1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/mgmt.h>
32
33#include "hci_request.h"
34#include "hci_debugfs.h"
35#include "a2mp.h"
36#include "amp.h"
37#include "smp.h"
38
39#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
41
42
43
44static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
45{
46 __u8 status = *((__u8 *) skb->data);
47
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
49
50 if (status)
51 return;
52
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 smp_mb__after_atomic();
55 wake_up_bit(&hdev->flags, HCI_INQUIRY);
56
57 hci_dev_lock(hdev);
58
59
60
61 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
62 hdev->le_scan_type != LE_SCAN_ACTIVE)
63 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
64 hci_dev_unlock(hdev);
65
66 hci_conn_check_pending(hdev);
67}
68
69static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70{
71 __u8 status = *((__u8 *) skb->data);
72
73 BT_DBG("%s status 0x%2.2x", hdev->name, status);
74
75 if (status)
76 return;
77
78 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
79}
80
81static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
82{
83 __u8 status = *((__u8 *) skb->data);
84
85 BT_DBG("%s status 0x%2.2x", hdev->name, status);
86
87 if (status)
88 return;
89
90 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
91
92 hci_conn_check_pending(hdev);
93}
94
95static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
96 struct sk_buff *skb)
97{
98 BT_DBG("%s", hdev->name);
99}
100
101static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
102{
103 struct hci_rp_role_discovery *rp = (void *) skb->data;
104 struct hci_conn *conn;
105
106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
107
108 if (rp->status)
109 return;
110
111 hci_dev_lock(hdev);
112
113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
114 if (conn)
115 conn->role = rp->role;
116
117 hci_dev_unlock(hdev);
118}
119
120static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
121{
122 struct hci_rp_read_link_policy *rp = (void *) skb->data;
123 struct hci_conn *conn;
124
125 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126
127 if (rp->status)
128 return;
129
130 hci_dev_lock(hdev);
131
132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
133 if (conn)
134 conn->link_policy = __le16_to_cpu(rp->policy);
135
136 hci_dev_unlock(hdev);
137}
138
139static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
140{
141 struct hci_rp_write_link_policy *rp = (void *) skb->data;
142 struct hci_conn *conn;
143 void *sent;
144
145 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
146
147 if (rp->status)
148 return;
149
150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
151 if (!sent)
152 return;
153
154 hci_dev_lock(hdev);
155
156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
157 if (conn)
158 conn->link_policy = get_unaligned_le16(sent + 2);
159
160 hci_dev_unlock(hdev);
161}
162
163static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
164 struct sk_buff *skb)
165{
166 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
167
168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
169
170 if (rp->status)
171 return;
172
173 hdev->link_policy = __le16_to_cpu(rp->policy);
174}
175
176static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
177 struct sk_buff *skb)
178{
179 __u8 status = *((__u8 *) skb->data);
180 void *sent;
181
182 BT_DBG("%s status 0x%2.2x", hdev->name, status);
183
184 if (status)
185 return;
186
187 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
188 if (!sent)
189 return;
190
191 hdev->link_policy = get_unaligned_le16(sent);
192}
193
194static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
195{
196 __u8 status = *((__u8 *) skb->data);
197
198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
199
200 clear_bit(HCI_RESET, &hdev->flags);
201
202 if (status)
203 return;
204
205
206 hci_dev_clear_volatile_flags(hdev);
207
208 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
209
210 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
211 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
212
213 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
214 hdev->adv_data_len = 0;
215
216 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
217 hdev->scan_rsp_data_len = 0;
218
219 hdev->le_scan_type = LE_SCAN_PASSIVE;
220
221 hdev->ssp_debug_mode = 0;
222
223 hci_bdaddr_list_clear(&hdev->le_white_list);
224}
225
226static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
227 struct sk_buff *skb)
228{
229 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
230 struct hci_cp_read_stored_link_key *sent;
231
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
235 if (!sent)
236 return;
237
238 if (!rp->status && sent->read_all == 0x01) {
239 hdev->stored_max_keys = rp->max_keys;
240 hdev->stored_num_keys = rp->num_keys;
241 }
242}
243
244static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
245 struct sk_buff *skb)
246{
247 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
248
249 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250
251 if (rp->status)
252 return;
253
254 if (rp->num_keys <= hdev->stored_num_keys)
255 hdev->stored_num_keys -= rp->num_keys;
256 else
257 hdev->stored_num_keys = 0;
258}
259
260static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
261{
262 __u8 status = *((__u8 *) skb->data);
263 void *sent;
264
265 BT_DBG("%s status 0x%2.2x", hdev->name, status);
266
267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
268 if (!sent)
269 return;
270
271 hci_dev_lock(hdev);
272
273 if (hci_dev_test_flag(hdev, HCI_MGMT))
274 mgmt_set_local_name_complete(hdev, sent, status);
275 else if (!status)
276 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
277
278 hci_dev_unlock(hdev);
279}
280
281static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
282{
283 struct hci_rp_read_local_name *rp = (void *) skb->data;
284
285 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
286
287 if (rp->status)
288 return;
289
290 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
291 hci_dev_test_flag(hdev, HCI_CONFIG))
292 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
293}
294
295static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
296{
297 __u8 status = *((__u8 *) skb->data);
298 void *sent;
299
300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
301
302 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
303 if (!sent)
304 return;
305
306 hci_dev_lock(hdev);
307
308 if (!status) {
309 __u8 param = *((__u8 *) sent);
310
311 if (param == AUTH_ENABLED)
312 set_bit(HCI_AUTH, &hdev->flags);
313 else
314 clear_bit(HCI_AUTH, &hdev->flags);
315 }
316
317 if (hci_dev_test_flag(hdev, HCI_MGMT))
318 mgmt_auth_enable_complete(hdev, status);
319
320 hci_dev_unlock(hdev);
321}
322
323static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
324{
325 __u8 status = *((__u8 *) skb->data);
326 __u8 param;
327 void *sent;
328
329 BT_DBG("%s status 0x%2.2x", hdev->name, status);
330
331 if (status)
332 return;
333
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
335 if (!sent)
336 return;
337
338 param = *((__u8 *) sent);
339
340 if (param)
341 set_bit(HCI_ENCRYPT, &hdev->flags);
342 else
343 clear_bit(HCI_ENCRYPT, &hdev->flags);
344}
345
346static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
347{
348 __u8 status = *((__u8 *) skb->data);
349 __u8 param;
350 void *sent;
351
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
353
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
355 if (!sent)
356 return;
357
358 param = *((__u8 *) sent);
359
360 hci_dev_lock(hdev);
361
362 if (status) {
363 hdev->discov_timeout = 0;
364 goto done;
365 }
366
367 if (param & SCAN_INQUIRY)
368 set_bit(HCI_ISCAN, &hdev->flags);
369 else
370 clear_bit(HCI_ISCAN, &hdev->flags);
371
372 if (param & SCAN_PAGE)
373 set_bit(HCI_PSCAN, &hdev->flags);
374 else
375 clear_bit(HCI_PSCAN, &hdev->flags);
376
377done:
378 hci_dev_unlock(hdev);
379}
380
381static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
382{
383 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
384
385 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386
387 if (rp->status)
388 return;
389
390 memcpy(hdev->dev_class, rp->dev_class, 3);
391
392 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
393 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
394}
395
396static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
397{
398 __u8 status = *((__u8 *) skb->data);
399 void *sent;
400
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
402
403 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
404 if (!sent)
405 return;
406
407 hci_dev_lock(hdev);
408
409 if (status == 0)
410 memcpy(hdev->dev_class, sent, 3);
411
412 if (hci_dev_test_flag(hdev, HCI_MGMT))
413 mgmt_set_class_of_dev_complete(hdev, sent, status);
414
415 hci_dev_unlock(hdev);
416}
417
418static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
419{
420 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
421 __u16 setting;
422
423 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
424
425 if (rp->status)
426 return;
427
428 setting = __le16_to_cpu(rp->voice_setting);
429
430 if (hdev->voice_setting == setting)
431 return;
432
433 hdev->voice_setting = setting;
434
435 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
436
437 if (hdev->notify)
438 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
439}
440
441static void hci_cc_write_voice_setting(struct hci_dev *hdev,
442 struct sk_buff *skb)
443{
444 __u8 status = *((__u8 *) skb->data);
445 __u16 setting;
446 void *sent;
447
448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
449
450 if (status)
451 return;
452
453 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
454 if (!sent)
455 return;
456
457 setting = get_unaligned_le16(sent);
458
459 if (hdev->voice_setting == setting)
460 return;
461
462 hdev->voice_setting = setting;
463
464 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
465
466 if (hdev->notify)
467 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
468}
469
470static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
471 struct sk_buff *skb)
472{
473 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
474
475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476
477 if (rp->status)
478 return;
479
480 hdev->num_iac = rp->num_iac;
481
482 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
483}
484
485static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
486{
487 __u8 status = *((__u8 *) skb->data);
488 struct hci_cp_write_ssp_mode *sent;
489
490 BT_DBG("%s status 0x%2.2x", hdev->name, status);
491
492 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
493 if (!sent)
494 return;
495
496 hci_dev_lock(hdev);
497
498 if (!status) {
499 if (sent->mode)
500 hdev->features[1][0] |= LMP_HOST_SSP;
501 else
502 hdev->features[1][0] &= ~LMP_HOST_SSP;
503 }
504
505 if (hci_dev_test_flag(hdev, HCI_MGMT))
506 mgmt_ssp_enable_complete(hdev, sent->mode, status);
507 else if (!status) {
508 if (sent->mode)
509 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
510 else
511 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
512 }
513
514 hci_dev_unlock(hdev);
515}
516
517static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
518{
519 u8 status = *((u8 *) skb->data);
520 struct hci_cp_write_sc_support *sent;
521
522 BT_DBG("%s status 0x%2.2x", hdev->name, status);
523
524 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
525 if (!sent)
526 return;
527
528 hci_dev_lock(hdev);
529
530 if (!status) {
531 if (sent->support)
532 hdev->features[1][0] |= LMP_HOST_SC;
533 else
534 hdev->features[1][0] &= ~LMP_HOST_SC;
535 }
536
537 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
538 if (sent->support)
539 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
540 else
541 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
542 }
543
544 hci_dev_unlock(hdev);
545}
546
547static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548{
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
550
551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
552
553 if (rp->status)
554 return;
555
556 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
557 hci_dev_test_flag(hdev, HCI_CONFIG)) {
558 hdev->hci_ver = rp->hci_ver;
559 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
560 hdev->lmp_ver = rp->lmp_ver;
561 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
562 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
563 }
564}
565
566static void hci_cc_read_local_commands(struct hci_dev *hdev,
567 struct sk_buff *skb)
568{
569 struct hci_rp_read_local_commands *rp = (void *) skb->data;
570
571 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
572
573 if (rp->status)
574 return;
575
576 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
577 hci_dev_test_flag(hdev, HCI_CONFIG))
578 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
579}
580
581static void hci_cc_read_local_features(struct hci_dev *hdev,
582 struct sk_buff *skb)
583{
584 struct hci_rp_read_local_features *rp = (void *) skb->data;
585
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
587
588 if (rp->status)
589 return;
590
591 memcpy(hdev->features, rp->features, 8);
592
593
594
595
596 if (hdev->features[0][0] & LMP_3SLOT)
597 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
598
599 if (hdev->features[0][0] & LMP_5SLOT)
600 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
601
602 if (hdev->features[0][1] & LMP_HV2) {
603 hdev->pkt_type |= (HCI_HV2);
604 hdev->esco_type |= (ESCO_HV2);
605 }
606
607 if (hdev->features[0][1] & LMP_HV3) {
608 hdev->pkt_type |= (HCI_HV3);
609 hdev->esco_type |= (ESCO_HV3);
610 }
611
612 if (lmp_esco_capable(hdev))
613 hdev->esco_type |= (ESCO_EV3);
614
615 if (hdev->features[0][4] & LMP_EV4)
616 hdev->esco_type |= (ESCO_EV4);
617
618 if (hdev->features[0][4] & LMP_EV5)
619 hdev->esco_type |= (ESCO_EV5);
620
621 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
622 hdev->esco_type |= (ESCO_2EV3);
623
624 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
625 hdev->esco_type |= (ESCO_3EV3);
626
627 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
628 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
629}
630
631static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
632 struct sk_buff *skb)
633{
634 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
635
636 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637
638 if (rp->status)
639 return;
640
641 if (hdev->max_page < rp->max_page)
642 hdev->max_page = rp->max_page;
643
644 if (rp->page < HCI_MAX_PAGES)
645 memcpy(hdev->features[rp->page], rp->features, 8);
646}
647
648static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
649 struct sk_buff *skb)
650{
651 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
652
653 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
654
655 if (rp->status)
656 return;
657
658 hdev->flow_ctl_mode = rp->mode;
659}
660
661static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662{
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
664
665 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
666
667 if (rp->status)
668 return;
669
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
678 }
679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
684 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
685}
686
687static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
688{
689 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
690
691 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
692
693 if (rp->status)
694 return;
695
696 if (test_bit(HCI_INIT, &hdev->flags))
697 bacpy(&hdev->bdaddr, &rp->bdaddr);
698
699 if (hci_dev_test_flag(hdev, HCI_SETUP))
700 bacpy(&hdev->setup_addr, &rp->bdaddr);
701}
702
703static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
704 struct sk_buff *skb)
705{
706 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
707
708 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
709
710 if (rp->status)
711 return;
712
713 if (test_bit(HCI_INIT, &hdev->flags)) {
714 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
715 hdev->page_scan_window = __le16_to_cpu(rp->window);
716 }
717}
718
719static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
