1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/mgmt.h>
32
33#include "hci_request.h"
34#include "hci_debugfs.h"
35#include "a2mp.h"
36#include "amp.h"
37#include "smp.h"
38#include "msft.h"
39
40#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
41 "\x00\x00\x00\x00\x00\x00\x00\x00"
42
43
44
45static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
46 u8 *new_status)
47{
48 __u8 status = *((__u8 *) skb->data);
49
50 BT_DBG("%s status 0x%2.2x", hdev->name, status);
51
52
53
54
55
56
57
58
59 if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
60 bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
61 status = 0x00;
62 }
63
64 *new_status = status;
65
66 if (status)
67 return;
68
69 clear_bit(HCI_INQUIRY, &hdev->flags);
70 smp_mb__after_atomic();
71 wake_up_bit(&hdev->flags, HCI_INQUIRY);
72
73 hci_dev_lock(hdev);
74
75
76
77 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
78 hdev->le_scan_type != LE_SCAN_ACTIVE)
79 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
80 hci_dev_unlock(hdev);
81
82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 __u8 status = *((__u8 *) skb->data);
88
89 BT_DBG("%s status 0x%2.2x", hdev->name, status);
90
91 if (status)
92 return;
93
94 hci_dev_set_flag(hdev, HCI_PERIODIC_INQ);
95}
96
97static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
98{
99 __u8 status = *((__u8 *) skb->data);
100
101 BT_DBG("%s status 0x%2.2x", hdev->name, status);
102
103 if (status)
104 return;
105
106 hci_dev_clear_flag(hdev, HCI_PERIODIC_INQ);
107
108 hci_conn_check_pending(hdev);
109}
110
111static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
112 struct sk_buff *skb)
113{
114 BT_DBG("%s", hdev->name);
115}
116
117static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_role_discovery *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 if (conn)
131 conn->role = rp->role;
132
133 hci_dev_unlock(hdev);
134}
135
136static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137{
138 struct hci_rp_read_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
140
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = __le16_to_cpu(rp->policy);
151
152 hci_dev_unlock(hdev);
153}
154
155static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_write_link_policy *rp = (void *) skb->data;
158 struct hci_conn *conn;
159 void *sent;
160
161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162
163 if (rp->status)
164 return;
165
166 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
167 if (!sent)
168 return;
169
170 hci_dev_lock(hdev);
171
172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
173 if (conn)
174 conn->link_policy = get_unaligned_le16(sent + 2);
175
176 hci_dev_unlock(hdev);
177}
178
179static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
180 struct sk_buff *skb)
181{
182 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
183
184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
185
186 if (rp->status)
187 return;
188
189 hdev->link_policy = __le16_to_cpu(rp->policy);
190}
191
192static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
193 struct sk_buff *skb)
194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
197
198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
199
200 if (status)
201 return;
202
203 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
204 if (!sent)
205 return;
206
207 hdev->link_policy = get_unaligned_le16(sent);
208}
209
210static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
211{
212 __u8 status = *((__u8 *) skb->data);
213
214 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215
216 clear_bit(HCI_RESET, &hdev->flags);
217
218 if (status)
219 return;
220
221
222 hci_dev_clear_volatile_flags(hdev);
223
224 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
225
226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
228
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
231
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
234
235 hdev->le_scan_type = LE_SCAN_PASSIVE;
236
237 hdev->ssp_debug_mode = 0;
238
239 hci_bdaddr_list_clear(&hdev->le_white_list);
240 hci_bdaddr_list_clear(&hdev->le_resolv_list);
241}
242
243static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
244 struct sk_buff *skb)
245{
246 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
247 struct hci_cp_read_stored_link_key *sent;
248
249 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
252 if (!sent)
253 return;
254
255 if (!rp->status && sent->read_all == 0x01) {
256 hdev->stored_max_keys = rp->max_keys;
257 hdev->stored_num_keys = rp->num_keys;
258 }
259}
260
261static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
262 struct sk_buff *skb)
263{
264 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265
266 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
267
268 if (rp->status)
269 return;
270
271 if (rp->num_keys <= hdev->stored_num_keys)
