm(conn, ev->status);
1932
1933 hci_conn_hold(conn);
1934 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1935 hci_conn_drop(conn);
1936 }
1937
1938 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1939 if (!ev->status) {
1940 struct hci_cp_set_conn_encrypt cp;
1941 cp.handle = ev->handle;
1942 cp.encrypt = 0x01;
1943 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1944 &cp);
1945 } else {
1946 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1947 hci_encrypt_cfm(conn, ev->status, 0x00);
1948 }
1949 }
1950
1951unlock:
1952 hci_dev_unlock(hdev);
1953}
1954
1955static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1956{
1957 struct hci_ev_remote_name *ev = (void *) skb->data;
1958 struct hci_conn *conn;
1959
1960 BT_DBG("%s", hdev->name);
1961
1962 hci_conn_check_pending(hdev);
1963
1964 hci_dev_lock(hdev);
1965
1966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1967
1968 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1969 goto check_auth;
1970
1971 if (ev->status == 0)
1972 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1973 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1974 else
1975 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1976
1977check_auth:
1978 if (!conn)
1979 goto unlock;
1980
1981 if (!hci_outgoing_auth_needed(hdev, conn))
1982 goto unlock;
1983
1984 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1985 struct hci_cp_auth_requested cp;
1986 cp.handle = __cpu_to_le16(conn->handle);
1987 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1988 }
1989
1990unlock:
1991 hci_dev_unlock(hdev);
1992}
1993
1994static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995{
1996 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1997 struct hci_conn *conn;
1998
1999 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2000
2001 hci_dev_lock(hdev);
2002
2003 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2004 if (conn) {
2005 if (!ev->status) {
2006 if (ev->encrypt) {
2007
2008 conn->link_mode |= HCI_LM_AUTH;
2009 conn->link_mode |= HCI_LM_ENCRYPT;
2010 conn->sec_level = conn->pending_sec_level;
2011 } else
2012 conn->link_mode &= ~HCI_LM_ENCRYPT;
2013 }
2014
2015 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2016
2017 if (ev->status && conn->state == BT_CONNECTED) {
2018 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2019 hci_conn_drop(conn);
2020 goto unlock;
2021 }
2022
2023 if (conn->state == BT_CONFIG) {
2024 if (!ev->status)
2025 conn->state = BT_CONNECTED;
2026
2027 hci_proto_connect_cfm(conn, ev->status);
2028 hci_conn_drop(conn);
2029 } else
2030 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2031 }
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
2037static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2038 struct sk_buff *skb)
2039{
2040 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2041 struct hci_conn *conn;
2042
2043 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2044
2045 hci_dev_lock(hdev);
2046
2047 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2048 if (conn) {
2049 if (!ev->status)
2050 conn->link_mode |= HCI_LM_SECURE;
2051
2052 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2053
2054 hci_key_change_cfm(conn, ev->status);
2055 }
2056
2057 hci_dev_unlock(hdev);
2058}
2059
2060static void hci_remote_features_evt(struct hci_dev *hdev,
2061 struct sk_buff *skb)
2062{
2063 struct hci_ev_remote_features *ev = (void *) skb->data;
2064 struct hci_conn *conn;
2065
2066 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2067
2068 hci_dev_lock(hdev);
2069
2070 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2071 if (!conn)
2072 goto unlock;
2073
2074 if (!ev->status)
2075 memcpy(conn->features[0], ev->features, 8);
2076
2077 if (conn->state != BT_CONFIG)
2078 goto unlock;
2079
2080 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2081 struct hci_cp_read_remote_ext_features cp;
2082 cp.handle = ev->handle;
2083 cp.page = 0x01;
2084 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2085 sizeof(cp), &cp);
2086 goto unlock;
2087 }
2088
2089 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2090 struct hci_cp_remote_name_req cp;
2091 memset(&cp, 0, sizeof(cp));
2092 bacpy(&cp.bdaddr, &conn->dst);
2093 cp.pscan_rep_mode = 0x02;
2094 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2095 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2096 mgmt_device_connected(hdev, &conn->dst, conn->type,
2097 conn->dst_type, 0, NULL, 0,
2098 conn->dev_class);
2099
2100 if (!hci_outgoing_auth_needed(hdev, conn)) {
2101 conn->state = BT_CONNECTED;
2102 hci_proto_connect_cfm(conn, ev->status);
2103 hci_conn_drop(conn);
2104 }
2105
2106unlock:
2107 hci_dev_unlock(hdev);
2108}
2109
2110static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2111{
2112 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2113 u8 status = skb->data[sizeof(*ev)];
2114 __u16 opcode;
2115
2116 skb_pull(skb, sizeof(*ev));
2117
2118 opcode = __le16_to_cpu(ev->opcode);
2119
2120 switch (opcode) {
2121 case HCI_OP_INQUIRY_CANCEL:
2122 hci_cc_inquiry_cancel(hdev, skb);
2123 break;
2124
2125 case HCI_OP_PERIODIC_INQ:
2126 hci_cc_periodic_inq(hdev, skb);
2127 break;
2128
2129 case HCI_OP_EXIT_PERIODIC_INQ:
2130 hci_cc_exit_periodic_inq(hdev, skb);
2131 break;
2132
2133 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2134 hci_cc_remote_name_req_cancel(hdev, skb);
2135 break;
2136
2137 case HCI_OP_ROLE_DISCOVERY:
2138 hci_cc_role_discovery(hdev, skb);
2139 break;
2140
2141 case HCI_OP_READ_LINK_POLICY:
2142 hci_cc_read_link_policy(hdev, skb);
2143 break;
2144
2145 case HCI_OP_WRITE_LINK_POLICY:
2146 hci_cc_write_link_policy(hdev, skb);
2147 break;
2148
2149 case HCI_OP_READ_DEF_LINK_POLICY:
2150 hci_cc_read_def_link_policy(hdev, skb);
2151 break;
2152
2153 case HCI_OP_WRITE_DEF_LINK_POLICY:
2154 hci_cc_write_def_link_policy(hdev, skb);
2155 break;
2156
2157 case HCI_OP_RESET:
2158 hci_cc_reset(hdev, skb);
2159 break;
2160
2161 case HCI_OP_WRITE_LOCAL_NAME:
2162 hci_cc_write_local_name(hdev, skb);
2163 break;
2164
2165 case HCI_OP_READ_LOCAL_NAME:
2166 hci_cc_read_local_name(hdev, skb);
2167 break;
2168
2169 case HCI_OP_WRITE_AUTH_ENABLE:
2170 hci_cc_write_auth_enable(hdev, skb);