720 struct sk_buff *skb)
721{
722 u8 status = *((u8 *) skb->data);
723 struct hci_cp_write_page_scan_activity *sent;
724
725 BT_DBG("%s status 0x%2.2x", hdev->name, status);
726
727 if (status)
728 return;
729
730 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
731 if (!sent)
732 return;
733
734 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
735 hdev->page_scan_window = __le16_to_cpu(sent->window);
736}
737
738static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
739 struct sk_buff *skb)
740{
741 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
742
743 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
744
745 if (rp->status)
746 return;
747
748 if (test_bit(HCI_INIT, &hdev->flags))
749 hdev->page_scan_type = rp->type;
750}
751
752static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
753 struct sk_buff *skb)
754{
755 u8 status = *((u8 *) skb->data);
756 u8 *type;
757
758 BT_DBG("%s status 0x%2.2x", hdev->name, status);
759
760 if (status)
761 return;
762
763 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
764 if (type)
765 hdev->page_scan_type = *type;
766}
767
768static void hci_cc_read_data_block_size(struct hci_dev *hdev,
769 struct sk_buff *skb)
770{
771 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
774
775 if (rp->status)
776 return;
777
778 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
779 hdev->block_len = __le16_to_cpu(rp->block_len);
780 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
781
782 hdev->block_cnt = hdev->num_blocks;
783
784 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
785 hdev->block_cnt, hdev->block_len);
786}
787
788static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
789{
790 struct hci_rp_read_clock *rp = (void *) skb->data;
791 struct hci_cp_read_clock *cp;
792 struct hci_conn *conn;
793
794 BT_DBG("%s", hdev->name);
795
796 if (skb->len < sizeof(*rp))
797 return;
798
799 if (rp->status)
800 return;
801
802 hci_dev_lock(hdev);
803
804 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
805 if (!cp)
806 goto unlock;
807
808 if (cp->which == 0x00) {
809 hdev->clock = le32_to_cpu(rp->clock);
810 goto unlock;
811 }
812
813 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
814 if (conn) {
815 conn->clock = le32_to_cpu(rp->clock);
816 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
817 }
818
819unlock:
820 hci_dev_unlock(hdev);
821}
822
823static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
824 struct sk_buff *skb)
825{
826 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
827
828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829
830 if (rp->status)
831 return;
832
833 hdev->amp_status = rp->amp_status;
834 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
835 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
836 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
837 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
838 hdev->amp_type = rp->amp_type;
839 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
840 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
841 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
842 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
843}
844
845static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
846 struct sk_buff *skb)
847{
848 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
849
850 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
851
852 if (rp->status)
853 return;
854
855 hdev->inq_tx_power = rp->tx_power;
856}
857
858static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
859{
860 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
861 struct hci_cp_pin_code_reply *cp;
862 struct hci_conn *conn;
863
864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
865
866 hci_dev_lock(hdev);
867
868 if (hci_dev_test_flag(hdev, HCI_MGMT))
869 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
870
871 if (rp->status)
872 goto unlock;
873
874 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
875 if (!cp)
876 goto unlock;
877
878 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
879 if (conn)
880 conn->pin_length = cp->pin_len;
881
882unlock:
883 hci_dev_unlock(hdev);
884}
885
886static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
887{
888 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
889
890 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
891
892 hci_dev_lock(hdev);
893
894 if (hci_dev_test_flag(hdev, HCI_MGMT))
895 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
896 rp->status);
897
898 hci_dev_unlock(hdev);
899}
900
901static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
902 struct sk_buff *skb)
903{
904 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
905
906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
907
908 if (rp->status)
909 return;
910
911 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
912 hdev->le_pkts = rp->le_max_pkt;
913
914 hdev->le_cnt = hdev->le_pkts;
915
916 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
917}
918
919static void hci_cc_le_read_local_features(struct hci_dev *hdev,
920 struct sk_buff *skb)
921{
922 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
923
924 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925
926 if (rp->status)
927 return;
928
929 memcpy(hdev->le_features, rp->features, 8);
930}
931
932static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
933 struct sk_buff *skb)
934{
935 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
936
937 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
938
939 if (rp->status)
940 return;
941
942 hdev->adv_tx_power = rp->tx_power;
943}
944
945static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
946{
947 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
948
949 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950
951 hci_dev_lock(hdev);
952
953 if (hci_dev_test_flag(hdev, HCI_MGMT))
954 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
955 rp->status);
956
957 hci_dev_unlock(hdev);
958}
959
960static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
961 struct sk_buff *skb)
962{
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
964
965 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
966
967 hci_dev_lock(hdev);
968
969 if (hci_dev_test_flag(hdev, HCI_MGMT))
970 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
971 ACL_LINK, 0, rp->status);
972
973 hci_dev_unlock(hdev);
974}
975
976static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
977{
978 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
979
980 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
981
982 hci_dev_lock(hdev);
983
984 if (hci_dev_test_flag(hdev, HCI_MGMT))
985 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
986 0, rp->status);
987
988 hci_dev_unlock(hdev);
989}
990
991static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
992 struct sk_buff *skb)
993{
994 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
995
996 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
997
998 hci_dev_lock(hdev);
999
1000 if (hci_dev_test_flag(hdev, HCI_MGMT))
1001 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1002 ACL_LINK, 0, rp->status);
1003
1004 hci_dev_unlock(hdev);
1005}
1006
1007static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1008 struct sk_buff *skb)
1009{
1010 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1011
1012 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1013}
1014
1015static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1021}
1022
1023static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1024{
1025 __u8 status = *((__u8 *) skb->data);
1026 bdaddr_t *sent;
1027
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029
1030 if (status)
1031 return;
1032
1033 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1034 if (!sent)
1035 return;
1036
1037 hci_dev_lock(hdev);
1038
1039 bacpy(&hdev->random_addr, sent);
1040
1041 hci_dev_unlock(hdev);
1042}
1043
1044static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1045{
1046 __u8 *sent, status = *((__u8 *) skb->data);
1047
1048 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1049
1050 if (status)
1051 return;
1052
1053 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1054 if (!sent)
1055 return;
1056
1057 hci_dev_lock(hdev);
1058
1059
1060
1061
1062 if (*sent) {
1063 struct hci_conn *conn;
1064
1065 hci_dev_set_flag(hdev, HCI_LE_ADV);
1066
1067 conn = hci_lookup_le_connect(hdev);
1068 if (conn)
1069 queue_delayed_work(hdev->workqueue,
1070 &conn->le_conn_timeout,
1071 conn->conn_timeout);
1072 } else {
1073 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1074 }
1075
1076 hci_dev_unlock(hdev);
1077}
1078
1079static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1080{
1081 struct hci_cp_le_set_scan_param *cp;
1082 __u8 status = *((__u8 *) skb->data);
1083
1084 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1085
1086 if (status)
1087 return;
1088
1089 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1090 if (!cp)
1091 return;
1092
1093 hci_dev_lock(hdev);
1094
1095 hdev->le_scan_type = cp->type;
1096
1097 hci_dev_unlock(hdev);
1098}
1099
1100static bool has_pending_adv_report(struct hci_dev *hdev)
1101{
1102 struct discovery_state *d = &hdev->discovery;
1103
1104 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1105}
1106
1107static void clear_pending_adv_report(struct hci_dev *hdev)
1108{
1109 struct discovery_state *d = &hdev->discovery;
1110
1111 bacpy(&d->last_adv_addr, BDADDR_ANY);
1112 d->last_adv_data_len = 0;
1113}
1114
1115static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1116 u8 bdaddr_type, s8 rssi, u32 flags,
1117 u8 *data, u8 len)
1118{
1119 struct discovery_state *d = &hdev->discovery;
1120
1121 bacpy(&d->last_adv_addr, bdaddr);
1122 d->last_adv_addr_type = bdaddr_type;
1123 d->last_adv_rssi = rssi;
1124 d->last_adv_flags = flags;
1125 memcpy(d->last_adv_data, data, len);
1126 d->last_adv_data_len = len;
1127}
1128
1129static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1130 struct sk_buff *skb)
1131{
1132 struct hci_cp_le_set_scan_enable *cp;
1133 __u8 status = *((__u8 *) skb->data);
1134
1135 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136
1137 if (status)
1138 return;
1139
1140 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1141 if (!cp)
1142 return;
1143
1144 hci_dev_lock(hdev);
1145
1146 switch (cp->enable) {
1147 case LE_SCAN_ENABLE:
1148 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1149 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1150 clear_pending_adv_report(hdev);
1151 break;
1152
1153 case LE_SCAN_DISABLE:
1154
1155
1156
1157
1158 if (has_pending_adv_report(hdev)) {
1159 struct discovery_state *d = &hdev->discovery;
1160
1161 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1162 d->last_adv_addr_type, NULL,
1163 d->last_adv_rssi, d->last_adv_flags,
1164 d->last_adv_data,
1165 d->last_adv_data_len, NULL, 0);
1166 }
1167
1168
1169
1170
1171 cancel_delayed_work(&hdev->le_scan_disable);
1172
1173 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1174
1175
1176
1177
1178
1179
1180
1181
1182 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1183 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1184 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1185 hdev->discovery.state == DISCOVERY_FINDING)
1186 hci_req_reenable_advertising(hdev);
1187
1188 break;
1189
1190 default:
1191 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1192 cp->enable);
1193 break;
1194 }
1195
1196 hci_dev_unlock(hdev);
1197}
1198
1199static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1201{
1202 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1203
1204 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1205
1206 if (rp->status)
1207 return;
1208
1209 hdev->le_white_list_size = rp->size;
1210}
1211
1212static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1213 struct sk_buff *skb)
1214{
1215 __u8 status = *((__u8 *) skb->data);
1216
1217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1218
1219 if (status)
1220 return;
1221
1222 hci_bdaddr_list_clear(&hdev->le_white_list);
1223}
1224
1225static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1226 struct sk_buff *skb)
1227{
1228 struct hci_cp_le_add_to_white_list *sent;
1229 __u8 status = *((__u8 *) skb->data);
1230
1231 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1232
1233 if (status)
1234 return;
1235
1236 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1237 if (!sent)
1238 return;
1239
1240 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1241 sent->bdaddr_type);
1242}
1243
1244static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1245 struct sk_buff *skb)
1246{
1247 struct hci_cp_le_del_from_white_list *sent;
1248 __u8 status = *((__u8 *) skb->data);
1249
1250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1251
1252 if (status)
1253 return;
1254
1255 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1256 if (!sent)
1257 return;
1258
1259 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1260 sent->bdaddr_type);
1261}
1262
1263static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1264 struct sk_buff *skb)
1265{
1266 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1267
1268 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1269
1270 if (rp->status)
1271 return;
1272
1273 memcpy(hdev->le_states, rp->le_states, 8);
1274}
1275
1276static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1277 struct sk_buff *skb)
1278{
1279 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1280
1281 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1282
1283 if (rp->status)
1284 return;
1285
1286 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1287 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1288}
1289
1290static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1291 struct sk_buff *skb)
1292{
1293 struct hci_cp_le_write_def_data_len *sent;
1294 __u8 status = *((__u8 *) skb->data);
1295
1296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1297
1298 if (status)
1299 return;
1300
1301 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1302 if (!sent)
1303 return;
1304
1305 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1306 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1307}
1308
1309static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1310 struct sk_buff *skb)
1311{
1312 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1313
1314 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1315
1316 if (rp->status)
1317 return;
1318
1319 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1320 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1321 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1322 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1323}
1324
1325static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1326 struct sk_buff *skb)
1327{
1328 struct hci_cp_write_le_host_supported *sent;
1329 __u8 status = *((__u8 *) skb->data);
1330
1331 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1332
1333 if (status)
1334 return;
1335
1336 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1337 if (!sent)
1338 return;
1339
1340 hci_dev_lock(hdev);
1341
1342 if (sent->le) {
1343 hdev->features[1][0] |= LMP_HOST_LE;
1344 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1345 } else {
1346 hdev->features[1][0] &= ~LMP_HOST_LE;
1347 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1348 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1349 }
1350
1351 if (sent->simul)
1352 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1353 else
1354 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1355
1356 hci_dev_unlock(hdev);
1357}
1358
1359static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1360{
1361 struct hci_cp_le_set_adv_param *cp;
1362 u8 status = *((u8 *) skb->data);
1363
1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1365
1366 if (status)
1367 return;
1368
1369 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1370 if (!cp)
1371 return;
1372
1373 hci_dev_lock(hdev);
1374 hdev->adv_addr_type = cp->own_address_type;
1375 hci_dev_unlock(hdev);
1376}
1377
1378static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1379{