272 hdev->stored_num_keys -= rp->num_keys;
273 else
274 hdev->stored_num_keys = 0;
275}
276
277static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278{
279 __u8 status = *((__u8 *) skb->data);
280 void *sent;
281
282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
283
284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
285 if (!sent)
286 return;
287
288 hci_dev_lock(hdev);
289
290 if (hci_dev_test_flag(hdev, HCI_MGMT))
291 mgmt_set_local_name_complete(hdev, sent, status);
292 else if (!status)
293 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
294
295 hci_dev_unlock(hdev);
296}
297
298static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299{
300 struct hci_rp_read_local_name *rp = (void *) skb->data;
301
302 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
303
304 if (rp->status)
305 return;
306
307 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
308 hci_dev_test_flag(hdev, HCI_CONFIG))
309 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
310}
311
312static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313{
314 __u8 status = *((__u8 *) skb->data);
315 void *sent;
316
317 BT_DBG("%s status 0x%2.2x", hdev->name, status);
318
319 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
320 if (!sent)
321 return;
322
323 hci_dev_lock(hdev);
324
325 if (!status) {
326 __u8 param = *((__u8 *) sent);
327
328 if (param == AUTH_ENABLED)
329 set_bit(HCI_AUTH, &hdev->flags);
330 else
331 clear_bit(HCI_AUTH, &hdev->flags);
332 }
333
334 if (hci_dev_test_flag(hdev, HCI_MGMT))
335 mgmt_auth_enable_complete(hdev, status);
336
337 hci_dev_unlock(hdev);
338}
339
340static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
341{
342 __u8 status = *((__u8 *) skb->data);
343 __u8 param;
344 void *sent;
345
346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
347
348 if (status)
349 return;
350
351 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
352 if (!sent)
353 return;
354
355 param = *((__u8 *) sent);
356
357 if (param)
358 set_bit(HCI_ENCRYPT, &hdev->flags);
359 else
360 clear_bit(HCI_ENCRYPT, &hdev->flags);
361}
362
363static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364{
365 __u8 status = *((__u8 *) skb->data);
366 __u8 param;
367 void *sent;
368
369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
370
371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
372 if (!sent)
373 return;
374
375 param = *((__u8 *) sent);
376
377 hci_dev_lock(hdev);
378
379 if (status) {
380 hdev->discov_timeout = 0;
381 goto done;
382 }
383
384 if (param & SCAN_INQUIRY)
385 set_bit(HCI_ISCAN, &hdev->flags);
386 else
387 clear_bit(HCI_ISCAN, &hdev->flags);
388
389 if (param & SCAN_PAGE)
390 set_bit(HCI_PSCAN, &hdev->flags);
391 else
392 clear_bit(HCI_PSCAN, &hdev->flags);
393
394done:
395 hci_dev_unlock(hdev);
396}
397
398static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399{
400 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
401
402 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
403
404 if (rp->status)
405 return;
406
407 memcpy(hdev->dev_class, rp->dev_class, 3);
408
409 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
410 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
411}
412
413static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
414{
415 __u8 status = *((__u8 *) skb->data);
416 void *sent;
417
418 BT_DBG("%s status 0x%2.2x", hdev->name, status);
419
420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
421 if (!sent)
422 return;
423
424 hci_dev_lock(hdev);
425
426 if (status == 0)
427 memcpy(hdev->dev_class, sent, 3);
428
429 if (hci_dev_test_flag(hdev, HCI_MGMT))
430 mgmt_set_class_of_dev_complete(hdev, sent, status);
431
432 hci_dev_unlock(hdev);
433}
434
435static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
436{
437 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
438 __u16 setting;
439
440 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
441
442 if (rp->status)
443 return;
444
445 setting = __le16_to_cpu(rp->voice_setting);
446
447 if (hdev->voice_setting == setting)
448 return;
449
450 hdev->voice_setting = setting;
451
452 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
453
454 if (hdev->notify)
455 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
456}
457
458static void hci_cc_write_voice_setting(struct hci_dev *hdev,
459 struct sk_buff *skb)
460{
461 __u8 status = *((__u8 *) skb->data);
462 __u16 setting;
463 void *sent;
464
465 BT_DBG("%s status 0x%2.2x", hdev->name, status);
466
467 if (status)
468 return;
469
470 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
471 if (!sent)
472 return;
473
474 setting = get_unaligned_le16(sent);
475
476 if (hdev->voice_setting == setting)
477 return;
478
479 hdev->voice_setting = setting;
480
481 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
482
483 if (hdev->notify)