2171 break;
2172
2173 case HCI_OP_WRITE_ENCRYPT_MODE:
2174 hci_cc_write_encrypt_mode(hdev, skb);
2175 break;
2176
2177 case HCI_OP_WRITE_SCAN_ENABLE:
2178 hci_cc_write_scan_enable(hdev, skb);
2179 break;
2180
2181 case HCI_OP_READ_CLASS_OF_DEV:
2182 hci_cc_read_class_of_dev(hdev, skb);
2183 break;
2184
2185 case HCI_OP_WRITE_CLASS_OF_DEV:
2186 hci_cc_write_class_of_dev(hdev, skb);
2187 break;
2188
2189 case HCI_OP_READ_VOICE_SETTING:
2190 hci_cc_read_voice_setting(hdev, skb);
2191 break;
2192
2193 case HCI_OP_WRITE_VOICE_SETTING:
2194 hci_cc_write_voice_setting(hdev, skb);
2195 break;
2196
2197 case HCI_OP_WRITE_SSP_MODE:
2198 hci_cc_write_ssp_mode(hdev, skb);
2199 break;
2200
2201 case HCI_OP_READ_LOCAL_VERSION:
2202 hci_cc_read_local_version(hdev, skb);
2203 break;
2204
2205 case HCI_OP_READ_LOCAL_COMMANDS:
2206 hci_cc_read_local_commands(hdev, skb);
2207 break;
2208
2209 case HCI_OP_READ_LOCAL_FEATURES:
2210 hci_cc_read_local_features(hdev, skb);
2211 break;
2212
2213 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2214 hci_cc_read_local_ext_features(hdev, skb);
2215 break;
2216
2217 case HCI_OP_READ_BUFFER_SIZE:
2218 hci_cc_read_buffer_size(hdev, skb);
2219 break;
2220
2221 case HCI_OP_READ_BD_ADDR:
2222 hci_cc_read_bd_addr(hdev, skb);
2223 break;
2224
2225 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2226 hci_cc_read_page_scan_activity(hdev, skb);
2227 break;
2228
2229 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2230 hci_cc_write_page_scan_activity(hdev, skb);
2231 break;
2232
2233 case HCI_OP_READ_PAGE_SCAN_TYPE:
2234 hci_cc_read_page_scan_type(hdev, skb);
2235 break;
2236
2237 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2238 hci_cc_write_page_scan_type(hdev, skb);
2239 break;
2240
2241 case HCI_OP_READ_DATA_BLOCK_SIZE:
2242 hci_cc_read_data_block_size(hdev, skb);
2243 break;
2244
2245 case HCI_OP_READ_FLOW_CONTROL_MODE:
2246 hci_cc_read_flow_control_mode(hdev, skb);
2247 break;
2248
2249 case HCI_OP_READ_LOCAL_AMP_INFO:
2250 hci_cc_read_local_amp_info(hdev, skb);
2251 break;
2252
2253 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2254 hci_cc_read_local_amp_assoc(hdev, skb);
2255 break;
2256
2257 case HCI_OP_READ_INQ_RSP_TX_POWER:
2258 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2259 break;
2260
2261 case HCI_OP_PIN_CODE_REPLY:
2262 hci_cc_pin_code_reply(hdev, skb);
2263 break;
2264
2265 case HCI_OP_PIN_CODE_NEG_REPLY:
2266 hci_cc_pin_code_neg_reply(hdev, skb);
2267 break;
2268
2269 case HCI_OP_READ_LOCAL_OOB_DATA:
2270 hci_cc_read_local_oob_data_reply(hdev, skb);
2271 break;
2272
2273 case HCI_OP_LE_READ_BUFFER_SIZE:
2274 hci_cc_le_read_buffer_size(hdev, skb);
2275 break;
2276
2277 case HCI_OP_LE_READ_LOCAL_FEATURES:
2278 hci_cc_le_read_local_features(hdev, skb);
2279 break;
2280
2281 case HCI_OP_LE_READ_ADV_TX_POWER:
2282 hci_cc_le_read_adv_tx_power(hdev, skb);
2283 break;
2284
2285 case HCI_OP_USER_CONFIRM_REPLY:
2286 hci_cc_user_confirm_reply(hdev, skb);
2287 break;
2288
2289 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2290 hci_cc_user_confirm_neg_reply(hdev, skb);
2291 break;
2292
2293 case HCI_OP_USER_PASSKEY_REPLY:
2294 hci_cc_user_passkey_reply(hdev, skb);
2295 break;
2296
2297 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2298 hci_cc_user_passkey_neg_reply(hdev, skb);
2299 break;
2300
2301 case HCI_OP_LE_SET_SCAN_PARAM:
2302 hci_cc_le_set_scan_param(hdev, skb);
2303 break;
2304
2305 case HCI_OP_LE_SET_ADV_ENABLE:
2306 hci_cc_le_set_adv_enable(hdev, skb);
2307 break;
2308
2309 case HCI_OP_LE_SET_SCAN_ENABLE:
2310 hci_cc_le_set_scan_enable(hdev, skb);
2311 break;
2312
2313 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2314 hci_cc_le_read_white_list_size(hdev, skb);
2315 break;
2316
2317 case HCI_OP_LE_READ_SUPPORTED_STATES:
2318 hci_cc_le_read_supported_states(hdev, skb);
2319 break;
2320
2321 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2322 hci_cc_write_le_host_supported(hdev, skb);
2323 break;
2324
2325 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2326 hci_cc_write_remote_amp_assoc(hdev, skb);
2327 break;
2328
2329 default:
2330 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2331 break;
2332 }
2333
2334 if (opcode != HCI_OP_NOP)
2335 del_timer(&hdev->cmd_timer);
2336
2337 hci_req_cmd_complete(hdev, opcode, status);
2338
2339 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2340 atomic_set(&hdev->cmd_cnt, 1);
2341 if (!skb_queue_empty(&hdev->cmd_q))
2342 queue_work(hdev->workqueue, &hdev->cmd_work);
2343 }
2344}
2345
2346static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347{
2348 struct hci_ev_cmd_status *ev = (void *) skb->data;
2349 __u16 opcode;
2350
2351 skb_pull(skb, sizeof(*ev));
2352
2353 opcode = __le16_to_cpu(ev->opcode);
2354
2355 switch (opcode) {
2356 case HCI_OP_INQUIRY:
2357 hci_cs_inquiry(hdev, ev->status);
2358 break;
2359
2360 case HCI_OP_CREATE_CONN:
2361 hci_cs_create_conn(hdev, ev->status);
2362 break;
2363
2364 case HCI_OP_ADD_SCO:
2365 hci_cs_add_sco(hdev, ev->status);
2366 break;
2367
2368 case HCI_OP_AUTH_REQUESTED:
2369 hci_cs_auth_requested(hdev, ev->status);
2370 break;
2371
2372 case HCI_OP_SET_CONN_ENCRYPT:
2373 hci_cs_set_conn_encrypt(hdev, ev->status);
2374 break;
2375
2376 case HCI_OP_REMOTE_NAME_REQ:
2377 hci_cs_remote_name_req(hdev, ev->status);
2378 break;
2379
2380 case HCI_OP_READ_REMOTE_FEATURES:
2381 hci_cs_read_remote_features(hdev, ev->status);
2382 break;
2383
2384 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2385 hci_cs_read_remote_ext_features(hdev, ev->status);
2386 break;
2387
2388 case HCI_OP_SETUP_SYNC_CONN:
2389 hci_cs_setup_sync_conn(hdev, ev->status);
2390 break;
2391
2392 case HCI_OP_SNIFF_MODE:
2393 hci_cs_sniff_mode(hdev, ev->status);
2394 break;
2395
2396 case HCI_OP_EXIT_SNIFF_MODE:
2397 hci_cs_exit_sniff_mode(hdev, ev->status);
2398 break;
2399
2400 case HCI_OP_DISCONNECT:
2401 hci_cs_disconnect(hdev, ev->status);
2402 break;
2403
2404 case HCI_OP_LE_CREATE_CONN:
2405 hci_cs_le_create_conn(hdev, ev->status);
2406 break;
2407
2408 case HCI_OP_CREATE_PHY_LINK:
2409 hci_cs_create_phylink(hdev, ev->status);
2410 break;
2411
2412 case HCI_OP_ACCEPT_PHY_LINK:
2413 hci_cs_accept_phylink(hdev, ev->status);
2414 break;