1380 struct hci_rp_read_rssi *rp = (void *) skb->data;
1381 struct hci_conn *conn;
1382
1383 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1384
1385 if (rp->status)
1386 return;
1387
1388 hci_dev_lock(hdev);
1389
1390 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1391 if (conn)
1392 conn->rssi = rp->rssi;
1393
1394 hci_dev_unlock(hdev);
1395}
1396
1397static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1398{
1399 struct hci_cp_read_tx_power *sent;
1400 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1401 struct hci_conn *conn;
1402
1403 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1404
1405 if (rp->status)
1406 return;
1407
1408 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1409 if (!sent)
1410 return;
1411
1412 hci_dev_lock(hdev);
1413
1414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1415 if (!conn)
1416 goto unlock;
1417
1418 switch (sent->type) {
1419 case 0x00:
1420 conn->tx_power = rp->tx_power;
1421 break;
1422 case 0x01:
1423 conn->max_tx_power = rp->tx_power;
1424 break;
1425 }
1426
1427unlock:
1428 hci_dev_unlock(hdev);
1429}
1430
1431static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1432{
1433 u8 status = *((u8 *) skb->data);
1434 u8 *mode;
1435
1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437
1438 if (status)
1439 return;
1440
1441 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1442 if (mode)
1443 hdev->ssp_debug_mode = *mode;
1444}
1445
1446static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1447{
1448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1449
1450 if (status) {
1451 hci_conn_check_pending(hdev);
1452 return;
1453 }
1454
1455 set_bit(HCI_INQUIRY, &hdev->flags);
1456}
1457
1458static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1459{
1460 struct hci_cp_create_conn *cp;
1461 struct hci_conn *conn;
1462
1463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1464
1465 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1466 if (!cp)
1467 return;
1468
1469 hci_dev_lock(hdev);
1470
1471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1472
1473 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1474
1475 if (status) {
1476 if (conn && conn->state == BT_CONNECT) {
1477 if (status != 0x0c || conn->attempt > 2) {
1478 conn->state = BT_CLOSED;
1479 hci_connect_cfm(conn, status);
1480 hci_conn_del(conn);
1481 } else
1482 conn->state = BT_CONNECT2;
1483 }
1484 } else {
1485 if (!conn) {
1486 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1487 HCI_ROLE_MASTER);
1488 if (!conn)
1489 bt_dev_err(hdev, "no memory for new connection");
1490 }
1491 }
1492
1493 hci_dev_unlock(hdev);
1494}
1495
1496static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1497{
1498 struct hci_cp_add_sco *cp;
1499 struct hci_conn *acl, *sco;
1500 __u16 handle;
1501
1502 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1503
1504 if (!status)
1505 return;
1506
1507 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1508 if (!cp)
1509 return;
1510
1511 handle = __le16_to_cpu(cp->handle);
1512
1513 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1514
1515 hci_dev_lock(hdev);
1516
1517 acl = hci_conn_hash_lookup_handle(hdev, handle);
1518 if (acl) {
1519 sco = acl->link;
1520 if (sco) {
1521 sco->state = BT_CLOSED;
1522
1523 hci_connect_cfm(sco, status);
1524 hci_conn_del(sco);
1525 }
1526 }
1527
1528 hci_dev_unlock(hdev);
1529}
1530
1531static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1532{
1533 struct hci_cp_auth_requested *cp;
1534 struct hci_conn *conn;
1535
1536 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1537
1538 if (!status)
1539 return;
1540
1541 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1542 if (!cp)
1543 return;
1544
1545 hci_dev_lock(hdev);
1546
1547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1548 if (conn) {
1549 if (conn->state == BT_CONFIG) {
1550 hci_connect_cfm(conn, status);
1551 hci_conn_drop(conn);
1552 }
1553 }
1554
1555 hci_dev_unlock(hdev);
1556}
1557
1558static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1559{
1560 struct hci_cp_set_conn_encrypt *cp;
1561 struct hci_conn *conn;
1562
1563 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1564
1565 if (!status)
1566 return;
1567
1568 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1569 if (!cp)
1570 return;
1571
1572 hci_dev_lock(hdev);
1573
1574 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1575 if (conn) {
1576 if (conn->state == BT_CONFIG) {
1577 hci_connect_cfm(conn, status);
1578 hci_conn_drop(conn);
1579 }
1580 }
1581
1582 hci_dev_unlock(hdev);
1583}
1584
1585static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1586 struct hci_conn *conn)
1587{
1588 if (conn->state != BT_CONFIG || !conn->out)
1589 return 0;
1590
1591 if (conn->pending_sec_level == BT_SECURITY_SDP)
1592 return 0;
1593
1594
1595
1596
1597
1598 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1599 conn->pending_sec_level != BT_SECURITY_FIPS &&
1600 conn->pending_sec_level != BT_SECURITY_HIGH &&
1601 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1602 return 0;
1603
1604 return 1;
1605}
1606
1607static int hci_resolve_name(struct hci_dev *hdev,
1608 struct inquiry_entry *e)
1609{
1610 struct hci_cp_remote_name_req cp;
1611
1612 memset(&cp, 0, sizeof(cp));
1613
1614 bacpy(&cp.bdaddr, &e->data.bdaddr);
1615 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1616 cp.pscan_mode = e->data.pscan_mode;
1617 cp.clock_offset = e->data.clock_offset;
1618
1619 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1620}
1621
1622static bool hci_resolve_next_name(struct hci_dev *hdev)
1623{
1624 struct discovery_state *discov = &hdev->discovery;
1625 struct inquiry_entry *e;
1626
1627 if (list_empty(&discov->resolve))
1628 return false;
1629
1630 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1631 if (!e)
1632 return false;
1633
1634 if (hci_resolve_name(hdev, e) == 0) {
1635 e->name_state = NAME_PENDING;
1636 return true;
1637 }
1638
1639 return false;
1640}
1641
1642static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1643 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1644{
1645 struct discovery_state *discov = &hdev->discovery;
1646 struct inquiry_entry *e;
1647
1648
1649
1650
1651
1652
1653 if (conn &&
1654 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
1655 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1656 mgmt_device_connected(hdev, conn, 0, name, name_len);
1657
1658 if (discov->state == DISCOVERY_STOPPED)
1659 return;
1660
1661 if (discov->state == DISCOVERY_STOPPING)
1662 goto discov_complete;
1663
1664 if (discov->state != DISCOVERY_RESOLVING)
1665 return;
1666
1667 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1668
1669
1670
1671
1672 if (!e)
1673 return;
1674
1675 list_del(&e->list);
1676 if (name) {
1677 e->name_state = NAME_KNOWN;
1678 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1679 e->data.rssi, name, name_len);
1680 } else {
1681 e->name_state = NAME_NOT_KNOWN;
1682 }
1683
1684 if (hci_resolve_next_name(hdev))
1685 return;
1686
1687discov_complete:
1688 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1689}
1690
1691static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1692{
1693 struct hci_cp_remote_name_req *cp;
1694 struct hci_conn *conn;
1695
1696 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1697
1698
1699
1700 if (!status)
1701 return;
1702
1703 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1704 if (!cp)
1705 return;
1706
1707 hci_dev_lock(hdev);
1708
1709 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1710
1711 if (hci_dev_test_flag(hdev, HCI_MGMT))
1712 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1713
1714 if (!conn)
1715 goto unlock;
1716
1717 if (!hci_outgoing_auth_needed(hdev, conn))
1718 goto unlock;
1719
1720 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1721 struct hci_cp_auth_requested auth_cp;
1722
1723 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1724
1725 auth_cp.handle = __cpu_to_le16(conn->handle);
1726 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1727 sizeof(auth_cp), &auth_cp);
1728 }
1729
1730unlock:
1731 hci_dev_unlock(hdev);
1732}
1733
1734static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1735{
1736 struct hci_cp_read_remote_features *cp;
1737 struct hci_conn *conn;
1738
1739 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1740
1741 if (!status)
1742 return;
1743
1744 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1745 if (!cp)
1746 return;
1747
1748 hci_dev_lock(hdev);
1749
1750 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1751 if (conn) {
1752 if (conn->state == BT_CONFIG) {
1753 hci_connect_cfm(conn, status);
1754 hci_conn_drop(conn);
1755 }
1756 }
1757
1758 hci_dev_unlock(hdev);
1759}
1760
1761static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1762{
1763 struct hci_cp_read_remote_ext_features *cp;
1764 struct hci_conn *conn;
1765
1766 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1767
1768 if (!status)
1769 return;
1770
1771 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1772 if (!cp)
1773 return;
1774
1775 hci_dev_lock(hdev);
1776
1777 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1778 if (conn) {
1779 if (conn->state == BT_CONFIG) {
1780 hci_connect_cfm(conn, status);
1781 hci_conn_drop(conn);
1782 }
1783 }
1784
1785 hci_dev_unlock(hdev);
1786}
1787
1788static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1789{
1790 struct hci_cp_setup_sync_conn *cp;
1791 struct hci_conn *acl, *sco;
1792 __u16 handle;
1793
1794 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1795
1796 if (!status)
1797 return;
1798
1799 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1800 if (!cp)
1801 return;
1802
1803 handle = __le16_to_cpu(cp->handle);
1804
1805 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1806
1807 hci_dev_lock(hdev);
1808
1809 acl = hci_conn_hash_lookup_handle(hdev, handle);
1810 if (acl) {
1811 sco = acl->link;
1812 if (sco) {
1813 sco->state = BT_CLOSED;
1814
1815 hci_connect_cfm(sco, status);
1816 hci_conn_del(sco);
1817 }
1818 }
1819
1820 hci_dev_unlock(hdev);
1821}
1822
1823static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1824{
1825 struct hci_cp_sniff_mode *cp;
1826 struct hci_conn *conn;
1827
1828 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1829
1830 if (!status)
1831 return;
1832
1833 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1834 if (!cp)
1835 return;
1836
1837 hci_dev_lock(hdev);
1838
1839 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1840 if (conn) {
1841 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1842
1843 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1844 hci_sco_setup(conn, status);
1845 }
1846
1847 hci_dev_unlock(hdev);
1848}
1849
1850static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1851{
1852 struct hci_cp_exit_sniff_mode *cp;
1853 struct hci_conn *conn;
1854
1855 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1856
1857 if (!status)
1858 return;
1859
1860 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1861 if (!cp)
1862 return;
1863
1864 hci_dev_lock(hdev);
1865
1866 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1867 if (conn) {
1868 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1869
1870 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1871 hci_sco_setup(conn, status);
1872 }
1873
1874 hci_dev_unlock(hdev);
1875}
1876
1877static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1878{
1879 struct hci_cp_disconnect *cp;
1880 struct hci_conn *conn;
1881
1882 if (!status)
1883 return;
1884
1885 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1886 if (!cp)
1887 return;
1888
1889 hci_dev_lock(hdev);
1890
1891 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1892 if (conn)
1893 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1894 conn->dst_type, status);
1895
1896 hci_dev_unlock(hdev);
1897}
1898
1899static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1900{
1901 struct hci_cp_le_create_conn *cp;
1902 struct hci_conn *conn;
1903
1904 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1905
1906
1907
1908
1909
1910 if (status)
1911 return;
1912
1913 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1914 if (!cp)
1915 return;
1916
1917 hci_dev_lock(hdev);
1918
1919 conn = hci_conn_hash_lookup_le(hdev, &cp->peer_addr,
1920 cp->peer_addr_type);
1921 if (!conn)
1922 goto unlock;
1923
1924
1925
1926
1927
1928 conn->init_addr_type = cp->own_address_type;
1929 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1930 bacpy(&conn->init_addr, &hdev->random_addr);
1931 else
1932 bacpy(&conn->init_addr, &hdev->bdaddr);
1933
1934 conn->resp_addr_type = cp->peer_addr_type;
1935 bacpy(&conn->resp_addr, &cp->peer_addr);
1936
1937
1938
1939
1940
1941
1942 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1943 queue_delayed_work(conn->hdev->workqueue,
1944 &conn->le_conn_timeout,
1945 conn->conn_timeout);
1946
1947unlock:
1948 hci_dev_unlock(hdev);
1949}
1950
1951static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
1952{
1953 struct hci_cp_le_read_remote_features *cp;
1954 struct hci_conn *conn;
1955
1956 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1957
1958 if (!status)
1959 return;
1960
1961 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
1962 if (!cp)
1963 return;
1964
1965 hci_dev_lock(hdev);
1966
1967 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1968 if (conn) {
1969 if (conn->state == BT_CONFIG) {
1970 hci_connect_cfm(conn, status);
1971 hci_conn_drop(conn);
1972 }
1973 }
1974
1975 hci_dev_unlock(hdev);
1976}
1977
1978static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1979{
1980 struct hci_cp_le_start_enc *cp;
1981 struct hci_conn *conn;
1982
1983 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1984
1985 if (!status)
1986 return;
1987
1988 hci_dev_lock(hdev);
1989
1990 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1991 if (!cp)
1992 goto unlock;
1993
1994 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1995 if (!conn)
1996 goto unlock;
1997
1998 if (conn->state != BT_CONNECTED)
1999 goto unlock;
2000
2001 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2002 hci_conn_drop(conn);
2003
2004unlock:
2005 hci_dev_unlock(hdev);
2006}
2007
2008static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2009{
2010 struct hci_cp_switch_role *cp;
2011 struct hci_conn *conn;
2012
2013 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2014
2015 if (!status)
2016 return;
2017
2018 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2019 if (!cp)
2020 return;
2021
2022 hci_dev_lock(hdev);
2023
2024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2025 if (conn)
2026 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2027
2028 hci_dev_unlock(hdev);
2029}
2030
2031static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2032{
2033 __u8 status = *((__u8 *) skb->data);
2034 struct discovery_state *discov = &hdev->discovery;
2035 struct inquiry_entry *e;
2036
2037 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2038
2039 hci_conn_check_pending(hdev);
2040
2041 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2042 return;
2043
2044 smp_mb__after_atomic();
2045 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2046
2047 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2048 return;
2049
2050 hci_dev_lock(hdev);
2051
2052 if (discov->state != DISCOVERY_FINDING)
2053 goto unlock;
2054
2055 if (list_empty(&discov->resolve)) {
2056
2057
2058
2059
2060
2061
2062
2063 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2064 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2065 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2066 goto unlock;
2067 }
2068
2069 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2070 if (e && hci_resolve_name(hdev, e) == 0) {
2071 e->name_state = NAME_PENDING;
2072 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2073 } else {
2074
2075
2076
2077
2078
2079
2080
2081 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2082 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2083 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2084 }
2085
2086unlock:
2087 hci_dev_unlock(hdev);
2088}
2089
2090static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2091{
2092 struct inquiry_data data;