484 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
485}
486
487static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
488 struct sk_buff *skb)
489{
490 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
491
492 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
493
494 if (rp->status)
495 return;
496
497 hdev->num_iac = rp->num_iac;
498
499 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
500}
501
502static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
503{
504 __u8 status = *((__u8 *) skb->data);
505 struct hci_cp_write_ssp_mode *sent;
506
507 BT_DBG("%s status 0x%2.2x", hdev->name, status);
508
509 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
510 if (!sent)
511 return;
512
513 hci_dev_lock(hdev);
514
515 if (!status) {
516 if (sent->mode)
517 hdev->features[1][0] |= LMP_HOST_SSP;
518 else
519 hdev->features[1][0] &= ~LMP_HOST_SSP;
520 }
521
522 if (hci_dev_test_flag(hdev, HCI_MGMT))
523 mgmt_ssp_enable_complete(hdev, sent->mode, status);
524 else if (!status) {
525 if (sent->mode)
526 hci_dev_set_flag(hdev, HCI_SSP_ENABLED);
527 else
528 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
529 }
530
531 hci_dev_unlock(hdev);
532}
533
534static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
535{
536 u8 status = *((u8 *) skb->data);
537 struct hci_cp_write_sc_support *sent;
538
539 BT_DBG("%s status 0x%2.2x", hdev->name, status);
540
541 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
542 if (!sent)
543 return;
544
545 hci_dev_lock(hdev);
546
547 if (!status) {
548 if (sent->support)
549 hdev->features[1][0] |= LMP_HOST_SC;
550 else
551 hdev->features[1][0] &= ~LMP_HOST_SC;
552 }
553
554 if (!hci_dev_test_flag(hdev, HCI_MGMT) && !status) {
555 if (sent->support)
556 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
557 else
558 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
559 }
560
561 hci_dev_unlock(hdev);
562}
563
564static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
565{
566 struct hci_rp_read_local_version *rp = (void *) skb->data;
567
568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
569
570 if (rp->status)
571 return;
572
573 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
574 hci_dev_test_flag(hdev, HCI_CONFIG)) {
575 hdev->hci_ver = rp->hci_ver;
576 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
577 hdev->lmp_ver = rp->lmp_ver;
578 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
579 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
580 }
581}
582
583static void hci_cc_read_local_commands(struct hci_dev *hdev,
584 struct sk_buff *skb)
585{
586 struct hci_rp_read_local_commands *rp = (void *) skb->data;
587
588 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
589
590 if (rp->status)
591 return;
592
593 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
594 hci_dev_test_flag(hdev, HCI_CONFIG))
595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
596}
597
598static void hci_cc_read_auth_payload_timeout(struct hci_dev *hdev,
599 struct sk_buff *skb)
600{
601 struct hci_rp_read_auth_payload_to *rp = (void *)skb->data;
602 struct hci_conn *conn;
603
604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605
606 if (rp->status)
607 return;
608
609 hci_dev_lock(hdev);
610
611 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
612 if (conn)
613 conn->auth_payload_timeout = __le16_to_cpu(rp->timeout);
614
615 hci_dev_unlock(hdev);
616}
617
618static void hci_cc_write_auth_payload_timeout(struct hci_dev *hdev,
619 struct sk_buff *skb)
620{
621 struct hci_rp_write_auth_payload_to *rp = (void *)skb->data;
622 struct hci_conn *conn;
623 void *sent;
624
625 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
626
627 if (rp->status)
628 return;
629
630 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO);
631 if (!sent)
632 return;
633
634 hci_dev_lock(hdev);
635
636 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
637 if (conn)
638 conn->auth_payload_timeout = get_unaligned_le16(sent + 2);
639
640 hci_dev_unlock(hdev);
641}
642
643static void hci_cc_read_local_features(struct hci_dev *hdev,
644 struct sk_buff *skb)
645{
646 struct hci_rp_read_local_features *rp = (void *) skb->data;
647
648 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649
650 if (rp->status)
651 return;
652
653 memcpy(hdev->features, rp->features, 8);
654
655
656
657
658 if (hdev->features[0][0] & LMP_3SLOT)
659 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
660
661 if (hdev->features[0][0] & LMP_5SLOT)
662 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
663
664 if (hdev->features[0][1] & LMP_HV2) {
665 hdev->pkt_type |= (HCI_HV2);
666 hdev->esco_type |= (ESCO_HV2);
667 }
668
669 if (hdev->features[0][1] & LMP_HV3) {
670 hdev->pkt_type |= (HCI_HV3);
671 hdev->esco_type |= (ESCO_HV3);
672 }
673
674 if (lmp_esco_capable(hdev))
675 hdev->esco_type |= (ESCO_EV3);