2415
2416 default:
2417 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2418 break;
2419 }
2420
2421 if (opcode != HCI_OP_NOP)
2422 del_timer(&hdev->cmd_timer);
2423
2424 if (ev->status ||
2425 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2426 hci_req_cmd_complete(hdev, opcode, ev->status);
2427
2428 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2429 atomic_set(&hdev->cmd_cnt, 1);
2430 if (!skb_queue_empty(&hdev->cmd_q))
2431 queue_work(hdev->workqueue, &hdev->cmd_work);
2432 }
2433}
2434
2435static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2436{
2437 struct hci_ev_role_change *ev = (void *) skb->data;
2438 struct hci_conn *conn;
2439
2440 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2441
2442 hci_dev_lock(hdev);
2443
2444 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2445 if (conn) {
2446 if (!ev->status) {
2447 if (ev->role)
2448 conn->link_mode &= ~HCI_LM_MASTER;
2449 else
2450 conn->link_mode |= HCI_LM_MASTER;
2451 }
2452
2453 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2454
2455 hci_role_switch_cfm(conn, ev->status, ev->role);
2456 }
2457
2458 hci_dev_unlock(hdev);
2459}
2460
2461static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462{
2463 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2464 int i;
2465
2466 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2467 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2468 return;
2469 }
2470
2471 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2472 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2473 BT_DBG("%s bad parameters", hdev->name);
2474 return;
2475 }
2476
2477 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2478
2479 for (i = 0; i < ev->num_hndl; i++) {
2480 struct hci_comp_pkts_info *info = &ev->handles[i];
2481 struct hci_conn *conn;
2482 __u16 handle, count;
2483
2484 handle = __le16_to_cpu(info->handle);
2485 count = __le16_to_cpu(info->count);
2486
2487 conn = hci_conn_hash_lookup_handle(hdev, handle);
2488 if (!conn)
2489 continue;
2490
2491 conn->sent -= count;
2492
2493 switch (conn->type) {
2494 case ACL_LINK:
2495 hdev->acl_cnt += count;
2496 if (hdev->acl_cnt > hdev->acl_pkts)
2497 hdev->acl_cnt = hdev->acl_pkts;
2498 break;
2499
2500 case LE_LINK:
2501 if (hdev->le_pkts) {
2502 hdev->le_cnt += count;
2503 if (hdev->le_cnt > hdev->le_pkts)
2504 hdev->le_cnt = hdev->le_pkts;
2505 } else {
2506 hdev->acl_cnt += count;
2507 if (hdev->acl_cnt > hdev->acl_pkts)
2508 hdev->acl_cnt = hdev->acl_pkts;
2509 }
2510 break;
2511
2512 case SCO_LINK:
2513 hdev->sco_cnt += count;
2514 if (hdev->sco_cnt > hdev->sco_pkts)
2515 hdev->sco_cnt = hdev->sco_pkts;
2516 break;
2517
2518 default:
2519 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2520 break;
2521 }
2522 }
2523
2524 queue_work(hdev->workqueue, &hdev->tx_work);
2525}
2526
2527static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2528 __u16 handle)
2529{
2530 struct hci_chan *chan;
2531
2532 switch (hdev->dev_type) {
2533 case HCI_BREDR:
2534 return hci_conn_hash_lookup_handle(hdev, handle);
2535 case HCI_AMP:
2536 chan = hci_chan_lookup_handle(hdev, handle);
2537 if (chan)
2538 return chan->conn;
2539 break;
2540 default:
2541 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2542 break;
2543 }
2544
2545 return NULL;
2546}
2547
2548static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2549{
2550 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2551 int i;
2552
2553 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2554 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2555 return;
2556 }
2557
2558 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2559 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2560 BT_DBG("%s bad parameters", hdev->name);
2561 return;
2562 }
2563
2564 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2565 ev->num_hndl);
2566
2567 for (i = 0; i < ev->num_hndl; i++) {
2568 struct hci_comp_blocks_info *info = &ev->handles[i];
2569 struct hci_conn *conn = NULL;
2570 __u16 handle, block_count;
2571
2572 handle = __le16_to_cpu(info->handle);
2573 block_count = __le16_to_cpu(info->blocks);
2574
2575 conn = __hci_conn_lookup_handle(hdev, handle);
2576 if (!conn)
2577 continue;
2578
2579 conn->sent -= block_count;
2580
2581 switch (conn->type) {
2582 case ACL_LINK:
2583 case AMP_LINK:
2584 hdev->block_cnt += block_count;
2585 if (hdev->block_cnt > hdev->num_blocks)
2586 hdev->block_cnt = hdev->num_blocks;
2587 break;
2588
2589 default:
2590 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2591 break;
2592 }
2593 }
2594
2595 queue_work(hdev->workqueue, &hdev->tx_work);
2596}
2597
2598static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599{
2600 struct hci_ev_mode_change *ev = (void *) skb->data;
2601 struct hci_conn *conn;
2602
2603 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2604
2605 hci_dev_lock(hdev);
2606
2607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2608 if (conn) {
2609 conn->mode = ev->mode;
2610 conn->interval = __le16_to_cpu(ev->interval);
2611
2612 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2613 &conn->flags)) {
2614 if (conn->mode == HCI_CM_ACTIVE)
2615 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2616 else
2617 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2618 }
2619
2620 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2621 hci_sco_setup(conn, ev->status);
2622 }
2623
2624 hci_dev_unlock(hdev);
2625}
2626
2627static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2628{
2629 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2630 struct hci_conn *conn;
2631
2632 BT_DBG("%s", hdev->name);
2633
2634 hci_dev_lock(hdev);
2635
2636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2637 if (!conn)
2638 goto unlock;
2639
2640 if (conn->state == BT_CONNECTED) {
2641 hci_conn_hold(conn);
2642 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2643 hci_conn_drop(conn);
2644 }
2645
2646 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2647 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2648 sizeof(ev->bdaddr), &ev->bdaddr);
2649 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2650 u8 secure;
2651
2652 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2653 secure = 1;