2093 struct inquiry_info *info = (void *) (skb->data + 1);
2094 int num_rsp = *((__u8 *) skb->data);
2095
2096 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2097
2098 if (!num_rsp)
2099 return;
2100
2101 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2102 return;
2103
2104 hci_dev_lock(hdev);
2105
2106 for (; num_rsp; num_rsp--, info++) {
2107 u32 flags;
2108
2109 bacpy(&data.bdaddr, &info->bdaddr);
2110 data.pscan_rep_mode = info->pscan_rep_mode;
2111 data.pscan_period_mode = info->pscan_period_mode;
2112 data.pscan_mode = info->pscan_mode;
2113 memcpy(data.dev_class, info->dev_class, 3);
2114 data.clock_offset = info->clock_offset;
2115 data.rssi = HCI_RSSI_INVALID;
2116 data.ssp_mode = 0x00;
2117
2118 flags = hci_inquiry_cache_update(hdev, &data, false);
2119
2120 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2121 info->dev_class, HCI_RSSI_INVALID,
2122 flags, NULL, 0, NULL, 0);
2123 }
2124
2125 hci_dev_unlock(hdev);
2126}
2127
2128static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2129{
2130 struct hci_ev_conn_complete *ev = (void *) skb->data;
2131 struct hci_conn *conn;
2132
2133 BT_DBG("%s", hdev->name);
2134
2135 hci_dev_lock(hdev);
2136
2137 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2138 if (!conn) {
2139 if (ev->link_type != SCO_LINK)
2140 goto unlock;
2141
2142 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2143 if (!conn)
2144 goto unlock;
2145
2146 conn->type = SCO_LINK;
2147 }
2148
2149 if (!ev->status) {
2150 conn->handle = __le16_to_cpu(ev->handle);
2151
2152 if (conn->type == ACL_LINK) {
2153 conn->state = BT_CONFIG;
2154 hci_conn_hold(conn);
2155
2156 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2157 !hci_find_link_key(hdev, &ev->bdaddr))
2158 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2159 else
2160 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2161 } else
2162 conn->state = BT_CONNECTED;
2163
2164 hci_debugfs_create_conn(conn);
2165 hci_conn_add_sysfs(conn);
2166
2167 if (test_bit(HCI_AUTH, &hdev->flags))
2168 set_bit(HCI_CONN_AUTH, &conn->flags);
2169
2170 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2171 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2172
2173
2174 if (conn->type == ACL_LINK) {
2175 struct hci_cp_read_remote_features cp;
2176 cp.handle = ev->handle;
2177 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2178 sizeof(cp), &cp);
2179
2180 hci_req_update_scan(hdev);
2181 }
2182
2183
2184 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2185 struct hci_cp_change_conn_ptype cp;
2186 cp.handle = ev->handle;
2187 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2188 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2189 &cp);
2190 }
2191 } else {
2192 conn->state = BT_CLOSED;
2193 if (conn->type == ACL_LINK)
2194 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2195 conn->dst_type, ev->status);
2196 }
2197
2198 if (conn->type == ACL_LINK)
2199 hci_sco_setup(conn, ev->status);
2200
2201 if (ev->status) {
2202 hci_connect_cfm(conn, ev->status);
2203 hci_conn_del(conn);
2204 } else if (ev->link_type != ACL_LINK)
2205 hci_connect_cfm(conn, ev->status);
2206
2207unlock:
2208 hci_dev_unlock(hdev);
2209
2210 hci_conn_check_pending(hdev);
2211}
2212
2213static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2214{
2215 struct hci_cp_reject_conn_req cp;
2216
2217 bacpy(&cp.bdaddr, bdaddr);
2218 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2219 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2220}
2221
2222static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2223{
2224 struct hci_ev_conn_request *ev = (void *) skb->data;
2225 int mask = hdev->link_mode;
2226 struct inquiry_entry *ie;
2227 struct hci_conn *conn;
2228 __u8 flags = 0;
2229
2230 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2231 ev->link_type);
2232
2233 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2234 &flags);
2235
2236 if (!(mask & HCI_LM_ACCEPT)) {
2237 hci_reject_conn(hdev, &ev->bdaddr);
2238 return;
2239 }
2240
2241 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2242 BDADDR_BREDR)) {
2243 hci_reject_conn(hdev, &ev->bdaddr);
2244 return;
2245 }
2246
2247
2248
2249
2250
2251 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2252 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2253 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2254 BDADDR_BREDR)) {
2255 hci_reject_conn(hdev, &ev->bdaddr);
2256 return;
2257 }
2258
2259
2260
2261 hci_dev_lock(hdev);
2262
2263 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2264 if (ie)
2265 memcpy(ie->data.dev_class, ev->dev_class, 3);
2266
2267 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2268 &ev->bdaddr);
2269 if (!conn) {
2270 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2271 HCI_ROLE_SLAVE);
2272 if (!conn) {
2273 bt_dev_err(hdev, "no memory for new connection");
2274 hci_dev_unlock(hdev);
2275 return;
2276 }
2277 }
2278
2279 memcpy(conn->dev_class, ev->dev_class, 3);
2280
2281 hci_dev_unlock(hdev);
2282
2283 if (ev->link_type == ACL_LINK ||
2284 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2285 struct hci_cp_accept_conn_req cp;
2286 conn->state = BT_CONNECT;
2287
2288 bacpy(&cp.bdaddr, &ev->bdaddr);
2289
2290 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2291 cp.role = 0x00;
2292 else
2293 cp.role = 0x01;
2294
2295 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2296 } else if (!(flags & HCI_PROTO_DEFER)) {
2297 struct hci_cp_accept_sync_conn_req cp;
2298 conn->state = BT_CONNECT;
2299
2300 bacpy(&cp.bdaddr, &ev->bdaddr);
2301 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2302
2303 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2304 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2305 cp.max_latency = cpu_to_le16(0xffff);
2306 cp.content_format = cpu_to_le16(hdev->voice_setting);
2307 cp.retrans_effort = 0xff;
2308
2309 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2310 &cp);
2311 } else {
2312 conn->state = BT_CONNECT2;
2313 hci_connect_cfm(conn, 0);
2314 }
2315}
2316
2317static u8 hci_to_mgmt_reason(u8 err)
2318{
2319 switch (err) {
2320 case HCI_ERROR_CONNECTION_TIMEOUT:
2321 return MGMT_DEV_DISCONN_TIMEOUT;
2322 case HCI_ERROR_REMOTE_USER_TERM:
2323 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2324 case HCI_ERROR_REMOTE_POWER_OFF:
2325 return MGMT_DEV_DISCONN_REMOTE;
2326 case HCI_ERROR_LOCAL_HOST_TERM:
2327 return MGMT_DEV_DISCONN_LOCAL_HOST;
2328 default:
2329 return MGMT_DEV_DISCONN_UNKNOWN;
2330 }
2331}
2332
2333static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2334{
2335 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2336 u8 reason;
2337 struct hci_conn_params *params;
2338 struct hci_conn *conn;
2339 bool mgmt_connected;
2340 u8 type;
2341
2342 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2343
2344 hci_dev_lock(hdev);
2345
2346 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2347 if (!conn)
2348 goto unlock;
2349
2350 if (ev->status) {
2351 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2352 conn->dst_type, ev->status);
2353 goto unlock;
2354 }
2355
2356 conn->state = BT_CLOSED;
2357
2358 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2359
2360 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2361 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2362 else
2363 reason = hci_to_mgmt_reason(ev->reason);
2364
2365 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2366 reason, mgmt_connected);
2367
2368 if (conn->type == ACL_LINK) {
2369 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2370 hci_remove_link_key(hdev, &conn->dst);
2371
2372 hci_req_update_scan(hdev);
2373 }
2374
2375 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2376 if (params) {
2377 switch (params->auto_connect) {
2378 case HCI_AUTO_CONN_LINK_LOSS:
2379 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2380 break;
2381
2382
2383 case HCI_AUTO_CONN_DIRECT:
2384 case HCI_AUTO_CONN_ALWAYS:
2385 list_del_init(¶ms->action);
2386 list_add(¶ms->action, &hdev->pend_le_conns);
2387 hci_update_background_scan(hdev);
2388 break;
2389
2390 default:
2391 break;
2392 }
2393 }
2394
2395 type = conn->type;
2396
2397 hci_disconn_cfm(conn, ev->reason);
2398 hci_conn_del(conn);
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410 if (type == LE_LINK)
2411 hci_req_reenable_advertising(hdev);
2412
2413unlock:
2414 hci_dev_unlock(hdev);
2415}
2416
2417static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2418{
2419 struct hci_ev_auth_complete *ev = (void *) skb->data;
2420 struct hci_conn *conn;
2421
2422 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2423
2424 hci_dev_lock(hdev);
2425
2426 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2427 if (!conn)
2428 goto unlock;
2429
2430 if (!ev->status) {
2431 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2432
2433 if (!hci_conn_ssp_enabled(conn) &&
2434 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2435 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2436 } else {
2437 set_bit(HCI_CONN_AUTH, &conn->flags);
2438 conn->sec_level = conn->pending_sec_level;
2439 }
2440 } else {
2441 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2442 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2443
2444 mgmt_auth_failed(conn, ev->status);
2445 }
2446
2447 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2448 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2449
2450 if (conn->state == BT_CONFIG) {
2451 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2452 struct hci_cp_set_conn_encrypt cp;
2453 cp.handle = ev->handle;
2454 cp.encrypt = 0x01;
2455 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2456 &cp);
2457 } else {
2458 conn->state = BT_CONNECTED;
2459 hci_connect_cfm(conn, ev->status);
2460 hci_conn_drop(conn);
2461 }
2462 } else {
2463 hci_auth_cfm(conn, ev->status);
2464
2465 hci_conn_hold(conn);
2466 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2467 hci_conn_drop(conn);
2468 }
2469
2470 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2471 if (!ev->status) {
2472 struct hci_cp_set_conn_encrypt cp;
2473 cp.handle = ev->handle;
2474 cp.encrypt = 0x01;
2475 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2476 &cp);
2477 } else {
2478 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2479 hci_encrypt_cfm(conn, ev->status, 0x00);
2480 }
2481 }
2482
2483unlock:
2484 hci_dev_unlock(hdev);
2485}
2486
2487static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2488{
2489 struct hci_ev_remote_name *ev = (void *) skb->data;
2490 struct hci_conn *conn;
2491
2492 BT_DBG("%s", hdev->name);
2493
2494 hci_conn_check_pending(hdev);
2495
2496 hci_dev_lock(hdev);
2497
2498 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2499
2500 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2501 goto check_auth;
2502
2503 if (ev->status == 0)
2504 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2505 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2506 else
2507 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2508
2509check_auth:
2510 if (!conn)
2511 goto unlock;
2512
2513 if (!hci_outgoing_auth_needed(hdev, conn))
2514 goto unlock;
2515
2516 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2517 struct hci_cp_auth_requested cp;
2518
2519 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2520
2521 cp.handle = __cpu_to_le16(conn->handle);
2522 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2523 }
2524
2525unlock:
2526 hci_dev_unlock(hdev);
2527}
2528
2529static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
2530 u16 opcode, struct sk_buff *skb)
2531{
2532 const struct hci_rp_read_enc_key_size *rp;
2533 struct hci_conn *conn;
2534 u16 handle;
2535
2536 BT_DBG("%s status 0x%02x", hdev->name, status);
2537
2538 if (!skb || skb->len < sizeof(*rp)) {
2539 bt_dev_err(hdev, "invalid read key size response");
2540 return;
2541 }
2542
2543 rp = (void *)skb->data;
2544 handle = le16_to_cpu(rp->handle);
2545
2546 hci_dev_lock(hdev);
2547
2548 conn = hci_conn_hash_lookup_handle(hdev, handle);
2549 if (!conn)
2550 goto unlock;
2551
2552
2553
2554
2555
2556 if (rp->status) {
2557 bt_dev_err(hdev, "failed to read key size for handle %u",
2558 handle);
2559 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2560 } else {
2561 conn->enc_key_size = rp->key_size;
2562 }
2563
2564 if (conn->state == BT_CONFIG) {
2565 conn->state = BT_CONNECTED;
2566 hci_connect_cfm(conn, 0);
2567 hci_conn_drop(conn);
2568 } else {
2569 u8 encrypt;
2570
2571 if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2572 encrypt = 0x00;
2573 else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
2574 encrypt = 0x02;
2575 else
2576 encrypt = 0x01;
2577
2578 hci_encrypt_cfm(conn, 0, encrypt);
2579 }
2580
2581unlock:
2582 hci_dev_unlock(hdev);
2583}
2584
2585static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2586{
2587 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2588 struct hci_conn *conn;
2589
2590 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2591
2592 hci_dev_lock(hdev);
2593
2594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2595 if (!conn)
2596 goto unlock;
2597
2598 if (!ev->status) {
2599 if (ev->encrypt) {
2600
2601 set_bit(HCI_CONN_AUTH, &conn->flags);
2602 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2603 conn->sec_level = conn->pending_sec_level;
2604
2605
2606 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2607 set_bit(HCI_CONN_FIPS, &conn->flags);
2608
2609 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2610 conn->type == LE_LINK)
2611 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2612 } else {
2613 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2614 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2615 }
2616 }
2617
2618
2619
2620
2621 if (ev->status && conn->type == LE_LINK)
2622 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2623
2624 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2625
2626 if (ev->status && conn->state == BT_CONNECTED) {
2627 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2628 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2629
2630 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2631 hci_conn_drop(conn);
2632 goto unlock;
2633 }
2634
2635
2636
2637
2638
2639 if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
2640 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2641 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2642 hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2643 hci_conn_drop(conn);
2644 goto unlock;
2645 }
2646
2647
2648 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
2649 struct hci_cp_read_enc_key_size cp;
2650 struct hci_request req;
2651
2652
2653
2654
2655
2656 if (!(hdev->commands[20] & 0x10)) {
2657 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2658 goto notify;
2659 }
2660
2661 hci_req_init(&req, hdev);
2662
2663 cp.handle = cpu_to_le16(conn->handle);
2664 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
2665
2666 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
2667 bt_dev_err(hdev, "sending read key size failed");
2668 conn->enc_key_size = HCI_LINK_KEY_SIZE;
2669 goto notify;
2670 }
2671
2672 goto unlock;
2673 }
2674
2675notify:
2676 if (conn->state == BT_CONFIG) {
2677 if (!ev->status)
2678 conn->state = BT_CONNECTED;
2679
2680 hci_connect_cfm(conn, ev->status);
2681 hci_conn_drop(conn);
2682 } else
2683 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2684
2685unlock:
2686 hci_dev_unlock(hdev);
2687}
2688
2689static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2690 struct sk_buff *skb)
2691{
2692 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2693 struct hci_conn *conn;
2694
2695 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2696
2697 hci_dev_lock(hdev);
2698
2699 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2700 if (conn) {
2701 if (!ev->status)
2702 set_bit(HCI_CONN_SECURE, &conn->flags);
2703
2704 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2705
2706 hci_key_change_cfm(conn, ev->status);
2707 }
2708
2709 hci_dev_unlock(hdev);
2710}
2711
2712static void hci_remote_features_evt(struct hci_dev *hdev,
2713 struct sk_buff *skb)
2714{
2715 struct hci_ev_remote_features *ev = (void *) skb->data;
2716 struct hci_conn *conn;
2717