676
677 if (hdev->features[0][4] & LMP_EV4)
678 hdev->esco_type |= (ESCO_EV4);
679
680 if (hdev->features[0][4] & LMP_EV5)
681 hdev->esco_type |= (ESCO_EV5);
682
683 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
684 hdev->esco_type |= (ESCO_2EV3);
685
686 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
687 hdev->esco_type |= (ESCO_3EV3);
688
689 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
690 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
691}
692
693static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
694 struct sk_buff *skb)
695{
696 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
697
698 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699
700 if (rp->status)
701 return;
702
703 if (hdev->max_page < rp->max_page)
704 hdev->max_page = rp->max_page;
705
706 if (rp->page < HCI_MAX_PAGES)
707 memcpy(hdev->features[rp->page], rp->features, 8);
708}
709
710static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
711 struct sk_buff *skb)
712{
713 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
714
715 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
716
717 if (rp->status)
718 return;
719
720 hdev->flow_ctl_mode = rp->mode;
721}
722
723static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
724{
725 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
726
727 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
728
729 if (rp->status)
730 return;
731
732 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
733 hdev->sco_mtu = rp->sco_mtu;
734 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
735 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
736
737 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
738 hdev->sco_mtu = 64;
739 hdev->sco_pkts = 8;
740 }
741
742 hdev->acl_cnt = hdev->acl_pkts;
743 hdev->sco_cnt = hdev->sco_pkts;
744
745 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
746 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
747}
748
749static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
750{
751 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
752
753 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
754
755 if (rp->status)
756 return;
757
758 if (test_bit(HCI_INIT, &hdev->flags))
759 bacpy(&hdev->bdaddr, &rp->bdaddr);
760
761 if (hci_dev_test_flag(hdev, HCI_SETUP))
762 bacpy(&hdev->setup_addr, &rp->bdaddr);
763}
764
765static void hci_cc_read_local_pairing_opts(struct hci_dev *hdev,
766 struct sk_buff *skb)
767{
768 struct hci_rp_read_local_pairing_opts *rp = (void *) skb->data;
769
770 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
771
772 if (rp->status)
773 return;
774
775 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
776 hci_dev_test_flag(hdev, HCI_CONFIG)) {
777 hdev->pairing_opts = rp->pairing_opts;
778 hdev->max_enc_key_size = rp->max_key_size;
779 }
780}
781
782static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
783 struct sk_buff *skb)
784{
785 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
786
787 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
788
789 if (rp->status)
790 return;
791
792 if (test_bit(HCI_INIT, &hdev->flags)) {
793 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
794 hdev->page_scan_window = __le16_to_cpu(rp->window);
795 }
796}
797
798static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
799 struct sk_buff *skb)
800{
801 u8 status = *((u8 *) skb->data);
802 struct hci_cp_write_page_scan_activity *sent;
803
804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
805
806 if (status)
807 return;
808
809 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
810 if (!sent)
811 return;
812
813 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
814 hdev->page_scan_window = __le16_to_cpu(sent->window);
815}
816
817static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
818 struct sk_buff *skb)
819{
820 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
821
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
823
824 if (rp->status)
825 return;
826
827 if (test_bit(HCI_INIT, &hdev->flags))
828 hdev->page_scan_type = rp->type;
829}
830
831static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
832 struct sk_buff *skb)
833{
834 u8 status = *((u8 *) skb->data);
835 u8 *type;
836
837 BT_DBG("%s status 0x%2.2x", hdev->name, status);
838
839 if (status)
840 return;
841
842 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
843 if (type)
844 hdev->page_scan_type = *type;
845}
846
847static void hci_cc_read_data_block_size(struct hci_dev *hdev,
848 struct sk_buff *skb)
849{
850 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
851
852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853
854 if (rp->status)
855 return;
856
857 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
858 hdev->block_len = __le16_to_cpu(rp->block_len);
859 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