2654 else
2655 secure = 0;
2656
2657 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2658 }
2659
2660unlock:
2661 hci_dev_unlock(hdev);
2662}
2663
2664static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2665{
2666 struct hci_ev_link_key_req *ev = (void *) skb->data;
2667 struct hci_cp_link_key_reply cp;
2668 struct hci_conn *conn;
2669 struct link_key *key;
2670
2671 BT_DBG("%s", hdev->name);
2672
2673 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2674 return;
2675
2676 hci_dev_lock(hdev);
2677
2678 key = hci_find_link_key(hdev, &ev->bdaddr);
2679 if (!key) {
2680 BT_DBG("%s link key not found for %pMR", hdev->name,
2681 &ev->bdaddr);
2682 goto not_found;
2683 }
2684
2685 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2686 &ev->bdaddr);
2687
2688 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2689 key->type == HCI_LK_DEBUG_COMBINATION) {
2690 BT_DBG("%s ignoring debug key", hdev->name);
2691 goto not_found;
2692 }
2693
2694 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2695 if (conn) {
2696 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2697 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2698 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2699 goto not_found;
2700 }
2701
2702 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2703 conn->pending_sec_level == BT_SECURITY_HIGH) {
2704 BT_DBG("%s ignoring key unauthenticated for high security",
2705 hdev->name);
2706 goto not_found;
2707 }
2708
2709 conn->key_type = key->type;
2710 conn->pin_length = key->pin_len;
2711 }
2712
2713 bacpy(&cp.bdaddr, &ev->bdaddr);
2714 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2715
2716 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2717
2718 hci_dev_unlock(hdev);
2719
2720 return;
2721
2722not_found:
2723 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2724 hci_dev_unlock(hdev);
2725}
2726
2727static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2728{
2729 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2730 struct hci_conn *conn;
2731 u8 pin_len = 0;
2732
2733 BT_DBG("%s", hdev->name);
2734
2735 hci_dev_lock(hdev);
2736
2737 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2738 if (conn) {
2739 hci_conn_hold(conn);
2740 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2741 pin_len = conn->pin_length;
2742
2743 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2744 conn->key_type = ev->key_type;
2745
2746 hci_conn_drop(conn);
2747 }
2748
2749 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2750 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2751 ev->key_type, pin_len);
2752
2753 hci_dev_unlock(hdev);
2754}
2755
2756static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2757{
2758 struct hci_ev_clock_offset *ev = (void *) skb->data;
2759 struct hci_conn *conn;
2760
2761 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2762
2763 hci_dev_lock(hdev);
2764
2765 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2766 if (conn && !ev->status) {
2767 struct inquiry_entry *ie;
2768
2769 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2770 if (ie) {
2771 ie->data.clock_offset = ev->clock_offset;
2772 ie->timestamp = jiffies;
2773 }
2774 }
2775
2776 hci_dev_unlock(hdev);
2777}
2778
2779static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2780{
2781 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2782 struct hci_conn *conn;
2783
2784 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2785
2786 hci_dev_lock(hdev);
2787
2788 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2789 if (conn && !ev->status)
2790 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2791
2792 hci_dev_unlock(hdev);
2793}
2794
2795static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2796{
2797 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2798 struct inquiry_entry *ie;
2799
2800 BT_DBG("%s", hdev->name);
2801
2802 hci_dev_lock(hdev);
2803
2804 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2805 if (ie) {
2806 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2807 ie->timestamp = jiffies;
2808 }
2809
2810 hci_dev_unlock(hdev);
2811}
2812
2813static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2814 struct sk_buff *skb)
2815{
2816 struct inquiry_data data;
2817 int num_rsp = *((__u8 *) skb->data);
2818 bool name_known, ssp;
2819
2820 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2821
2822 if (!num_rsp)
2823 return;
2824
2825 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2826 return;
2827
2828 hci_dev_lock(hdev);
2829
2830 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2831 struct inquiry_info_with_rssi_and_pscan_mode *info;
2832 info = (void *) (skb->data + 1);
2833
2834 for (; num_rsp; num_rsp--, info++) {
2835 bacpy(&data.bdaddr, &info->bdaddr);
2836 data.pscan_rep_mode = info->pscan_rep_mode;
2837 data.pscan_period_mode = info->pscan_period_mode;
2838 data.pscan_mode = info->pscan_mode;
2839 memcpy(data.dev_class, info->dev_class, 3);
2840 data.clock_offset = info->clock_offset;
2841 data.rssi = info->rssi;
2842 data.ssp_mode = 0x00;
2843
2844 name_known = hci_inquiry_cache_update(hdev, &data,
2845 false, &ssp);
2846 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2847 info->dev_class, info->rssi,
2848 !name_known, ssp, NULL, 0);
2849 }
2850 } else {
2851 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2852
2853 for (; num_rsp; num_rsp--, info++) {
2854 bacpy(&data.bdaddr, &info->bdaddr);
2855 data.pscan_rep_mode = info->pscan_rep_mode;
2856 data.pscan_period_mode = info->pscan_period_mode;
2857 data.pscan_mode = 0x00;
2858 memcpy(data.dev_class, info->dev_class, 3);
2859 data.clock_offset = info->clock_offset;
2860 data.rssi = info->rssi;
2861 data.ssp_mode = 0x00;
2862 name_known = hci_inquiry_cache_update(hdev, &data,
2863 false, &ssp);
2864 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2865 info->dev_class, info->rssi,
2866 !name_known, ssp, NULL, 0);
2867 }
2868 }
2869
2870 hci_dev_unlock(hdev);
2871}
2872
2873static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2874 struct sk_buff *skb)
2875{
2876 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2877 struct hci_conn *conn;
2878
2879 BT_DBG("%s", hdev->name);
2880