2718 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2719
2720 hci_dev_lock(hdev);
2721
2722 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2723 if (!conn)
2724 goto unlock;
2725
2726 if (!ev->status)
2727 memcpy(conn->features[0], ev->features, 8);
2728
2729 if (conn->state != BT_CONFIG)
2730 goto unlock;
2731
2732 if (!ev->status && lmp_ext_feat_capable(hdev) &&
2733 lmp_ext_feat_capable(conn)) {
2734 struct hci_cp_read_remote_ext_features cp;
2735 cp.handle = ev->handle;
2736 cp.page = 0x01;
2737 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2738 sizeof(cp), &cp);
2739 goto unlock;
2740 }
2741
2742 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2743 struct hci_cp_remote_name_req cp;
2744 memset(&cp, 0, sizeof(cp));
2745 bacpy(&cp.bdaddr, &conn->dst);
2746 cp.pscan_rep_mode = 0x02;
2747 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2748 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2749 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2750
2751 if (!hci_outgoing_auth_needed(hdev, conn)) {
2752 conn->state = BT_CONNECTED;
2753 hci_connect_cfm(conn, ev->status);
2754 hci_conn_drop(conn);
2755 }
2756
2757unlock:
2758 hci_dev_unlock(hdev);
2759}
2760
2761static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
2762 u16 *opcode, u8 *status,
2763 hci_req_complete_t *req_complete,
2764 hci_req_complete_skb_t *req_complete_skb)
2765{
2766 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2767
2768 *opcode = __le16_to_cpu(ev->opcode);
2769 *status = skb->data[sizeof(*ev)];
2770
2771 skb_pull(skb, sizeof(*ev));
2772
2773 switch (*opcode) {
2774 case HCI_OP_INQUIRY_CANCEL:
2775 hci_cc_inquiry_cancel(hdev, skb);
2776 break;
2777
2778 case HCI_OP_PERIODIC_INQ:
2779 hci_cc_periodic_inq(hdev, skb);
2780 break;
2781
2782 case HCI_OP_EXIT_PERIODIC_INQ:
2783 hci_cc_exit_periodic_inq(hdev, skb);
2784 break;
2785
2786 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2787 hci_cc_remote_name_req_cancel(hdev, skb);
2788 break;
2789
2790 case HCI_OP_ROLE_DISCOVERY:
2791 hci_cc_role_discovery(hdev, skb);
2792 break;
2793
2794 case HCI_OP_READ_LINK_POLICY:
2795 hci_cc_read_link_policy(hdev, skb);
2796 break;
2797
2798 case HCI_OP_WRITE_LINK_POLICY:
2799 hci_cc_write_link_policy(hdev, skb);
2800 break;
2801
2802 case HCI_OP_READ_DEF_LINK_POLICY:
2803 hci_cc_read_def_link_policy(hdev, skb);
2804 break;
2805
2806 case HCI_OP_WRITE_DEF_LINK_POLICY:
2807 hci_cc_write_def_link_policy(hdev, skb);
2808 break;
2809
2810 case HCI_OP_RESET:
2811 hci_cc_reset(hdev, skb);
2812 break;
2813
2814 case HCI_OP_READ_STORED_LINK_KEY:
2815 hci_cc_read_stored_link_key(hdev, skb);
2816 break;
2817
2818 case HCI_OP_DELETE_STORED_LINK_KEY:
2819 hci_cc_delete_stored_link_key(hdev, skb);
2820 break;
2821
2822 case HCI_OP_WRITE_LOCAL_NAME:
2823 hci_cc_write_local_name(hdev, skb);
2824 break;
2825
2826 case HCI_OP_READ_LOCAL_NAME:
2827 hci_cc_read_local_name(hdev, skb);
2828 break;
2829
2830 case HCI_OP_WRITE_AUTH_ENABLE:
2831 hci_cc_write_auth_enable(hdev, skb);
2832 break;
2833
2834 case HCI_OP_WRITE_ENCRYPT_MODE:
2835 hci_cc_write_encrypt_mode(hdev, skb);
2836 break;
2837
2838 case HCI_OP_WRITE_SCAN_ENABLE:
2839 hci_cc_write_scan_enable(hdev, skb);
2840 break;
2841
2842 case HCI_OP_READ_CLASS_OF_DEV:
2843 hci_cc_read_class_of_dev(hdev, skb);
2844 break;
2845
2846 case HCI_OP_WRITE_CLASS_OF_DEV:
2847 hci_cc_write_class_of_dev(hdev, skb);
2848 break;
2849
2850 case HCI_OP_READ_VOICE_SETTING:
2851 hci_cc_read_voice_setting(hdev, skb);
2852 break;
2853
2854 case HCI_OP_WRITE_VOICE_SETTING:
2855 hci_cc_write_voice_setting(hdev, skb);
2856 break;
2857
2858 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2859 hci_cc_read_num_supported_iac(hdev, skb);
2860 break;
2861
2862 case HCI_OP_WRITE_SSP_MODE:
2863 hci_cc_write_ssp_mode(hdev, skb);
2864 break;
2865
2866 case HCI_OP_WRITE_SC_SUPPORT:
2867 hci_cc_write_sc_support(hdev, skb);
2868 break;
2869
2870 case HCI_OP_READ_LOCAL_VERSION:
2871 hci_cc_read_local_version(hdev, skb);
2872 break;
2873
2874 case HCI_OP_READ_LOCAL_COMMANDS:
2875 hci_cc_read_local_commands(hdev, skb);
2876 break;
2877
2878 case HCI_OP_READ_LOCAL_FEATURES:
2879 hci_cc_read_local_features(hdev, skb);
2880 break;
2881
2882 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2883 hci_cc_read_local_ext_features(hdev, skb);
2884 break;
2885
2886 case HCI_OP_READ_BUFFER_SIZE:
2887 hci_cc_read_buffer_size(hdev, skb);
2888 break;
2889
2890 case HCI_OP_READ_BD_ADDR:
2891 hci_cc_read_bd_addr(hdev, skb);
2892 break;
2893
2894 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2895 hci_cc_read_page_scan_activity(hdev, skb);
2896 break;
2897
2898 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2899 hci_cc_write_page_scan_activity(hdev, skb);
2900 break;
2901
2902 case HCI_OP_READ_PAGE_SCAN_TYPE:
2903 hci_cc_read_page_scan_type(hdev, skb);
2904 break;
2905
2906 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2907 hci_cc_write_page_scan_type(hdev, skb);
2908 break;
2909
2910 case HCI_OP_READ_DATA_BLOCK_SIZE:
2911 hci_cc_read_data_block_size(hdev, skb);
2912 break;
2913
2914 case HCI_OP_READ_FLOW_CONTROL_MODE:
2915 hci_cc_read_flow_control_mode(hdev, skb);
2916 break;
2917
2918 case HCI_OP_READ_LOCAL_AMP_INFO:
2919 hci_cc_read_local_amp_info(hdev, skb);
2920 break;
2921
2922 case HCI_OP_READ_CLOCK:
2923 hci_cc_read_clock(hdev, skb);
2924 break;
2925
2926 case HCI_OP_READ_INQ_RSP_TX_POWER:
2927 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2928 break;
2929
2930 case HCI_OP_PIN_CODE_REPLY:
2931 hci_cc_pin_code_reply(hdev, skb);
2932 break;
2933
2934 case HCI_OP_PIN_CODE_NEG_REPLY:
2935 hci_cc_pin_code_neg_reply(hdev, skb);
2936 break;
2937
2938 case HCI_OP_READ_LOCAL_OOB_DATA:
2939 hci_cc_read_local_oob_data(hdev, skb);
2940 break;
2941
2942 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2943 hci_cc_read_local_oob_ext_data(hdev, skb);
2944 break;
2945
2946 case HCI_OP_LE_READ_BUFFER_SIZE:
2947 hci_cc_le_read_buffer_size(hdev, skb);
2948 break;
2949
2950 case HCI_OP_LE_READ_LOCAL_FEATURES:
2951 hci_cc_le_read_local_features(hdev, skb);
2952 break;
2953
2954 case HCI_OP_LE_READ_ADV_TX_POWER:
2955 hci_cc_le_read_adv_tx_power(hdev, skb);
2956 break;
2957
2958 case HCI_OP_USER_CONFIRM_REPLY:
2959 hci_cc_user_confirm_reply(hdev, skb);
2960 break;
2961
2962 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2963 hci_cc_user_confirm_neg_reply(hdev, skb);
2964 break;
2965
2966 case HCI_OP_USER_PASSKEY_REPLY:
2967 hci_cc_user_passkey_reply(hdev, skb);
2968 break;
2969
2970 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2971 hci_cc_user_passkey_neg_reply(hdev, skb);
2972 break;
2973
2974 case HCI_OP_LE_SET_RANDOM_ADDR:
2975 hci_cc_le_set_random_addr(hdev, skb);
2976 break;
2977
2978 case HCI_OP_LE_SET_ADV_ENABLE:
2979 hci_cc_le_set_adv_enable(hdev, skb);
2980 break;
2981
2982 case HCI_OP_LE_SET_SCAN_PARAM:
2983 hci_cc_le_set_scan_param(hdev, skb);
2984 break;
2985
2986 case HCI_OP_LE_SET_SCAN_ENABLE:
2987 hci_cc_le_set_scan_enable(hdev, skb);
2988 break;
2989
2990 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2991 hci_cc_le_read_white_list_size(hdev, skb);
2992 break;
2993
2994 case HCI_OP_LE_CLEAR_WHITE_LIST:
2995 hci_cc_le_clear_white_list(hdev, skb);
2996 break;
2997
2998 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2999 hci_cc_le_add_to_white_list(hdev, skb);
3000 break;
3001
3002 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3003 hci_cc_le_del_from_white_list(hdev, skb);
3004 break;
3005
3006 case HCI_OP_LE_READ_SUPPORTED_STATES:
3007 hci_cc_le_read_supported_states(hdev, skb);
3008 break;
3009
3010 case HCI_OP_LE_READ_DEF_DATA_LEN:
3011 hci_cc_le_read_def_data_len(hdev, skb);
3012 break;
3013
3014 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3015 hci_cc_le_write_def_data_len(hdev, skb);
3016 break;
3017
3018 case HCI_OP_LE_READ_MAX_DATA_LEN:
3019 hci_cc_le_read_max_data_len(hdev, skb);
3020 break;
3021
3022 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3023 hci_cc_write_le_host_supported(hdev, skb);
3024 break;
3025
3026 case HCI_OP_LE_SET_ADV_PARAM:
3027 hci_cc_set_adv_param(hdev, skb);
3028 break;
3029
3030 case HCI_OP_READ_RSSI:
3031 hci_cc_read_rssi(hdev, skb);
3032 break;
3033
3034 case HCI_OP_READ_TX_POWER:
3035 hci_cc_read_tx_power(hdev, skb);
3036 break;
3037
3038 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3039 hci_cc_write_ssp_debug_mode(hdev, skb);
3040 break;
3041
3042 default:
3043 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3044 break;
3045 }
3046
3047 if (*opcode != HCI_OP_NOP)
3048 cancel_delayed_work(&hdev->cmd_timer);
3049
3050 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3051 atomic_set(&hdev->cmd_cnt, 1);
3052
3053 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3054 req_complete_skb);
3055
3056 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3057 queue_work(hdev->workqueue, &hdev->cmd_work);
3058}
3059
3060static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3061 u16 *opcode, u8 *status,
3062 hci_req_complete_t *req_complete,
3063 hci_req_complete_skb_t *req_complete_skb)
3064{
3065 struct hci_ev_cmd_status *ev = (void *) skb->data;
3066
3067 skb_pull(skb, sizeof(*ev));
3068
3069 *opcode = __le16_to_cpu(ev->opcode);
3070 *status = ev->status;
3071
3072 switch (*opcode) {
3073 case HCI_OP_INQUIRY:
3074 hci_cs_inquiry(hdev, ev->status);
3075 break;
3076
3077 case HCI_OP_CREATE_CONN:
3078 hci_cs_create_conn(hdev, ev->status);
3079 break;
3080
3081 case HCI_OP_DISCONNECT:
3082 hci_cs_disconnect(hdev, ev->status);
3083 break;
3084
3085 case HCI_OP_ADD_SCO:
3086 hci_cs_add_sco(hdev, ev->status);
3087 break;
3088
3089 case HCI_OP_AUTH_REQUESTED:
3090 hci_cs_auth_requested(hdev, ev->status);
3091 break;
3092
3093 case HCI_OP_SET_CONN_ENCRYPT:
3094 hci_cs_set_conn_encrypt(hdev, ev->status);
3095 break;
3096
3097 case HCI_OP_REMOTE_NAME_REQ:
3098 hci_cs_remote_name_req(hdev, ev->status);
3099 break;
3100
3101 case HCI_OP_READ_REMOTE_FEATURES:
3102 hci_cs_read_remote_features(hdev, ev->status);
3103 break;
3104
3105 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3106 hci_cs_read_remote_ext_features(hdev, ev->status);
3107 break;
3108
3109 case HCI_OP_SETUP_SYNC_CONN:
3110 hci_cs_setup_sync_conn(hdev, ev->status);
3111 break;
3112
3113 case HCI_OP_SNIFF_MODE:
3114 hci_cs_sniff_mode(hdev, ev->status);
3115 break;
3116
3117 case HCI_OP_EXIT_SNIFF_MODE:
3118 hci_cs_exit_sniff_mode(hdev, ev->status);
3119 break;
3120
3121 case HCI_OP_SWITCH_ROLE:
3122 hci_cs_switch_role(hdev, ev->status);
3123 break;
3124
3125 case HCI_OP_LE_CREATE_CONN:
3126 hci_cs_le_create_conn(hdev, ev->status);
3127 break;
3128
3129 case HCI_OP_LE_READ_REMOTE_FEATURES:
3130 hci_cs_le_read_remote_features(hdev, ev->status);
3131 break;
3132
3133 case HCI_OP_LE_START_ENC:
3134 hci_cs_le_start_enc(hdev, ev->status);
3135 break;
3136
3137 default:
3138 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3139 break;
3140 }
3141
3142 if (*opcode != HCI_OP_NOP)
3143 cancel_delayed_work(&hdev->cmd_timer);
3144
3145 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3146 atomic_set(&hdev->cmd_cnt, 1);
3147
3148
3149
3150
3151
3152
3153
3154 if (ev->status ||
3155 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
3156 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3157 req_complete_skb);
3158
3159 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3160 queue_work(hdev->workqueue, &hdev->cmd_work);
3161}
3162
3163static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3164{
3165 struct hci_ev_hardware_error *ev = (void *) skb->data;
3166
3167 hdev->hw_error_code = ev->code;
3168
3169 queue_work(hdev->req_workqueue, &hdev->error_reset);
3170}
3171
3172static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3173{
3174 struct hci_ev_role_change *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3182 if (conn) {
3183 if (!ev->status)
3184 conn->role = ev->role;
3185
3186 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3187
3188 hci_role_switch_cfm(conn, ev->status, ev->role);
3189 }
3190
3191 hci_dev_unlock(hdev);
3192}
3193
3194static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3195{
3196 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3197 int i;
3198
3199 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3200 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3201 return;
3202 }
3203
3204 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3205 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3206 BT_DBG("%s bad parameters", hdev->name);
3207 return;
3208 }
3209
3210 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3211
3212 for (i = 0; i < ev->num_hndl; i++) {
3213 struct hci_comp_pkts_info *info = &ev->handles[i];
3214 struct hci_conn *conn;
3215 __u16 handle, count;
3216
3217 handle = __le16_to_cpu(info->handle);
3218 count = __le16_to_cpu(info->count);
3219
3220 conn = hci_conn_hash_lookup_handle(hdev, handle);
3221 if (!conn)
3222 continue;
3223
3224 conn->sent -= count;
3225
3226 switch (conn->type) {
3227 case ACL_LINK:
3228 hdev->acl_cnt += count;
3229 if (hdev->acl_cnt > hdev->acl_pkts)
3230 hdev->acl_cnt = hdev->acl_pkts;
3231 break;
3232
3233 case LE_LINK:
3234 if (hdev->le_pkts) {
3235 hdev->le_cnt += count;
3236 if (hdev->le_cnt > hdev->le_pkts)
3237 hdev->le_cnt = hdev->le_pkts;
3238 } else {
3239 hdev->acl_cnt += count;
3240 if (hdev->acl_cnt > hdev->acl_pkts)
3241 hdev->acl_cnt = hdev->acl_pkts;
3242 }
3243 break;
3244
3245 case SCO_LINK:
3246 hdev->sco_cnt += count;
3247 if (hdev->sco_cnt > hdev->sco_pkts)
3248 hdev->sco_cnt = hdev->sco_pkts;
3249 break;
3250
3251 default:
3252 bt_dev_err(hdev, "unknown type %d conn %p",
3253 conn->type, conn);
3254 break;
3255 }
3256 }
3257
3258 queue_work(hdev->workqueue, &hdev->tx_work);
3259}
3260
3261static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3262 __u16 handle)
3263{
3264 struct hci_chan *chan;
3265
3266 switch (hdev->dev_type) {
3267 case HCI_PRIMARY:
3268 return hci_conn_hash_lookup_handle(hdev, handle);
3269 case HCI_AMP:
3270 chan = hci_chan_lookup_handle(hdev, handle);
3271 if (chan)
3272 return chan->conn;
3273 break;
3274 default:
3275 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3276 break;
3277 }
3278
3279 return NULL;
3280}
3281
3282static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3283{
3284 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3285 int i;
3286
3287 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3288 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3289 return;
3290 }
3291
3292 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3293 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3294 BT_DBG("%s bad parameters", hdev->name);
3295 return;
3296 }
3297
3298 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3299 ev->num_hndl);
3300
3301 for (i = 0; i < ev->num_hndl; i++) {
3302 struct hci_comp_blocks_info *info = &ev->handles[i];
3303 struct hci_conn *conn = NULL;
3304 __u16 handle, block_count;
3305
3306 handle = __le16_to_cpu(info->handle);
3307 block_count = __le16_to_cpu(info->blocks);
3308
3309 conn = __hci_conn_lookup_handle(hdev, handle);
3310 if (!conn)
3311 continue;
3312
3313 conn->sent -= block_count;
3314
3315 switch (conn->type) {
3316 case ACL_LINK:
3317 case AMP_LINK:
3318 hdev->block_cnt += block_count;
3319 if (hdev->block_cnt > hdev->num_blocks)
3320 hdev->block_cnt = hdev->num_blocks;
3321 break;
3322
3323 default:
3324 bt_dev_err(hdev, "unknown type %d conn %p",
3325 conn->type, conn);
3326 break;
3327 }
3328 }
3329
3330 queue_work(hdev->workqueue, &hdev->tx_work);
3331}
3332
3333static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3334{
3335 struct hci_ev_mode_change *ev = (void *) skb->data;
3336 struct hci_conn *conn;
3337
3338 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3339
3340 hci_dev_lock(hdev);
3341
3342 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3343 if (conn) {
3344 conn->mode = ev->mode;
3345
3346 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3347 &conn->flags)) {
3348 if (conn->mode == HCI_CM_ACTIVE)
3349 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3350 else
3351 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3352 }
3353
3354 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3355 hci_sco_setup(conn, ev->status);