860
861 hdev->block_cnt = hdev->num_blocks;
862
863 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
864 hdev->block_cnt, hdev->block_len);
865}
866
867static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
868{
869 struct hci_rp_read_clock *rp = (void *) skb->data;
870 struct hci_cp_read_clock *cp;
871 struct hci_conn *conn;
872
873 BT_DBG("%s", hdev->name);
874
875 if (skb->len < sizeof(*rp))
876 return;
877
878 if (rp->status)
879 return;
880
881 hci_dev_lock(hdev);
882
883 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
884 if (!cp)
885 goto unlock;
886
887 if (cp->which == 0x00) {
888 hdev->clock = le32_to_cpu(rp->clock);
889 goto unlock;
890 }
891
892 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
893 if (conn) {
894 conn->clock = le32_to_cpu(rp->clock);
895 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
896 }
897
898unlock:
899 hci_dev_unlock(hdev);
900}
901
902static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
903 struct sk_buff *skb)
904{
905 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
906
907 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
908
909 if (rp->status)
910 return;
911
912 hdev->amp_status = rp->amp_status;
913 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
914 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
915 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
916 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
917 hdev->amp_type = rp->amp_type;
918 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
919 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
920 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
921 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
922}
923
924static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
925 struct sk_buff *skb)
926{
927 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
928
929 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930
931 if (rp->status)
932 return;
933
934 hdev->inq_tx_power = rp->tx_power;
935}
936
937static void hci_cc_read_def_err_data_reporting(struct hci_dev *hdev,
938 struct sk_buff *skb)
939{
940 struct hci_rp_read_def_err_data_reporting *rp = (void *)skb->data;
941
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943
944 if (rp->status)
945 return;
946
947 hdev->err_data_reporting = rp->err_data_reporting;
948}
949
950static void hci_cc_write_def_err_data_reporting(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 __u8 status = *((__u8 *)skb->data);
954 struct hci_cp_write_def_err_data_reporting *cp;
955
956 BT_DBG("%s status 0x%2.2x", hdev->name, status);
957
958 if (status)
959 return;
960
961 cp = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING);
962 if (!cp)
963 return;
964
965 hdev->err_data_reporting = cp->err_data_reporting;
966}
967
968static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
969{
970 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
971 struct hci_cp_pin_code_reply *cp;
972 struct hci_conn *conn;
973
974 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
975
976 hci_dev_lock(hdev);
977
978 if (hci_dev_test_flag(hdev, HCI_MGMT))
979 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980
981 if (rp->status)
982 goto unlock;
983
984 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
985 if (!cp)
986 goto unlock;
987
988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
989 if (conn)
990 conn->pin_length = cp->pin_len;
991
992unlock:
993 hci_dev_unlock(hdev);
994}
995
996static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
997{
998 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
999
1000 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1001
1002 hci_dev_lock(hdev);
1003
1004 if (hci_dev_test_flag(hdev, HCI_MGMT))
1005 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1006 rp->status);
1007
1008 hci_dev_unlock(hdev);
1009}
1010
1011static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1012 struct sk_buff *skb)
1013{
1014 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1015
1016 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1017
1018 if (rp->status)
1019 return;
1020
1021 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1022 hdev->le_pkts = rp->le_max_pkt;
1023
1024 hdev->le_cnt = hdev->le_pkts;
1025
1026 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1027}
1028
1029static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1031{
1032 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1033
1034 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1035
1036 if (rp->status)
1037 return;
1038
1039 memcpy(hdev->le_features, rp->features, 8);
1040}
1041
1042static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1044{
1045 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1046
1047 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048
1049 if (rp->status)