2881 hci_dev_lock(hdev);
2882
2883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2884 if (!conn)
2885 goto unlock;
2886
2887 if (ev->page < HCI_MAX_PAGES)
2888 memcpy(conn->features[ev->page], ev->features, 8);
2889
2890 if (!ev->status && ev->page == 0x01) {
2891 struct inquiry_entry *ie;
2892
2893 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2894 if (ie)
2895 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2896
2897 if (ev->features[0] & LMP_HOST_SSP) {
2898 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2899 } else {
2900
2901
2902
2903
2904
2905
2906
2907
2908 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2909 }
2910 }
2911
2912 if (conn->state != BT_CONFIG)
2913 goto unlock;
2914
2915 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2916 struct hci_cp_remote_name_req cp;
2917 memset(&cp, 0, sizeof(cp));
2918 bacpy(&cp.bdaddr, &conn->dst);
2919 cp.pscan_rep_mode = 0x02;
2920 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2921 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2922 mgmt_device_connected(hdev, &conn->dst, conn->type,
2923 conn->dst_type, 0, NULL, 0,
2924 conn->dev_class);
2925
2926 if (!hci_outgoing_auth_needed(hdev, conn)) {
2927 conn->state = BT_CONNECTED;
2928 hci_proto_connect_cfm(conn, ev->status);
2929 hci_conn_drop(conn);
2930 }
2931
2932unlock:
2933 hci_dev_unlock(hdev);
2934}
2935
2936static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2937 struct sk_buff *skb)
2938{
2939 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2940 struct hci_conn *conn;
2941
2942 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2943
2944 hci_dev_lock(hdev);
2945
2946 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2947 if (!conn) {
2948 if (ev->link_type == ESCO_LINK)
2949 goto unlock;
2950
2951 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2952 if (!conn)
2953 goto unlock;
2954
2955 conn->type = SCO_LINK;
2956 }
2957
2958 switch (ev->status) {
2959 case 0x00:
2960 conn->handle = __le16_to_cpu(ev->handle);
2961 conn->state = BT_CONNECTED;
2962
2963 hci_conn_add_sysfs(conn);
2964 break;
2965
2966 case 0x11:
2967 case 0x1c:
2968 case 0x1a:
2969 case 0x1f:
2970 if (conn->out && conn->attempt < 2) {
2971 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2972 (hdev->esco_type & EDR_ESCO_MASK);
2973 hci_setup_sync(conn, conn->link->handle);
2974 goto unlock;
2975 }
2976
2977
2978 default:
2979 conn->state = BT_CLOSED;
2980 break;
2981 }
2982
2983 hci_proto_connect_cfm(conn, ev->status);
2984 if (ev->status)
2985 hci_conn_del(conn);
2986
2987unlock:
2988 hci_dev_unlock(hdev);
2989}
2990
2991static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2992 struct sk_buff *skb)
2993{
2994 struct inquiry_data data;
2995 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2996 int num_rsp = *((__u8 *) skb->data);
2997 size_t eir_len;
2998
2999 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3000
3001 if (!num_rsp)
3002 return;
3003
3004 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3005 return;
3006
3007 hci_dev_lock(hdev);
3008
3009 for (; num_rsp; num_rsp--, info++) {
3010 bool name_known, ssp;
3011
3012 bacpy(&data.bdaddr, &info->bdaddr);
3013 data.pscan_rep_mode = info->pscan_rep_mode;
3014 data.pscan_period_mode = info->pscan_period_mode;
3015 data.pscan_mode = 0x00;
3016 memcpy(data.dev_class, info->dev_class, 3);
3017 data.clock_offset = info->clock_offset;
3018 data.rssi = info->rssi;
3019 data.ssp_mode = 0x01;
3020
3021 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3022 name_known = eir_has_data_type(info->data,
3023 sizeof(info->data),
3024 EIR_NAME_COMPLETE);
3025 else
3026 name_known = true;
3027
3028 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3029 &ssp);
3030 eir_len = eir_get_length(info->data, sizeof(info->data));
3031 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3032 info->dev_class, info->rssi, !name_known,
3033 ssp, info->data, eir_len);
3034 }
3035
3036 hci_dev_unlock(hdev);
3037}
3038
3039static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3040 struct sk_buff *skb)
3041{
3042 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3043 struct hci_conn *conn;
3044
3045 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3046 __le16_to_cpu(ev->handle));
3047
3048 hci_dev_lock(hdev);
3049
3050 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3051 if (!conn)
3052 goto unlock;
3053
3054 if (!ev->status)
3055 conn->sec_level = conn->pending_sec_level;
3056
3057 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3058
3059 if (ev->status && conn->state == BT_CONNECTED) {
3060 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3061 hci_conn_drop(conn);
3062 goto unlock;
3063 }
3064
3065 if (conn->state == BT_CONFIG) {
3066 if (!ev->status)
3067 conn->state = BT_CONNECTED;
3068
3069 hci_proto_connect_cfm(conn, ev->status);
3070 hci_conn_drop(conn);
3071 } else {
3072 hci_auth_cfm(conn, ev->status);
3073
3074 hci_conn_hold(conn);
3075 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3076 hci_conn_drop(conn);
3077 }
3078
3079unlock:
3080 hci_dev_unlock(hdev);
3081}
3082
3083static u8 hci_get_auth_req(struct hci_conn *conn)
3084{
3085
3086 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3087
3088
3089 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3090 return 0x02;
3091 else
3092 return 0x03;
3093 }
3094
3095
3096 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3097 return conn->remote_auth | (conn->auth_type & 0x01);
3098
3099 return conn->auth_type;
3100}
3101
3102static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3103{
3104 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3105 struct hci_conn *conn;
3106
3107 BT_DBG("%s", hdev->name);
3108
3109 hci_dev_lock(hdev);
3110
3111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3112 if (!conn)
3113 goto unlock;
3114
3115 hci_conn_hold(conn);
3116
3117 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3118 goto unlock;
3119
3120 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3121 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3122 struct hci_cp_io_capability_reply cp;
3123
3124 bacpy(&cp.bdaddr, &ev->bdaddr);
3125
3126
3127 cp.capability = (conn->io_capability == 0x04) ?