3356 }
3357
3358 hci_dev_unlock(hdev);
3359}
3360
3361static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3362{
3363 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3364 struct hci_conn *conn;
3365
3366 BT_DBG("%s", hdev->name);
3367
3368 hci_dev_lock(hdev);
3369
3370 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3371 if (!conn)
3372 goto unlock;
3373
3374 if (conn->state == BT_CONNECTED) {
3375 hci_conn_hold(conn);
3376 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3377 hci_conn_drop(conn);
3378 }
3379
3380 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3381 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3382 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3383 sizeof(ev->bdaddr), &ev->bdaddr);
3384 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3385 u8 secure;
3386
3387 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3388 secure = 1;
3389 else
3390 secure = 0;
3391
3392 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3393 }
3394
3395unlock:
3396 hci_dev_unlock(hdev);
3397}
3398
3399static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3400{
3401 if (key_type == HCI_LK_CHANGED_COMBINATION)
3402 return;
3403
3404 conn->pin_length = pin_len;
3405 conn->key_type = key_type;
3406
3407 switch (key_type) {
3408 case HCI_LK_LOCAL_UNIT:
3409 case HCI_LK_REMOTE_UNIT:
3410 case HCI_LK_DEBUG_COMBINATION:
3411 return;
3412 case HCI_LK_COMBINATION:
3413 if (pin_len == 16)
3414 conn->pending_sec_level = BT_SECURITY_HIGH;
3415 else
3416 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3417 break;
3418 case HCI_LK_UNAUTH_COMBINATION_P192:
3419 case HCI_LK_UNAUTH_COMBINATION_P256:
3420 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3421 break;
3422 case HCI_LK_AUTH_COMBINATION_P192:
3423 conn->pending_sec_level = BT_SECURITY_HIGH;
3424 break;
3425 case HCI_LK_AUTH_COMBINATION_P256:
3426 conn->pending_sec_level = BT_SECURITY_FIPS;
3427 break;
3428 }
3429}
3430
3431static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3432{
3433 struct hci_ev_link_key_req *ev = (void *) skb->data;
3434 struct hci_cp_link_key_reply cp;
3435 struct hci_conn *conn;
3436 struct link_key *key;
3437
3438 BT_DBG("%s", hdev->name);
3439
3440 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3441 return;
3442
3443 hci_dev_lock(hdev);
3444
3445 key = hci_find_link_key(hdev, &ev->bdaddr);
3446 if (!key) {
3447 BT_DBG("%s link key not found for %pMR", hdev->name,
3448 &ev->bdaddr);
3449 goto not_found;
3450 }
3451
3452 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3453 &ev->bdaddr);
3454
3455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3456 if (conn) {
3457 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3458
3459 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3460 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3461 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3462 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3463 goto not_found;
3464 }
3465
3466 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3467 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3468 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3469 BT_DBG("%s ignoring key unauthenticated for high security",
3470 hdev->name);
3471 goto not_found;
3472 }
3473
3474 conn_set_key(conn, key->type, key->pin_len);
3475 }
3476
3477 bacpy(&cp.bdaddr, &ev->bdaddr);
3478 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3479
3480 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3481
3482 hci_dev_unlock(hdev);
3483
3484 return;
3485
3486not_found:
3487 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3488 hci_dev_unlock(hdev);
3489}
3490
3491static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3492{
3493 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3494 struct hci_conn *conn;
3495 struct link_key *key;
3496 bool persistent;
3497 u8 pin_len = 0;
3498
3499 BT_DBG("%s", hdev->name);
3500
3501 hci_dev_lock(hdev);
3502
3503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3504 if (!conn)
3505 goto unlock;
3506
3507 hci_conn_hold(conn);
3508 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3509 hci_conn_drop(conn);
3510
3511 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3512 conn_set_key(conn, ev->key_type, conn->pin_length);
3513
3514 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3515 goto unlock;
3516
3517 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3518 ev->key_type, pin_len, &persistent);
3519 if (!key)
3520 goto unlock;
3521
3522
3523
3524
3525 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3526 conn_set_key(conn, key->type, key->pin_len);
3527
3528 mgmt_new_link_key(hdev, key, persistent);
3529
3530
3531
3532
3533
3534
3535 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3536 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
3537 list_del_rcu(&key->list);
3538 kfree_rcu(key, rcu);
3539 goto unlock;
3540 }
3541
3542 if (persistent)
3543 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3544 else
3545 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3546
3547unlock:
3548 hci_dev_unlock(hdev);
3549}
3550
3551static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3552{
3553 struct hci_ev_clock_offset *ev = (void *) skb->data;
3554 struct hci_conn *conn;
3555
3556 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3557
3558 hci_dev_lock(hdev);
3559
3560 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3561 if (conn && !ev->status) {
3562 struct inquiry_entry *ie;
3563
3564 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3565 if (ie) {
3566 ie->data.clock_offset = ev->clock_offset;
3567 ie->timestamp = jiffies;
3568 }
3569 }
3570
3571 hci_dev_unlock(hdev);
3572}
3573
3574static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3575{
3576 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3577 struct hci_conn *conn;
3578
3579 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3580
3581 hci_dev_lock(hdev);
3582
3583 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3584 if (conn && !ev->status)
3585 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3586
3587 hci_dev_unlock(hdev);
3588}
3589
3590static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3591{
3592 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3593 struct inquiry_entry *ie;
3594
3595 BT_DBG("%s", hdev->name);
3596
3597 hci_dev_lock(hdev);
3598
3599 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3600 if (ie) {
3601 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3602 ie->timestamp = jiffies;
3603 }
3604
3605 hci_dev_unlock(hdev);
3606}
3607
3608static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3609 struct sk_buff *skb)
3610{
3611 struct inquiry_data data;
3612 int num_rsp = *((__u8 *) skb->data);
3613
3614 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3615
3616 if (!num_rsp)
3617 return;
3618
3619 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3620 return;
3621
3622 hci_dev_lock(hdev);
3623
3624 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3625 struct inquiry_info_with_rssi_and_pscan_mode *info;
3626 info = (void *) (skb->data + 1);
3627
3628 for (; num_rsp; num_rsp--, info++) {
3629 u32 flags;
3630
3631 bacpy(&data.bdaddr, &info->bdaddr);
3632 data.pscan_rep_mode = info->pscan_rep_mode;
3633 data.pscan_period_mode = info->pscan_period_mode;
3634 data.pscan_mode = info->pscan_mode;
3635 memcpy(data.dev_class, info->dev_class, 3);
3636 data.clock_offset = info->clock_offset;
3637 data.rssi = info->rssi;
3638 data.ssp_mode = 0x00;
3639
3640 flags = hci_inquiry_cache_update(hdev, &data, false);
3641
3642 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3643 info->dev_class, info->rssi,
3644 flags, NULL, 0, NULL, 0);
3645 }
3646 } else {
3647 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3648
3649 for (; num_rsp; num_rsp--, info++) {
3650 u32 flags;
3651
3652 bacpy(&data.bdaddr, &info->bdaddr);
3653 data.pscan_rep_mode = info->pscan_rep_mode;
3654 data.pscan_period_mode = info->pscan_period_mode;
3655 data.pscan_mode = 0x00;
3656 memcpy(data.dev_class, info->dev_class, 3);
3657 data.clock_offset = info->clock_offset;
3658 data.rssi = info->rssi;
3659 data.ssp_mode = 0x00;
3660
3661 flags = hci_inquiry_cache_update(hdev, &data, false);
3662
3663 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3664 info->dev_class, info->rssi,
3665 flags, NULL, 0, NULL, 0);
3666 }
3667 }
3668
3669 hci_dev_unlock(hdev);
3670}
3671
3672static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3673 struct sk_buff *skb)
3674{
3675 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3676 struct hci_conn *conn;
3677
3678 BT_DBG("%s", hdev->name);
3679
3680 hci_dev_lock(hdev);
3681
3682 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3683 if (!conn)
3684 goto unlock;
3685
3686 if (ev->page < HCI_MAX_PAGES)
3687 memcpy(conn->features[ev->page], ev->features, 8);
3688
3689 if (!ev->status && ev->page == 0x01) {
3690 struct inquiry_entry *ie;
3691
3692 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3693 if (ie)
3694 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3695
3696 if (ev->features[0] & LMP_HOST_SSP) {
3697 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3698 } else {
3699
3700
3701
3702
3703
3704
3705
3706
3707 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3708 }
3709
3710 if (ev->features[0] & LMP_HOST_SC)
3711 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3712 }
3713
3714 if (conn->state != BT_CONFIG)
3715 goto unlock;
3716
3717 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3718 struct hci_cp_remote_name_req cp;
3719 memset(&cp, 0, sizeof(cp));
3720 bacpy(&cp.bdaddr, &conn->dst);
3721 cp.pscan_rep_mode = 0x02;
3722 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3723 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3724 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3725
3726 if (!hci_outgoing_auth_needed(hdev, conn)) {
3727 conn->state = BT_CONNECTED;
3728 hci_connect_cfm(conn, ev->status);
3729 hci_conn_drop(conn);
3730 }
3731
3732unlock:
3733 hci_dev_unlock(hdev);
3734}
3735
3736static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3737 struct sk_buff *skb)
3738{
3739 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3740 struct hci_conn *conn;
3741
3742 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3743
3744 hci_dev_lock(hdev);
3745
3746 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3747 if (!conn) {
3748 if (ev->link_type == ESCO_LINK)
3749 goto unlock;
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3761 if (!conn)
3762 goto unlock;
3763 }
3764
3765 switch (ev->status) {
3766 case 0x00:
3767 conn->handle = __le16_to_cpu(ev->handle);
3768 conn->state = BT_CONNECTED;
3769 conn->type = ev->link_type;
3770
3771 hci_debugfs_create_conn(conn);
3772 hci_conn_add_sysfs(conn);
3773 break;
3774
3775 case 0x10:
3776 case 0x0d:
3777 case 0x11:
3778 case 0x1c:
3779 case 0x1a:
3780 case 0x1f:
3781 case 0x20:
3782 if (conn->out) {
3783 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3784 (hdev->esco_type & EDR_ESCO_MASK);
3785 if (hci_setup_sync(conn, conn->link->handle))
3786 goto unlock;
3787 }
3788
3789
3790 default:
3791 conn->state = BT_CLOSED;
3792 break;
3793 }
3794
3795 hci_connect_cfm(conn, ev->status);
3796 if (ev->status)
3797 hci_conn_del(conn);
3798
3799unlock:
3800 hci_dev_unlock(hdev);
3801}
3802
3803static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3804{
3805 size_t parsed = 0;
3806
3807 while (parsed < eir_len) {
3808 u8 field_len = eir[0];
3809
3810 if (field_len == 0)
3811 return parsed;
3812
3813 parsed += field_len + 1;
3814 eir += field_len + 1;
3815 }
3816
3817 return eir_len;
3818}
3819
3820static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3821 struct sk_buff *skb)
3822{
3823 struct inquiry_data data;
3824 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3825 int num_rsp = *((__u8 *) skb->data);
3826 size_t eir_len;
3827
3828 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3829
3830 if (!num_rsp)
3831 return;
3832
3833 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
3834 return;
3835
3836 hci_dev_lock(hdev);
3837
3838 for (; num_rsp; num_rsp--, info++) {
3839 u32 flags;
3840 bool name_known;
3841
3842 bacpy(&data.bdaddr, &info->bdaddr);
3843 data.pscan_rep_mode = info->pscan_rep_mode;
3844 data.pscan_period_mode = info->pscan_period_mode;
3845 data.pscan_mode = 0x00;
3846 memcpy(data.dev_class, info->dev_class, 3);
3847 data.clock_offset = info->clock_offset;
3848 data.rssi = info->rssi;
3849 data.ssp_mode = 0x01;
3850
3851 if (hci_dev_test_flag(hdev, HCI_MGMT))
3852 name_known = eir_get_data(info->data,
3853 sizeof(info->data),
3854 EIR_NAME_COMPLETE, NULL);
3855 else
3856 name_known = true;
3857
3858 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3859
3860 eir_len = eir_get_length(info->data, sizeof(info->data));
3861
3862 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3863 info->dev_class, info->rssi,
3864 flags, info->data, eir_len, NULL, 0);
3865 }
3866
3867 hci_dev_unlock(hdev);
3868}
3869
3870static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3871 struct sk_buff *skb)
3872{
3873 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3874 struct hci_conn *conn;
3875
3876 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3877 __le16_to_cpu(ev->handle));
3878
3879 hci_dev_lock(hdev);
3880
3881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3882 if (!conn)
3883 goto unlock;
3884
3885
3886
3887
3888 if (conn->type != LE_LINK)
3889 goto unlock;
3890
3891 if (!ev->status)
3892 conn->sec_level = conn->pending_sec_level;
3893
3894 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3895
3896 if (ev->status && conn->state == BT_CONNECTED) {
3897 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3898 hci_conn_drop(conn);
3899 goto unlock;
3900 }
3901
3902 if (conn->state == BT_CONFIG) {
3903 if (!ev->status)
3904 conn->state = BT_CONNECTED;
3905
3906 hci_connect_cfm(conn, ev->status);
3907 hci_conn_drop(conn);
3908 } else {
3909 hci_auth_cfm(conn, ev->status);
3910
3911 hci_conn_hold(conn);
3912 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3913 hci_conn_drop(conn);
3914 }
3915
3916unlock:
3917 hci_dev_unlock(hdev);
3918}
3919
3920static u8 hci_get_auth_req(struct hci_conn *conn)
3921{
3922
3923 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3924 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3925 return conn->remote_auth | (conn->auth_type & 0x01);
3926
3927
3928
3929
3930 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3931 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3932 return conn->remote_auth | 0x01;
3933
3934
3935 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3936}
3937
3938static u8 bredr_oob_data_present(struct hci_conn *conn)
3939{
3940 struct hci_dev *hdev = conn->hdev;
3941 struct oob_data *data;
3942
3943 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
3944 if (!data)
3945 return 0x00;
3946
3947 if (bredr_sc_enabled(hdev)) {
3948
3949
3950
3951
3952
3953
3954 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
3955 return data->present;
3956
3957
3958
3959
3960
3961
3962 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
3963 !memcmp(data->hash256, ZERO_KEY, 16))
3964 return 0x00;
3965
3966 return 0x02;
3967 }
3968
3969
3970
3971
3972
3973 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
3974 !memcmp(data->hash192, ZERO_KEY, 16))
3975 return 0x00;
3976
3977 return 0x01;
3978}
3979
3980static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3981{
3982 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3983 struct hci_conn *conn;
3984
3985 BT_DBG("%s", hdev->name);
3986
3987 hci_dev_lock(hdev);
3988
3989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3990 if (!conn)
3991 goto unlock;
3992
3993 hci_conn_hold(conn);
3994
3995 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3996 goto unlock;
3997
3998
3999
4000
4001 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
4002 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4003 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4004 struct hci_cp_io_capability_reply cp;
4005
4006 bacpy(&cp.bdaddr, &ev->bdaddr);
4007
4008
4009 cp.capability = (conn->io_capability == 0x04) ?