1050 return;
1051
1052 hdev->adv_tx_power = rp->tx_power;
1053}
1054
1055static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1056{
1057 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1058
1059 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1060
1061 hci_dev_lock(hdev);
1062
1063 if (hci_dev_test_flag(hdev, HCI_MGMT))
1064 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1065 rp->status);
1066
1067 hci_dev_unlock(hdev);
1068}
1069
1070static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1071 struct sk_buff *skb)
1072{
1073 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1074
1075 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1076
1077 hci_dev_lock(hdev);
1078
1079 if (hci_dev_test_flag(hdev, HCI_MGMT))
1080 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1081 ACL_LINK, 0, rp->status);
1082
1083 hci_dev_unlock(hdev);
1084}
1085
1086static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1087{
1088 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1089
1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091
1092 hci_dev_lock(hdev);
1093
1094 if (hci_dev_test_flag(hdev, HCI_MGMT))
1095 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1096 0, rp->status);
1097
1098 hci_dev_unlock(hdev);
1099}
1100
1101static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1102 struct sk_buff *skb)
1103{
1104 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1105
1106 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1107
1108 hci_dev_lock(hdev);
1109
1110 if (hci_dev_test_flag(hdev, HCI_MGMT))
1111 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1112 ACL_LINK, 0, rp->status);
1113
1114 hci_dev_unlock(hdev);
1115}
1116
1117static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1118 struct sk_buff *skb)
1119{
1120 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1123}
1124
1125static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1126 struct sk_buff *skb)
1127{
1128 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1129
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1131}
1132
1133static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1134{
1135 __u8 status = *((__u8 *) skb->data);
1136 bdaddr_t *sent;
1137
1138 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1139
1140 if (status)
1141 return;
1142
1143 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1144 if (!sent)
1145 return;
1146
1147 hci_dev_lock(hdev);
1148
1149 bacpy(&hdev->random_addr, sent);
1150
1151 hci_dev_unlock(hdev);
1152}
1153
1154static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1155{
1156 __u8 status = *((__u8 *) skb->data);
1157 struct hci_cp_le_set_default_phy *cp;
1158
1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1160
1161 if (status)
1162 return;
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 hdev->le_tx_def_phys = cp->tx_phys;
1171 hdev->le_rx_def_phys = cp->rx_phys;
1172
1173 hci_dev_unlock(hdev);
1174}
1175
1176static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1178{
1179 __u8 status = *((__u8 *) skb->data);
1180 struct hci_cp_le_set_adv_set_rand_addr *cp;
1181 struct adv_info *adv_instance;
1182
1183 if (status)
1184 return;
1185
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1187 if (!cp)
1188 return;
1189
1190 hci_dev_lock(hdev);
1191
1192 if (!hdev->cur_adv_instance) {
1193
1194 bacpy(&hdev->random_addr, &cp->bdaddr);
1195 } else {
1196 adv_instance = hci_find_adv_instance(hdev,
1197 hdev->cur_adv_instance);
1198 if (adv_instance)
1199 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1200 }
1201
1202 hci_dev_unlock(hdev);
1203}
1204
1205static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1206{
1207 __u8 *sent, status = *((__u8 *) skb->data);
1208
1209 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1210
1211 if (status)
1212 return;
1213
1214 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1215 if (!sent)
1216 return;
1217
1218 hci_dev_lock(hdev);
1219
1220
1221
1222
1223 if (*sent) {
1224 struct hci_conn *conn;
1225
1226 hci_dev_set_flag(hdev, HCI_LE_ADV);
1227
1228 conn = hci_lookup_le_connect(hdev);
1229 if (conn)
1230 queue_delayed_work(hdev->workqueue,
1231 &conn->le_conn_timeout,
1232 conn->conn_timeout);
1233 } else {
1234 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1235 }
1236
1237 hci_dev_unlock(hdev);
1238}
1239
1240static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1241 struct sk_buff *skb)
1242{
1243 struct hci_cp_le_set_ext_adv_enable *cp;
1244 __u8 status = *((__u8 *) skb->data);
1245
1246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1247
1248 if (status)
1249 return;
1250
1251 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1252 if (!cp)
1253 return;
1254
1255 hci_dev_lock(hdev);
1256
1257 if (cp->enable) {
1258 struct hci_conn *conn;
1259
1260 hci_dev_set_flag(hdev, HCI_LE_ADV);
1261