3128 0x01 : conn->io_capability;
3129 conn->auth_type = hci_get_auth_req(conn);
3130 cp.authentication = conn->auth_type;
3131
3132 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3133 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3134 cp.oob_data = 0x01;
3135 else
3136 cp.oob_data = 0x00;
3137
3138 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3139 sizeof(cp), &cp);
3140 } else {
3141 struct hci_cp_io_capability_neg_reply cp;
3142
3143 bacpy(&cp.bdaddr, &ev->bdaddr);
3144 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3145
3146 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3147 sizeof(cp), &cp);
3148 }
3149
3150unlock:
3151 hci_dev_unlock(hdev);
3152}
3153
3154static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3155{
3156 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3157 struct hci_conn *conn;
3158
3159 BT_DBG("%s", hdev->name);
3160
3161 hci_dev_lock(hdev);
3162
3163 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3164 if (!conn)
3165 goto unlock;
3166
3167 conn->remote_cap = ev->capability;
3168 conn->remote_auth = ev->authentication;
3169 if (ev->oob_data)
3170 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3171
3172unlock:
3173 hci_dev_unlock(hdev);
3174}
3175
3176static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3177 struct sk_buff *skb)
3178{
3179 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3180 int loc_mitm, rem_mitm, confirm_hint = 0;
3181 struct hci_conn *conn;
3182
3183 BT_DBG("%s", hdev->name);
3184
3185 hci_dev_lock(hdev);
3186
3187 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3188 goto unlock;
3189
3190 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3191 if (!conn)
3192 goto unlock;
3193
3194 loc_mitm = (conn->auth_type & 0x01);
3195 rem_mitm = (conn->remote_auth & 0x01);
3196
3197
3198
3199
3200
3201
3202 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3203 BT_DBG("Rejecting request: remote device can't provide MITM");
3204 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3205 sizeof(ev->bdaddr), &ev->bdaddr);
3206 goto unlock;
3207 }
3208
3209
3210 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3211 (!rem_mitm || conn->io_capability == 0x03)) {
3212
3213
3214
3215
3216 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3217 BT_DBG("Confirming auto-accept as acceptor");
3218 confirm_hint = 1;
3219 goto confirm;
3220 }
3221
3222 BT_DBG("Auto-accept of user confirmation with %ums delay",
3223 hdev->auto_accept_delay);
3224
3225 if (hdev->auto_accept_delay > 0) {
3226 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3227 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3228 goto unlock;
3229 }
3230
3231 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3232 sizeof(ev->bdaddr), &ev->bdaddr);
3233 goto unlock;
3234 }
3235
3236confirm:
3237 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3238 confirm_hint);
3239
3240unlock:
3241 hci_dev_unlock(hdev);
3242}
3243
3244static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3245 struct sk_buff *skb)
3246{
3247 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3248
3249 BT_DBG("%s", hdev->name);
3250
3251 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3252 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3253}
3254
3255static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
3257{
3258 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3259 struct hci_conn *conn;
3260
3261 BT_DBG("%s", hdev->name);
3262
3263 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3264 if (!conn)
3265 return;
3266
3267 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3268 conn->passkey_entered = 0;
3269
3270 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3271 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3272 conn->dst_type, conn->passkey_notify,
3273 conn->passkey_entered);
3274}
3275
3276static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3277{
3278 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3279 struct hci_conn *conn;
3280
3281 BT_DBG("%s", hdev->name);
3282
3283 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3284 if (!conn)
3285 return;
3286
3287 switch (ev->type) {
3288 case HCI_KEYPRESS_STARTED:
3289 conn->passkey_entered = 0;
3290 return;
3291
3292 case HCI_KEYPRESS_ENTERED:
3293 conn->passkey_entered++;
3294 break;
3295
3296 case HCI_KEYPRESS_ERASED:
3297 conn->passkey_entered--;
3298 break;
3299
3300 case HCI_KEYPRESS_CLEARED:
3301 conn->passkey_entered = 0;
3302 break;
3303
3304 case HCI_KEYPRESS_COMPLETED:
3305 return;
3306 }
3307
3308 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3309 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3310 conn->dst_type, conn->passkey_notify,
3311 conn->passkey_entered);
3312}
3313
3314static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3315 struct sk_buff *skb)
3316{
3317 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3318 struct hci_conn *conn;
3319
3320 BT_DBG("%s", hdev->name);
3321
3322 hci_dev_lock(hdev);
3323
3324 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3325 if (!conn)
3326 goto unlock;
3327
3328
3329
3330
3331
3332
3333 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3334 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3335 ev->status);
3336
3337 hci_conn_drop(conn);
3338
3339unlock:
3340 hci_dev_unlock(hdev);
3341}
3342
3343static void hci_remote_host_features_evt(struct hci_dev *hdev,
3344 struct sk_buff *skb)
3345{
3346 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3347 struct inquiry_entry *ie;
3348 struct hci_conn *conn;
3349
3350 BT_DBG("%s", hdev->name);
3351
3352 hci_dev_lock(hdev);
3353
3354 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3355 if (conn)
3356 memcpy(conn->features[1], ev->features, 8);
3357
3358 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3359 if (ie)
3360 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3361
3362 hci_dev_unlock(hdev);
3363}
3364
3365static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3366 struct sk_buff *skb)
3367{
3368 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3369 struct oob_data *data;
3370
3371 BT_DBG("%s", hdev->name);
3372
3373 hci_dev_lock(hdev);