4010 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4011
4012
4013 if (conn->remote_auth == 0xff) {
4014
4015
4016
4017 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4018 conn->auth_type != HCI_AT_NO_BONDING)
4019 conn->auth_type |= 0x01;
4020 } else {
4021 conn->auth_type = hci_get_auth_req(conn);
4022 }
4023
4024
4025
4026
4027 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
4028 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4029
4030 cp.authentication = conn->auth_type;
4031 cp.oob_data = bredr_oob_data_present(conn);
4032
4033 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4034 sizeof(cp), &cp);
4035 } else {
4036 struct hci_cp_io_capability_neg_reply cp;
4037
4038 bacpy(&cp.bdaddr, &ev->bdaddr);
4039 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4040
4041 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4042 sizeof(cp), &cp);
4043 }
4044
4045unlock:
4046 hci_dev_unlock(hdev);
4047}
4048
4049static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4050{
4051 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4052 struct hci_conn *conn;
4053
4054 BT_DBG("%s", hdev->name);
4055
4056 hci_dev_lock(hdev);
4057
4058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4059 if (!conn)
4060 goto unlock;
4061
4062 conn->remote_cap = ev->capability;
4063 conn->remote_auth = ev->authentication;
4064
4065unlock:
4066 hci_dev_unlock(hdev);
4067}
4068
4069static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4070 struct sk_buff *skb)
4071{
4072 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4073 int loc_mitm, rem_mitm, confirm_hint = 0;
4074 struct hci_conn *conn;
4075
4076 BT_DBG("%s", hdev->name);
4077
4078 hci_dev_lock(hdev);
4079
4080 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4081 goto unlock;
4082
4083 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4084 if (!conn)
4085 goto unlock;
4086
4087 loc_mitm = (conn->auth_type & 0x01);
4088 rem_mitm = (conn->remote_auth & 0x01);
4089
4090
4091
4092
4093
4094
4095 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4096 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4097 BT_DBG("Rejecting request: remote device can't provide MITM");
4098 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4099 sizeof(ev->bdaddr), &ev->bdaddr);
4100 goto unlock;
4101 }
4102
4103
4104 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4105 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4106
4107
4108
4109
4110
4111
4112
4113 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4114 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4115 (loc_mitm || rem_mitm)) {
4116 BT_DBG("Confirming auto-accept as acceptor");
4117 confirm_hint = 1;
4118 goto confirm;
4119 }
4120
4121 BT_DBG("Auto-accept of user confirmation with %ums delay",
4122 hdev->auto_accept_delay);
4123
4124 if (hdev->auto_accept_delay > 0) {
4125 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4126 queue_delayed_work(conn->hdev->workqueue,
4127 &conn->auto_accept_work, delay);
4128 goto unlock;
4129 }
4130
4131 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4132 sizeof(ev->bdaddr), &ev->bdaddr);
4133 goto unlock;
4134 }
4135
4136confirm:
4137 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4138 le32_to_cpu(ev->passkey), confirm_hint);
4139
4140unlock:
4141 hci_dev_unlock(hdev);
4142}
4143
4144static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4145 struct sk_buff *skb)
4146{
4147 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4148
4149 BT_DBG("%s", hdev->name);
4150
4151 if (hci_dev_test_flag(hdev, HCI_MGMT))
4152 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4153}
4154
4155static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4156 struct sk_buff *skb)
4157{
4158 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4159 struct hci_conn *conn;
4160
4161 BT_DBG("%s", hdev->name);
4162
4163 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4164 if (!conn)
4165 return;
4166
4167 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4168 conn->passkey_entered = 0;
4169
4170 if (hci_dev_test_flag(hdev, HCI_MGMT))
4171 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4172 conn->dst_type, conn->passkey_notify,
4173 conn->passkey_entered);
4174}
4175
4176static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4177{
4178 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4179 struct hci_conn *conn;
4180
4181 BT_DBG("%s", hdev->name);
4182
4183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4184 if (!conn)
4185 return;
4186
4187 switch (ev->type) {
4188 case HCI_KEYPRESS_STARTED:
4189 conn->passkey_entered = 0;
4190 return;
4191
4192 case HCI_KEYPRESS_ENTERED:
4193 conn->passkey_entered++;
4194 break;
4195
4196 case HCI_KEYPRESS_ERASED:
4197 conn->passkey_entered--;
4198 break;
4199
4200 case HCI_KEYPRESS_CLEARED:
4201 conn->passkey_entered = 0;
4202 break;
4203
4204 case HCI_KEYPRESS_COMPLETED:
4205 return;
4206 }
4207
4208 if (hci_dev_test_flag(hdev, HCI_MGMT))
4209 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4210 conn->dst_type, conn->passkey_notify,
4211 conn->passkey_entered);
4212}
4213
4214static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4215 struct sk_buff *skb)
4216{
4217 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4218 struct hci_conn *conn;
4219
4220 BT_DBG("%s", hdev->name);
4221
4222 hci_dev_lock(hdev);
4223
4224 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4225 if (!conn)
4226 goto unlock;
4227
4228
4229 conn->remote_auth = 0xff;
4230
4231
4232
4233
4234
4235
4236 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4237 mgmt_auth_failed(conn, ev->status);
4238
4239 hci_conn_drop(conn);
4240
4241unlock:
4242 hci_dev_unlock(hdev);
4243}
4244
4245static void hci_remote_host_features_evt(struct hci_dev *hdev,
4246 struct sk_buff *skb)
4247{
4248 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4249 struct inquiry_entry *ie;
4250 struct hci_conn *conn;
4251
4252 BT_DBG("%s", hdev->name);
4253
4254 hci_dev_lock(hdev);
4255
4256 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4257 if (conn)
4258 memcpy(conn->features[1], ev->features, 8);
4259
4260 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4261 if (ie)
4262 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4263
4264 hci_dev_unlock(hdev);
4265}
4266
4267static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4268 struct sk_buff *skb)
4269{
4270 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4271 struct oob_data *data;
4272
4273 BT_DBG("%s", hdev->name);
4274
4275 hci_dev_lock(hdev);
4276
4277 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4278 goto unlock;
4279
4280 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4281 if (!data) {
4282 struct hci_cp_remote_oob_data_neg_reply cp;
4283
4284 bacpy(&cp.bdaddr, &ev->bdaddr);
4285 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4286 sizeof(cp), &cp);
4287 goto unlock;
4288 }
4289
4290 if (bredr_sc_enabled(hdev)) {
4291 struct hci_cp_remote_oob_ext_data_reply cp;
4292
4293 bacpy(&cp.bdaddr, &ev->bdaddr);
4294 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4295 memset(cp.hash192, 0, sizeof(cp.hash192));
4296 memset(cp.rand192, 0, sizeof(cp.rand192));
4297 } else {
4298 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4299 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4300 }
4301 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4302 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4303
4304 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4305 sizeof(cp), &cp);
4306 } else {
4307 struct hci_cp_remote_oob_data_reply cp;
4308
4309 bacpy(&cp.bdaddr, &ev->bdaddr);
4310 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4311 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4312
4313 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4314 sizeof(cp), &cp);
4315 }
4316
4317unlock:
4318 hci_dev_unlock(hdev);
4319}
4320
4321#if IS_ENABLED(CONFIG_BT_HS)
4322static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4323{
4324 struct hci_ev_channel_selected *ev = (void *)skb->data;
4325 struct hci_conn *hcon;
4326
4327 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4328
4329 skb_pull(skb, sizeof(*ev));
4330
4331 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4332 if (!hcon)
4333 return;
4334
4335 amp_read_loc_assoc_final_data(hdev, hcon);
4336}
4337
4338static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4339 struct sk_buff *skb)
4340{
4341 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4342 struct hci_conn *hcon, *bredr_hcon;
4343
4344 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4345 ev->status);
4346
4347 hci_dev_lock(hdev);
4348
4349 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4350 if (!hcon) {
4351 hci_dev_unlock(hdev);
4352 return;
4353 }
4354
4355 if (ev->status) {
4356 hci_conn_del(hcon);
4357 hci_dev_unlock(hdev);
4358 return;
4359 }
4360
4361 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4362
4363 hcon->state = BT_CONNECTED;
4364 bacpy(&hcon->dst, &bredr_hcon->dst);
4365
4366 hci_conn_hold(hcon);
4367 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4368 hci_conn_drop(hcon);
4369
4370 hci_debugfs_create_conn(hcon);
4371 hci_conn_add_sysfs(hcon);
4372
4373 amp_physical_cfm(bredr_hcon, hcon);
4374
4375 hci_dev_unlock(hdev);
4376}
4377
4378static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4379{
4380 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4381 struct hci_conn *hcon;
4382 struct hci_chan *hchan;
4383 struct amp_mgr *mgr;
4384
4385 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4386 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4387 ev->status);
4388
4389 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4390 if (!hcon)
4391 return;
4392
4393
4394 hchan = hci_chan_create(hcon);
4395 if (!hchan)
4396 return;
4397
4398 hchan->handle = le16_to_cpu(ev->handle);
4399
4400 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4401
4402 mgr = hcon->amp_mgr;
4403 if (mgr && mgr->bredr_chan) {
4404 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4405
4406 l2cap_chan_lock(bredr_chan);
4407
4408 bredr_chan->conn->mtu = hdev->block_mtu;
4409 l2cap_logical_cfm(bredr_chan, hchan, 0);
4410 hci_conn_hold(hcon);
4411
4412 l2cap_chan_unlock(bredr_chan);
4413 }
4414}
4415
4416static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4417 struct sk_buff *skb)
4418{
4419 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4420 struct hci_chan *hchan;
4421
4422 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4423 le16_to_cpu(ev->handle), ev->status);
4424
4425 if (ev->status)
4426 return;
4427
4428 hci_dev_lock(hdev);
4429
4430 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4431 if (!hchan)
4432 goto unlock;
4433
4434 amp_destroy_logical_link(hchan, ev->reason);
4435
4436unlock:
4437 hci_dev_unlock(hdev);
4438}
4439
4440static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4441 struct sk_buff *skb)
4442{
4443 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4444 struct hci_conn *hcon;
4445
4446 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4447
4448 if (ev->status)
4449 return;
4450
4451 hci_dev_lock(hdev);
4452
4453 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4454 if (hcon) {
4455 hcon->state = BT_CLOSED;
4456 hci_conn_del(hcon);
4457 }
4458
4459 hci_dev_unlock(hdev);
4460}
4461#endif
4462
4463static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4464{
4465 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4466 struct hci_conn_params *params;
4467 struct hci_conn *conn;
4468 struct smp_irk *irk;
4469 u8 addr_type;
4470
4471 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4472
4473 hci_dev_lock(hdev);
4474
4475
4476
4477
4478 hci_dev_clear_flag(hdev, HCI_LE_ADV);
4479
4480 conn = hci_lookup_le_connect(hdev);
4481 if (!conn) {
4482 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4483 if (!conn) {
4484 bt_dev_err(hdev, "no memory for new connection");
4485 goto unlock;
4486 }
4487
4488 conn->dst_type = ev->bdaddr_type;
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498 if (conn->out) {
4499 conn->resp_addr_type = ev->bdaddr_type;
4500 bacpy(&conn->resp_addr, &ev->bdaddr);
4501 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4502 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4503 bacpy(&conn->init_addr, &hdev->rpa);
4504 } else {
4505 hci_copy_identity_address(hdev,
4506 &conn->init_addr,
4507 &conn->init_addr_type);
4508 }
4509 }
4510 } else {
4511 cancel_delayed_work(&conn->le_conn_timeout);
4512 }
4513
4514 if (!conn->out) {
4515
4516
4517
4518 conn->resp_addr_type = hdev->adv_addr_type;
4519 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4520 bacpy(&conn->resp_addr, &hdev->random_addr);
4521 else
4522 bacpy(&conn->resp_addr, &hdev->bdaddr);
4523
4524 conn->init_addr_type = ev->bdaddr_type;
4525 bacpy(&conn->init_addr, &ev->bdaddr);
4526
4527
4528
4529
4530
4531
4532 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4533 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4534 }
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4546 if (irk) {
4547 bacpy(&conn->dst, &irk->bdaddr);
4548 conn->dst_type = irk->addr_type;
4549 }
4550
4551 if (ev->status) {
4552 hci_le_conn_failed(conn, ev->status);
4553 goto unlock;
4554 }
4555
4556 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4557 addr_type = BDADDR_LE_PUBLIC;
4558 else
4559 addr_type = BDADDR_LE_RANDOM;
4560
4561
4562 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4563 hci_conn_drop(conn);
4564 goto unlock;
4565 }
4566
4567 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4568 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4569
4570 conn->sec_level = BT_SECURITY_LOW;
4571 conn->handle = __le16_to_cpu(ev->handle);
4572 conn->state = BT_CONFIG;
4573
4574 conn->le_conn_interval = le16_to_cpu(ev->interval);
4575 conn->le_conn_latency = le16_to_cpu(ev->latency);
4576 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4577
4578 hci_debugfs_create_conn(conn);
4579 hci_conn_add_sysfs(conn);
4580
4581 if (!ev->status) {
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591 if (conn->out ||
4592 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
4593 struct hci_cp_le_read_remote_features cp;
4594
4595 cp.handle = __cpu_to_le16(conn->handle);
4596
4597 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
4598 sizeof(cp), &cp);
4599
4600 hci_conn_hold(conn);
4601 } else {
4602 conn->state = BT_CONNECTED;
4603 hci_connect_cfm(conn, ev->status);
4604 }
4605 } else {
4606 hci_connect_cfm(conn, ev->status);
4607 }
4608
4609 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4610 conn->dst_type);
4611 if (params) {
4612 list_del_init(¶ms->action);
4613 if (params->conn) {
4614 hci_conn_drop(params->conn);
4615 hci_conn_put(params->conn);
4616 params->conn = NULL;
4617 }
4618 }
4619
4620unlock:
4621 hci_update_background_scan(hdev);
4622 hci_dev_unlock(hdev);
4623}
4624
4625static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4626 struct sk_buff *skb)
4627{
4628 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4629 struct hci_conn *conn;
4630
4631 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4632
4633 if (ev->status)
4634 return;
4635
4636 hci_dev_lock(hdev);
4637
4638 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4639 if (conn) {
4640 conn->le_conn_interval = le16_to_cpu(ev->interval);
4641 conn->le_conn_latency = le16_to_cpu(ev->latency);
4642 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4643 }
4644
4645 hci_dev_unlock(hdev);
4646}
4647
4648
4649static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4650 bdaddr_t *addr,
4651 u8 addr_type, u8 adv_type)
4652{
4653 struct hci_conn *conn;
4654 struct hci_conn_params *params;
4655
4656
4657 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4658 return NULL;
4659
4660
4661 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4662 return NULL;
4663
4664
4665
4666
4667 if (hdev->conn_hash.le_num_slave > 0)
4668 return NULL;
4669
4670
4671
4672
4673 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
4674 addr_type);
4675 if (!params)
4676 return NULL;
4677
4678 if (!params->explicit_connect) {
4679 switch (params->auto_connect) {
4680 case HCI_AUTO_CONN_DIRECT:
4681
4682
4683
4684
4685 if (adv_type != LE_ADV_DIRECT_IND)
4686 return NULL;
4687 break;
4688 case HCI_AUTO_CONN_ALWAYS:
4689
4690
4691
4692
4693
4694
4695 break;
4696 default:
4697 return NULL;
4698 }
4699 }
4700
4701 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4702 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4703 if (!IS_ERR(conn)) {
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713 if (!params->explicit_connect)
4714 params->conn = hci_conn_get(conn);
4715
4716 return conn;
4717 }
4718
4719 switch (PTR_ERR(conn)) {
4720 case -EBUSY:
4721
4722
4723
4724
4725
4726 break;
4727 default:
4728 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4729 return NULL;