1262 conn = hci_lookup_le_connect(hdev);
1263 if (conn)
1264 queue_delayed_work(hdev->workqueue,
1265 &conn->le_conn_timeout,
1266 conn->conn_timeout);
1267 } else {
1268 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1269 }
1270
1271 hci_dev_unlock(hdev);
1272}
1273
1274static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1275{
1276 struct hci_cp_le_set_scan_param *cp;
1277 __u8 status = *((__u8 *) skb->data);
1278
1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1280
1281 if (status)
1282 return;
1283
1284 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1285 if (!cp)
1286 return;
1287
1288 hci_dev_lock(hdev);
1289
1290 hdev->le_scan_type = cp->type;
1291
1292 hci_dev_unlock(hdev);
1293}
1294
1295static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1296 struct sk_buff *skb)
1297{
1298 struct hci_cp_le_set_ext_scan_params *cp;
1299 __u8 status = *((__u8 *) skb->data);
1300 struct hci_cp_le_scan_phy_params *phy_param;
1301
1302 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1303
1304 if (status)
1305 return;
1306
1307 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1308 if (!cp)
1309 return;
1310
1311 phy_param = (void *)cp->data;
1312
1313 hci_dev_lock(hdev);
1314
1315 hdev->le_scan_type = phy_param->type;
1316
1317 hci_dev_unlock(hdev);
1318}
1319
1320static bool has_pending_adv_report(struct hci_dev *hdev)
1321{
1322 struct discovery_state *d = &hdev->discovery;
1323
1324 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1325}
1326
1327static void clear_pending_adv_report(struct hci_dev *hdev)
1328{
1329 struct discovery_state *d = &hdev->discovery;
1330
1331 bacpy(&d->last_adv_addr, BDADDR_ANY);
1332 d->last_adv_data_len = 0;
1333}
1334
1335static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1336 u8 bdaddr_type, s8 rssi, u32 flags,
1337 u8 *data, u8 len)
1338{
1339 struct discovery_state *d = &hdev->discovery;
1340
1341 if (len > HCI_MAX_AD_LENGTH)
1342 return;
1343
1344 bacpy(&d->last_adv_addr, bdaddr);
1345 d->last_adv_addr_type = bdaddr_type;
1346 d->last_adv_rssi = rssi;
1347 d->last_adv_flags = flags;
1348 memcpy(d->last_adv_data, data, len);
1349 d->last_adv_data_len = len;
1350}
1351
1352static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
1353{
1354 hci_dev_lock(hdev);
1355
1356 switch (enable) {
1357 case LE_SCAN_ENABLE:
1358 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1359 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1360 clear_pending_adv_report(hdev);
1361 break;
1362
1363 case LE_SCAN_DISABLE:
1364
1365
1366
1367
1368 if (has_pending_adv_report(hdev)) {
1369 struct discovery_state *d = &hdev->discovery;
1370
1371 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1372 d->last_adv_addr_type, NULL,
1373 d->last_adv_rssi, d->last_adv_flags,
1374 d->last_adv_data,
1375 d->last_adv_data_len, NULL, 0);
1376 }
1377
1378
1379
1380
1381 cancel_delayed_work(&hdev->le_scan_disable);
1382
1383 hci_dev_clear_flag(hdev, HCI_LE_SCAN);
1384
1385
1386
1387
1388
1389
1390
1391
1392 if (hci_dev_test_and_clear_flag(hdev, HCI_LE_SCAN_INTERRUPTED))
1393 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1394 else if (!hci_dev_test_flag(hdev, HCI_LE_ADV) &&
1395 hdev->discovery.state == DISCOVERY_FINDING)
1396 hci_req_reenable_advertising(hdev);
1397
1398 break;
1399
1400 default:
1401 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1402 enable);
1403 break;
1404 }
1405
1406 hci_dev_unlock(hdev);
1407}
1408
1409static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1410 struct sk_buff *skb)
1411{
1412 struct hci_cp_le_set_scan_enable *cp;
1413 __u8 status = *((__u8 *) skb->data);
1414
1415 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1416
1417 if (status)
1418 return;
1419
1420 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1421 if (!cp)
1422 return;
1423
1424 le_set_scan_enable_complete(hdev, cp->enable);
1425}
1426
1427static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1428 struct sk_buff *skb)
1429{
1430 struct hci_cp_le_set_ext_scan_enable *cp;
1431 __u8 status = *((__u8 *) skb->data);
1432
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1434
1435 if (status)
1436 return;
1437
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1439 if (!cp)
1440 return;
1441
1442 le_set_scan_enable_complete(hdev, cp->enable);
1443}
1444
1445static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1446 struct sk_buff *skb)
1447{
1448 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1449
1450 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1451 rp->num_of_sets);
1452
1453 if (rp->status)
1454 return;
1455
1456 hdev->le_num_of_adv_sets = rp->num_of_sets;
1457}
1458
1459static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1460 struct sk_buff *skb)
1461{
1462 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1463
1464 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1465