3374
3375 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3376 goto unlock;
3377
3378 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3379 if (data) {
3380 struct hci_cp_remote_oob_data_reply cp;
3381
3382 bacpy(&cp.bdaddr, &ev->bdaddr);
3383 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3384 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3385
3386 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3387 &cp);
3388 } else {
3389 struct hci_cp_remote_oob_data_neg_reply cp;
3390
3391 bacpy(&cp.bdaddr, &ev->bdaddr);
3392 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3393 &cp);
3394 }
3395
3396unlock:
3397 hci_dev_unlock(hdev);
3398}
3399
3400static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3401 struct sk_buff *skb)
3402{
3403 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3404 struct hci_conn *hcon, *bredr_hcon;
3405
3406 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3407 ev->status);
3408
3409 hci_dev_lock(hdev);
3410
3411 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3412 if (!hcon) {
3413 hci_dev_unlock(hdev);
3414 return;
3415 }
3416
3417 if (ev->status) {
3418 hci_conn_del(hcon);
3419 hci_dev_unlock(hdev);
3420 return;
3421 }
3422
3423 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3424
3425 hcon->state = BT_CONNECTED;
3426 bacpy(&hcon->dst, &bredr_hcon->dst);
3427
3428 hci_conn_hold(hcon);
3429 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3430 hci_conn_drop(hcon);
3431
3432 hci_conn_add_sysfs(hcon);
3433
3434 amp_physical_cfm(bredr_hcon, hcon);
3435
3436 hci_dev_unlock(hdev);
3437}
3438
3439static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3440{
3441 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3442 struct hci_conn *hcon;
3443 struct hci_chan *hchan;
3444 struct amp_mgr *mgr;
3445
3446 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3447 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3448 ev->status);
3449
3450 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3451 if (!hcon)
3452 return;
3453
3454
3455 hchan = hci_chan_create(hcon);
3456 if (!hchan)
3457 return;
3458
3459 hchan->handle = le16_to_cpu(ev->handle);
3460
3461 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3462
3463 mgr = hcon->amp_mgr;
3464 if (mgr && mgr->bredr_chan) {
3465 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3466
3467 l2cap_chan_lock(bredr_chan);
3468
3469 bredr_chan->conn->mtu = hdev->block_mtu;
3470 l2cap_logical_cfm(bredr_chan, hchan, 0);
3471 hci_conn_hold(hcon);
3472
3473 l2cap_chan_unlock(bredr_chan);
3474 }
3475}
3476
3477static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3478 struct sk_buff *skb)
3479{
3480 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3481 struct hci_chan *hchan;
3482
3483 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3484 le16_to_cpu(ev->handle), ev->status);
3485
3486 if (ev->status)
3487 return;
3488
3489 hci_dev_lock(hdev);
3490
3491 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3492 if (!hchan)
3493 goto unlock;
3494
3495 amp_destroy_logical_link(hchan, ev->reason);
3496
3497unlock:
3498 hci_dev_unlock(hdev);
3499}
3500
3501static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3502 struct sk_buff *skb)
3503{
3504 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3505 struct hci_conn *hcon;
3506
3507 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3508
3509 if (ev->status)
3510 return;
3511
3512 hci_dev_lock(hdev);
3513
3514 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3515 if (hcon) {
3516 hcon->state = BT_CLOSED;
3517 hci_conn_del(hcon);
3518 }
3519
3520 hci_dev_unlock(hdev);
3521}
3522
3523static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3524{
3525 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3526 struct hci_conn *conn;
3527
3528 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3529
3530 hci_dev_lock(hdev);
3531
3532 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3533 if (!conn) {
3534 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3535 if (!conn) {
3536 BT_ERR("No memory for new connection");
3537 goto unlock;
3538 }
3539
3540 conn->dst_type = ev->bdaddr_type;
3541
3542 if (ev->role == LE_CONN_ROLE_MASTER) {
3543 conn->out = true;
3544 conn->link_mode |= HCI_LM_MASTER;
3545 }
3546 }
3547
3548 if (ev->status) {
3549 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3550 conn->dst_type, ev->status);
3551 hci_proto_connect_cfm(conn, ev->status);
3552 conn->state = BT_CLOSED;
3553 hci_conn_del(conn);
3554 goto unlock;
3555 }
3556
3557 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3558 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3559 conn->dst_type, 0, NULL, 0, NULL);
3560
3561 conn->sec_level = BT_SECURITY_LOW;
3562 conn->handle = __le16_to_cpu(ev->handle);
3563 conn->state = BT_CONNECTED;
3564
3565 hci_conn_add_sysfs(conn);
3566
3567 hci_proto_connect_cfm(conn, ev->status);
3568
3569unlock:
3570 hci_dev_unlock(hdev);
3571}
3572
3573static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3574{
3575 u8 num_reports = skb->data[0];
3576 void *ptr = &skb->data[1];
3577 s8 rssi;
3578
3579 while (num_reports--) {
3580 struct hci_ev_le_advertising_info *ev = ptr;
3581
3582 rssi = ev->data[ev->length];
3583 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3584 NULL, rssi, 0, 1, ev->data, ev->length);
3585
3586 ptr += sizeof(*ev) + ev->length + 1;
3587 }
3588}
3589
3590static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3591{
3592 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3593 struct hci_cp_le_ltk_reply cp;
3594 struct hci_cp_le_ltk_neg_reply neg;
3595 struct hci_conn *conn;
3596 struct smp_ltk *ltk;
3597
3598 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3599
3600 hci_dev_lock(hdev);
3601
3602 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3603 if (conn == NULL)
3604 goto not_found;
3605
3606 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3607 if (ltk == NULL)
3608 goto not_found;
3609
3610 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3611 cp.handle = cpu_to_le16(conn->handle);
3612
3613 if (ltk->authenticated)
3614 conn->sec_level = BT_SECURITY_HIGH;
3615