4730 }
4731
4732 return NULL;
4733}
4734
4735static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4736 u8 bdaddr_type, bdaddr_t *direct_addr,
4737 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4738{
4739 struct discovery_state *d = &hdev->discovery;
4740 struct smp_irk *irk;
4741 struct hci_conn *conn;
4742 bool match;
4743 u32 flags;
4744 u8 *ptr, real_len;
4745
4746 switch (type) {
4747 case LE_ADV_IND:
4748 case LE_ADV_DIRECT_IND:
4749 case LE_ADV_SCAN_IND:
4750 case LE_ADV_NONCONN_IND:
4751 case LE_ADV_SCAN_RSP:
4752 break;
4753 default:
4754 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
4755 "type: 0x%02x", type);
4756 return;
4757 }
4758
4759
4760
4761
4762
4763
4764
4765 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
4766 if (ptr + 1 + *ptr > data + len)
4767 break;
4768 }
4769
4770 real_len = ptr - data;
4771
4772
4773 if (len != real_len) {
4774 bt_dev_err_ratelimited(hdev, "advertising data len corrected");
4775 len = real_len;
4776 }
4777
4778
4779
4780
4781
4782
4783 if (direct_addr) {
4784
4785
4786
4787 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4788 return;
4789
4790
4791
4792
4793 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
4794 return;
4795
4796
4797
4798
4799
4800 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4801 return;
4802 }
4803
4804
4805 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4806 if (irk) {
4807 bdaddr = &irk->bdaddr;
4808 bdaddr_type = irk->addr_type;
4809 }
4810
4811
4812 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4813 if (conn && type == LE_ADV_IND) {
4814
4815
4816
4817 memcpy(conn->le_adv_data, data, len);
4818 conn->le_adv_data_len = len;
4819 }
4820
4821
4822
4823
4824
4825 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4826 if (type == LE_ADV_DIRECT_IND)
4827 return;
4828
4829 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4830 bdaddr, bdaddr_type))
4831 return;
4832
4833 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4834 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4835 else
4836 flags = 0;
4837 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4838 rssi, flags, data, len, NULL, 0);
4839 return;
4840 }
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4858 type == LE_ADV_SCAN_RSP)
4859 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4860 else
4861 flags = 0;
4862
4863
4864
4865
4866
4867 if (!has_pending_adv_report(hdev)) {
4868
4869
4870
4871 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4872 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4873 rssi, flags, data, len);
4874 return;
4875 }
4876
4877 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4878 rssi, flags, data, len, NULL, 0);
4879 return;
4880 }
4881
4882
4883 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4884 bdaddr_type == d->last_adv_addr_type);
4885
4886
4887
4888
4889
4890 if (type != LE_ADV_SCAN_RSP || !match) {
4891
4892 if (!match)
4893 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4894 d->last_adv_addr_type, NULL,
4895 d->last_adv_rssi, d->last_adv_flags,
4896 d->last_adv_data,
4897 d->last_adv_data_len, NULL, 0);
4898
4899
4900
4901
4902 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4903 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4904 rssi, flags, data, len);
4905 return;
4906 }
4907
4908
4909
4910
4911 clear_pending_adv_report(hdev);
4912 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4913 rssi, flags, data, len, NULL, 0);
4914 return;
4915 }
4916
4917
4918
4919
4920
4921 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4922 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4923 d->last_adv_data, d->last_adv_data_len, data, len);
4924 clear_pending_adv_report(hdev);
4925}
4926
4927static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4928{
4929 u8 num_reports = skb->data[0];
4930 void *ptr = &skb->data[1];
4931
4932 hci_dev_lock(hdev);
4933
4934 while (num_reports--) {
4935 struct hci_ev_le_advertising_info *ev = ptr;
4936 s8 rssi;
4937
4938 rssi = ev->data[ev->length];
4939 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4940 ev->bdaddr_type, NULL, 0, rssi,
4941 ev->data, ev->length);
4942
4943 ptr += sizeof(*ev) + ev->length + 1;
4944 }
4945
4946 hci_dev_unlock(hdev);
4947}
4948
4949static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
4950 struct sk_buff *skb)
4951{
4952 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
4953 struct hci_conn *conn;
4954
4955 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4956
4957 hci_dev_lock(hdev);
4958
4959 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4960 if (conn) {
4961 if (!ev->status)
4962 memcpy(conn->features[0], ev->features, 8);
4963
4964 if (conn->state == BT_CONFIG) {
4965 __u8 status;
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
4977 !conn->out && ev->status == 0x1a)
4978 status = 0x00;
4979 else
4980 status = ev->status;
4981
4982 conn->state = BT_CONNECTED;
4983 hci_connect_cfm(conn, status);
4984 hci_conn_drop(conn);
4985 }
4986 }
4987
4988 hci_dev_unlock(hdev);
4989}
4990
4991static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4992{
4993 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4994 struct hci_cp_le_ltk_reply cp;
4995 struct hci_cp_le_ltk_neg_reply neg;
4996 struct hci_conn *conn;
4997 struct smp_ltk *ltk;
4998
4999 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5000
5001 hci_dev_lock(hdev);
5002
5003 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5004 if (conn == NULL)
5005 goto not_found;
5006
5007 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5008 if (!ltk)
5009 goto not_found;
5010
5011 if (smp_ltk_is_sc(ltk)) {
5012
5013 if (ev->ediv || ev->rand)
5014 goto not_found;
5015 } else {
5016
5017 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5018 goto not_found;
5019 }
5020
5021 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5022 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
5023 cp.handle = cpu_to_le16(conn->handle);
5024
5025 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5026
5027 conn->enc_key_size = ltk->enc_size;
5028
5029 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5030
5031
5032
5033
5034
5035
5036
5037 if (ltk->type == SMP_STK) {
5038 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5039 list_del_rcu(<k->list);
5040 kfree_rcu(ltk, rcu);
5041 } else {
5042 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5043 }
5044
5045 hci_dev_unlock(hdev);
5046
5047 return;
5048
5049not_found:
5050 neg.handle = ev->handle;
5051 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5052 hci_dev_unlock(hdev);
5053}
5054
5055static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5056 u8 reason)
5057{
5058 struct hci_cp_le_conn_param_req_neg_reply cp;
5059
5060 cp.handle = cpu_to_le16(handle);
5061 cp.reason = reason;
5062
5063 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5064 &cp);
5065}
5066
5067static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5068 struct sk_buff *skb)
5069{
5070 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5071 struct hci_cp_le_conn_param_req_reply cp;
5072 struct hci_conn *hcon;
5073 u16 handle, min, max, latency, timeout;
5074
5075 handle = le16_to_cpu(ev->handle);
5076 min = le16_to_cpu(ev->interval_min);
5077 max = le16_to_cpu(ev->interval_max);
5078 latency = le16_to_cpu(ev->latency);
5079 timeout = le16_to_cpu(ev->timeout);
5080
5081 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5082 if (!hcon || hcon->state != BT_CONNECTED)
5083 return send_conn_param_neg_reply(hdev, handle,
5084 HCI_ERROR_UNKNOWN_CONN_ID);
5085
5086 if (hci_check_conn_params(min, max, latency, timeout))
5087 return send_conn_param_neg_reply(hdev, handle,
5088 HCI_ERROR_INVALID_LL_PARAMS);
5089
5090 if (hcon->role == HCI_ROLE_MASTER) {
5091 struct hci_conn_params *params;
5092 u8 store_hint;
5093
5094 hci_dev_lock(hdev);
5095
5096 params = hci_conn_params_lookup(hdev, &hcon->dst,
5097 hcon->dst_type);
5098 if (params) {
5099 params->conn_min_interval = min;
5100 params->conn_max_interval = max;
5101 params->conn_latency = latency;
5102 params->supervision_timeout = timeout;
5103 store_hint = 0x01;
5104 } else{
5105 store_hint = 0x00;
5106 }
5107
5108 hci_dev_unlock(hdev);
5109
5110 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5111 store_hint, min, max, latency, timeout);
5112 }
5113
5114 cp.handle = ev->handle;
5115 cp.interval_min = ev->interval_min;
5116 cp.interval_max = ev->interval_max;
5117 cp.latency = ev->latency;
5118 cp.timeout = ev->timeout;
5119 cp.min_ce_len = 0;
5120 cp.max_ce_len = 0;
5121
5122 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5123}
5124
5125static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5126 struct sk_buff *skb)
5127{
5128 u8 num_reports = skb->data[0];
5129 void *ptr = &skb->data[1];
5130
5131 hci_dev_lock(hdev);
5132
5133 while (num_reports--) {
5134 struct hci_ev_le_direct_adv_info *ev = ptr;
5135
5136 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5137 ev->bdaddr_type, &ev->direct_addr,
5138 ev->direct_addr_type, ev->rssi, NULL, 0);
5139
5140 ptr += sizeof(*ev);
5141 }
5142
5143 hci_dev_unlock(hdev);
5144}
5145
5146static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5147{
5148 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5149
5150 skb_pull(skb, sizeof(*le_ev));
5151
5152 switch (le_ev->subevent) {
5153 case HCI_EV_LE_CONN_COMPLETE:
5154 hci_le_conn_complete_evt(hdev, skb);
5155 break;
5156
5157 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5158 hci_le_conn_update_complete_evt(hdev, skb);
5159 break;
5160
5161 case HCI_EV_LE_ADVERTISING_REPORT:
5162 hci_le_adv_report_evt(hdev, skb);
5163 break;
5164
5165 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5166 hci_le_remote_feat_complete_evt(hdev, skb);
5167 break;
5168
5169 case HCI_EV_LE_LTK_REQ:
5170 hci_le_ltk_request_evt(hdev, skb);
5171 break;
5172
5173 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5174 hci_le_remote_conn_param_req_evt(hdev, skb);
5175 break;
5176
5177 case HCI_EV_LE_DIRECT_ADV_REPORT:
5178 hci_le_direct_adv_report_evt(hdev, skb);
5179 break;
5180
5181 default:
5182 break;
5183 }
5184}
5185
5186static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5187 u8 event, struct sk_buff *skb)
5188{
5189 struct hci_ev_cmd_complete *ev;
5190 struct hci_event_hdr *hdr;
5191
5192 if (!skb)
5193 return false;
5194
5195 if (skb->len < sizeof(*hdr)) {
5196 bt_dev_err(hdev, "too short HCI event");
5197 return false;
5198 }
5199
5200 hdr = (void *) skb->data;
5201 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5202
5203 if (event) {
5204 if (hdr->evt != event)
5205 return false;
5206 return true;
5207 }
5208
5209 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5210 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5211 hdr->evt);
5212 return false;
5213 }
5214
5215 if (skb->len < sizeof(*ev)) {
5216 bt_dev_err(hdev, "too short cmd_complete event");
5217 return false;
5218 }
5219
5220 ev = (void *) skb->data;
5221 skb_pull(skb, sizeof(*ev));
5222
5223 if (opcode != __le16_to_cpu(ev->opcode)) {
5224 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5225 __le16_to_cpu(ev->opcode));
5226 return false;
5227 }
5228
5229 return true;
5230}
5231
5232void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5233{
5234 struct hci_event_hdr *hdr = (void *) skb->data;
5235 hci_req_complete_t req_complete = NULL;
5236 hci_req_complete_skb_t req_complete_skb = NULL;
5237 struct sk_buff *orig_skb = NULL;
5238 u8 status = 0, event = hdr->evt, req_evt = 0;
5239 u16 opcode = HCI_OP_NOP;
5240
5241 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
5242 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5243 opcode = __le16_to_cpu(cmd_hdr->opcode);
5244 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5245 &req_complete_skb);
5246 req_evt = event;
5247 }
5248
5249
5250
5251
5252
5253
5254 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5255 event == HCI_EV_CMD_COMPLETE)
5256 orig_skb = skb_clone(skb, GFP_KERNEL);
5257
5258 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5259
5260 switch (event) {
5261 case HCI_EV_INQUIRY_COMPLETE:
5262 hci_inquiry_complete_evt(hdev, skb);
5263 break;
5264
5265 case HCI_EV_INQUIRY_RESULT:
5266 hci_inquiry_result_evt(hdev, skb);
5267 break;
5268
5269 case HCI_EV_CONN_COMPLETE:
5270 hci_conn_complete_evt(hdev, skb);
5271 break;
5272
5273 case HCI_EV_CONN_REQUEST:
5274 hci_conn_request_evt(hdev, skb);
5275 break;
5276
5277 case HCI_EV_DISCONN_COMPLETE:
5278 hci_disconn_complete_evt(hdev, skb);
5279 break;
5280
5281 case HCI_EV_AUTH_COMPLETE:
5282 hci_auth_complete_evt(hdev, skb);
5283 break;
5284
5285 case HCI_EV_REMOTE_NAME:
5286 hci_remote_name_evt(hdev, skb);
5287 break;
5288
5289 case HCI_EV_ENCRYPT_CHANGE:
5290 hci_encrypt_change_evt(hdev, skb);
5291 break;
5292
5293 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5294 hci_change_link_key_complete_evt(hdev, skb);
5295 break;
5296
5297 case HCI_EV_REMOTE_FEATURES:
5298 hci_remote_features_evt(hdev, skb);
5299 break;
5300
5301 case HCI_EV_CMD_COMPLETE:
5302 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
5303 &req_complete, &req_complete_skb);
5304 break;
5305
5306 case HCI_EV_CMD_STATUS:
5307 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
5308 &req_complete_skb);
5309 break;
5310
5311 case HCI_EV_HARDWARE_ERROR:
5312 hci_hardware_error_evt(hdev, skb);
5313 break;
5314
5315 case HCI_EV_ROLE_CHANGE:
5316 hci_role_change_evt(hdev, skb);
5317 break;
5318
5319 case HCI_EV_NUM_COMP_PKTS:
5320 hci_num_comp_pkts_evt(hdev, skb);
5321 break;
5322
5323 case HCI_EV_MODE_CHANGE:
5324 hci_mode_change_evt(hdev, skb);
5325 break;
5326
5327 case HCI_EV_PIN_CODE_REQ:
5328 hci_pin_code_request_evt(hdev, skb);
5329 break;
5330
5331 case HCI_EV_LINK_KEY_REQ:
5332 hci_link_key_request_evt(hdev, skb);
5333 break;
5334
5335 case HCI_EV_LINK_KEY_NOTIFY:
5336 hci_link_key_notify_evt(hdev, skb);
5337 break;
5338
5339 case HCI_EV_CLOCK_OFFSET:
5340 hci_clock_offset_evt(hdev, skb);
5341 break;
5342
5343 case HCI_EV_PKT_TYPE_CHANGE:
5344 hci_pkt_type_change_evt(hdev, skb);
5345 break;
5346
5347 case HCI_EV_PSCAN_REP_MODE:
5348 hci_pscan_rep_mode_evt(hdev, skb);
5349 break;
5350
5351 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5352 hci_inquiry_result_with_rssi_evt(hdev, skb);
5353 break;
5354
5355 case HCI_EV_REMOTE_EXT_FEATURES:
5356 hci_remote_ext_features_evt(hdev, skb);
5357 break;
5358
5359 case HCI_EV_SYNC_CONN_COMPLETE:
5360 hci_sync_conn_complete_evt(hdev, skb);
5361 break;
5362
5363 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5364 hci_extended_inquiry_result_evt(hdev, skb);
5365 break;
5366
5367 case HCI_EV_KEY_REFRESH_COMPLETE:
5368 hci_key_refresh_complete_evt(hdev, skb);
5369 break;
5370
5371 case HCI_EV_IO_CAPA_REQUEST:
5372 hci_io_capa_request_evt(hdev, skb);
5373 break;
5374
5375 case HCI_EV_IO_CAPA_REPLY:
5376 hci_io_capa_reply_evt(hdev, skb);
5377 break;
5378
5379 case HCI_EV_USER_CONFIRM_REQUEST:
5380 hci_user_confirm_request_evt(hdev, skb);
5381 break;
5382
5383 case HCI_EV_USER_PASSKEY_REQUEST:
5384 hci_user_passkey_request_evt(hdev, skb);
5385 break;
5386
5387 case HCI_EV_USER_PASSKEY_NOTIFY:
5388 hci_user_passkey_notify_evt(hdev, skb);
5389 break;
5390
5391 case HCI_EV_KEYPRESS_NOTIFY:
5392 hci_keypress_notify_evt(hdev, skb);
5393 break;
5394
5395 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5396 hci_simple_pair_complete_evt(hdev, skb);
5397 break;
5398
5399 case HCI_EV_REMOTE_HOST_FEATURES:
5400 hci_remote_host_features_evt(hdev, skb);
5401 break;
5402
5403 case HCI_EV_LE_META:
5404 hci_le_meta_evt(hdev, skb);
5405 break;
5406
5407 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5408 hci_remote_oob_data_request_evt(hdev, skb);
5409 break;
5410
5411#if IS_ENABLED(CONFIG_BT_HS)
5412 case HCI_EV_CHANNEL_SELECTED:
5413 hci_chan_selected_evt(hdev, skb);
5414 break;
5415
5416 case HCI_EV_PHY_LINK_COMPLETE:
5417 hci_phy_link_complete_evt(hdev, skb);
5418 break;
5419
5420 case HCI_EV_LOGICAL_LINK_COMPLETE:
5421 hci_loglink_complete_evt(hdev, skb);
5422 break;
5423
5424 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5425 hci_disconn_loglink_complete_evt(hdev, skb);
5426 break;
5427
5428 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5429 hci_disconn_phylink_complete_evt(hdev, skb);
5430 break;
5431#endif
5432
5433 case HCI_EV_NUM_COMP_BLOCKS:
5434 hci_num_comp_blocks_evt(hdev, skb);
5435 break;
5436
5437 default:
5438 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5439 break;
5440 }
5441
5442 if (req_complete) {
5443 req_complete(hdev, status, opcode);
5444 } else if (req_complete_skb) {
5445 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
5446 kfree_skb(orig_skb);
5447 orig_skb = NULL;
5448 }
5449 req_complete_skb(hdev, status, opcode, orig_skb);
5450 }
5451
5452 kfree_skb(orig_skb);
5453 kfree_skb(skb);
5454 hdev->stat.evt_rx++;
5455}
5456