3616 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3617
3618 if (ltk->type & HCI_SMP_STK) {
3619 list_del(<k->list);
3620 kfree(ltk);
3621 }
3622
3623 hci_dev_unlock(hdev);
3624
3625 return;
3626
3627not_found:
3628 neg.handle = ev->handle;
3629 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3630 hci_dev_unlock(hdev);
3631}
3632
3633static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3634{
3635 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3636
3637 skb_pull(skb, sizeof(*le_ev));
3638
3639 switch (le_ev->subevent) {
3640 case HCI_EV_LE_CONN_COMPLETE:
3641 hci_le_conn_complete_evt(hdev, skb);
3642 break;
3643
3644 case HCI_EV_LE_ADVERTISING_REPORT:
3645 hci_le_adv_report_evt(hdev, skb);
3646 break;
3647
3648 case HCI_EV_LE_LTK_REQ:
3649 hci_le_ltk_request_evt(hdev, skb);
3650 break;
3651
3652 default:
3653 break;
3654 }
3655}
3656
3657static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3658{
3659 struct hci_ev_channel_selected *ev = (void *) skb->data;
3660 struct hci_conn *hcon;
3661
3662 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3663
3664 skb_pull(skb, sizeof(*ev));
3665
3666 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3667 if (!hcon)
3668 return;
3669
3670 amp_read_loc_assoc_final_data(hdev, hcon);
3671}
3672
3673void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3674{
3675 struct hci_event_hdr *hdr = (void *) skb->data;
3676 __u8 event = hdr->evt;
3677
3678 hci_dev_lock(hdev);
3679
3680
3681
3682
3683 if (hdev->req_status == HCI_REQ_PEND) {
3684 kfree_skb(hdev->recv_evt);
3685 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3686 }
3687
3688 hci_dev_unlock(hdev);
3689
3690 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3691
3692 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3693 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3694 u16 opcode = __le16_to_cpu(hdr->opcode);
3695
3696 hci_req_cmd_complete(hdev, opcode, 0);
3697 }
3698
3699 switch (event) {
3700 case HCI_EV_INQUIRY_COMPLETE:
3701 hci_inquiry_complete_evt(hdev, skb);
3702 break;
3703
3704 case HCI_EV_INQUIRY_RESULT:
3705 hci_inquiry_result_evt(hdev, skb);
3706 break;
3707
3708 case HCI_EV_CONN_COMPLETE:
3709 hci_conn_complete_evt(hdev, skb);
3710 break;
3711
3712 case HCI_EV_CONN_REQUEST:
3713 hci_conn_request_evt(hdev, skb);
3714 break;
3715
3716 case HCI_EV_DISCONN_COMPLETE:
3717 hci_disconn_complete_evt(hdev, skb);
3718 break;
3719
3720 case HCI_EV_AUTH_COMPLETE:
3721 hci_auth_complete_evt(hdev, skb);
3722 break;
3723
3724 case HCI_EV_REMOTE_NAME:
3725 hci_remote_name_evt(hdev, skb);
3726 break;
3727
3728 case HCI_EV_ENCRYPT_CHANGE:
3729 hci_encrypt_change_evt(hdev, skb);
3730 break;
3731
3732 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3733 hci_change_link_key_complete_evt(hdev, skb);
3734 break;
3735
3736 case HCI_EV_REMOTE_FEATURES:
3737 hci_remote_features_evt(hdev, skb);
3738 break;
3739
3740 case HCI_EV_CMD_COMPLETE:
3741 hci_cmd_complete_evt(hdev, skb);
3742 break;
3743
3744 case HCI_EV_CMD_STATUS:
3745 hci_cmd_status_evt(hdev, skb);
3746 break;
3747
3748 case HCI_EV_ROLE_CHANGE:
3749 hci_role_change_evt(hdev, skb);
3750 break;
3751
3752 case HCI_EV_NUM_COMP_PKTS:
3753 hci_num_comp_pkts_evt(hdev, skb);
3754 break;
3755
3756 case HCI_EV_MODE_CHANGE:
3757 hci_mode_change_evt(hdev, skb);
3758 break;
3759
3760 case HCI_EV_PIN_CODE_REQ:
3761 hci_pin_code_request_evt(hdev, skb);
3762 break;
3763
3764 case HCI_EV_LINK_KEY_REQ:
3765 hci_link_key_request_evt(hdev, skb);
3766 break;
3767
3768 case HCI_EV_LINK_KEY_NOTIFY:
3769 hci_link_key_notify_evt(hdev, skb);
3770 break;
3771
3772 case HCI_EV_CLOCK_OFFSET:
3773 hci_clock_offset_evt(hdev, skb);
3774 break;
3775
3776 case HCI_EV_PKT_TYPE_CHANGE:
3777 hci_pkt_type_change_evt(hdev, skb);
3778 break;
3779
3780 case HCI_EV_PSCAN_REP_MODE:
3781 hci_pscan_rep_mode_evt(hdev, skb);
3782 break;
3783
3784 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3785 hci_inquiry_result_with_rssi_evt(hdev, skb);
3786 break;
3787
3788 case HCI_EV_REMOTE_EXT_FEATURES:
3789 hci_remote_ext_features_evt(hdev, skb);
3790 break;
3791
3792 case HCI_EV_SYNC_CONN_COMPLETE:
3793 hci_sync_conn_complete_evt(hdev, skb);
3794 break;
3795
3796 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3797 hci_extended_inquiry_result_evt(hdev, skb);
3798 break;
3799
3800 case HCI_EV_KEY_REFRESH_COMPLETE:
3801 hci_key_refresh_complete_evt(hdev, skb);
3802 break;
3803
3804 case HCI_EV_IO_CAPA_REQUEST:
3805 hci_io_capa_request_evt(hdev, skb);
3806 break;
3807
3808 case HCI_EV_IO_CAPA_REPLY:
3809 hci_io_capa_reply_evt(hdev, skb);
3810 break;
3811
3812 case HCI_EV_USER_CONFIRM_REQUEST:
3813 hci_user_confirm_request_evt(hdev, skb);
3814 break;
3815
3816 case HCI_EV_USER_PASSKEY_REQUEST:
3817 hci_user_passkey_request_evt(hdev, skb);
3818 break;
3819
3820 case HCI_EV_USER_PASSKEY_NOTIFY:
3821 hci_user_passkey_notify_evt(hdev, skb);
3822 break;
3823
3824 case HCI_EV_KEYPRESS_NOTIFY:
3825 hci_keypress_notify_evt(hdev, skb);
3826 break;
3827
3828 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3829 hci_simple_pair_complete_evt(hdev, skb);
3830 break;
3831
3832 case HCI_EV_REMOTE_HOST_FEATURES:
3833 hci_remote_host_features_evt(hdev, skb);
3834 break;
3835
3836 case HCI_EV_LE_META:
3837 hci_le_meta_evt(hdev, skb);
3838 break;
3839
3840 case HCI_EV_CHANNEL_SELECTED:
3841 hci_chan_selected_evt(hdev, skb);
3842 break;
3843
3844 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3845 hci_remote_oob_data_request_evt(hdev, skb);
3846 break;
3847
3848 case HCI_EV_PHY_LINK_COMPLETE:
3849 hci_phy_link_complete_evt(hdev, skb);
3850 break;
3851
3852 case HCI_EV_LOGICAL_LINK_COMPLETE:
3853 hci_loglink_complete_evt(hdev, skb);
3854 break;
3855
3856 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3857 hci_disconn_loglink_complete_evt(hdev, skb);
3858 break;
3859
3860 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3861 hci_disconn_phylink_complete_evt(hdev, skb);
3862 break;
3863
3864 case HCI_EV_NUM_COMP_BLOCKS:
3865 hci_num_comp_blocks_evt(hdev, skb);
3866 break;
3867
3868 default:
3869 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3870 break;
3871 }
3872
3873 kfree_skb(skb);
3874 hdev->stat.evt_rx++;
3875}
3876