1466 if (rp->status)
1467 return;
1468
1469 hdev->le_white_list_size = rp->size;
1470}
1471
1472static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1473 struct sk_buff *skb)
1474{
1475 __u8 status = *((__u8 *) skb->data);
1476
1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1478
1479 if (status)
1480 return;
1481
1482 hci_bdaddr_list_clear(&hdev->le_white_list);
1483}
1484
1485static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1486 struct sk_buff *skb)
1487{
1488 struct hci_cp_le_add_to_white_list *sent;
1489 __u8 status = *((__u8 *) skb->data);
1490
1491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1492
1493 if (status)
1494 return;
1495
1496 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1497 if (!sent)
1498 return;
1499
1500 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1501 sent->bdaddr_type);
1502}
1503
1504static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1505 struct sk_buff *skb)
1506{
1507 struct hci_cp_le_del_from_white_list *sent;
1508 __u8 status = *((__u8 *) skb->data);
1509
1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511
1512 if (status)
1513 return;
1514
1515 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1516 if (!sent)
1517 return;
1518
1519 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1520 sent->bdaddr_type);
1521}
1522
1523static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1524 struct sk_buff *skb)
1525{
1526 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1527
1528 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1529
1530 if (rp->status)
1531 return;
1532
1533 memcpy(hdev->le_states, rp->le_states, 8);
1534}
1535
1536static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1537 struct sk_buff *skb)
1538{
1539 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1540
1541 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1542
1543 if (rp->status)
1544 return;
1545
1546 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1547 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1548}
1549
1550static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1551 struct sk_buff *skb)
1552{
1553 struct hci_cp_le_write_def_data_len *sent;
1554 __u8 status = *((__u8 *) skb->data);
1555
1556 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1557
1558 if (status)
1559 return;
1560
1561 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1562 if (!sent)
1563 return;
1564
1565 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1566 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1567}
1568
1569static void hci_cc_le_add_to_resolv_list(struct hci_dev *hdev,
1570 struct sk_buff *skb)
1571{
1572 struct hci_cp_le_add_to_resolv_list *sent;
1573 __u8 status = *((__u8 *) skb->data);
1574
1575 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576
1577 if (status)
1578 return;
1579
1580 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_RESOLV_LIST);
1581 if (!sent)
1582 return;
1583
1584 hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1585 sent->bdaddr_type, sent->peer_irk,
1586 sent->local_irk);
1587}
1588
1589static void hci_cc_le_del_from_resolv_list(struct hci_dev *hdev,
1590 struct sk_buff *skb)
1591{
1592 struct hci_cp_le_del_from_resolv_list *sent;
1593 __u8 status = *((__u8 *) skb->data);
1594
1595 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1596
1597 if (status)
1598 return;
1599
1600 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_RESOLV_LIST);
1601 if (!sent)
1602 return;
1603
1604 hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
1605 sent->bdaddr_type);
1606}
1607
1608static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1609 struct sk_buff *skb)
1610{
1611 __u8 status = *((__u8 *) skb->data);
1612
1613 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1614
1615 if (status)
1616 return;
1617
1618 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1619}
1620
1621static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1622 struct sk_buff *skb)
1623{
1624 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1625
1626 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1627
1628 if (rp->status)
1629 return;
1630
1631 hdev->le_resolv_list_size = rp->size;
1632}
1633
1634static void hci_cc_le_set_addr_resolution_enable(struct hci_dev *hdev,
1635 struct sk_buff *skb)
1636{
1637 __u8 *sent, status = *((__u8 *) skb->data);
1638
1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1640
1641 if (status)
1642 return;
1643
1644 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE);
1645 if (!sent)
1646 return;
1647
1648 hci_dev_lock(hdev);
1649
1650 if (*sent)
1651 hci_dev_set_flag(hdev, HCI_LL_RPA_RESOLUTION);
1652 else
1653 hci_dev_clear_flag(hdev, HCI_LL_RPA_RESOLUTION);
1654
1655 hci_dev_unlock(hdev);
1656}
1657
1658static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1659 struct sk_buff *skb)
1660{
1661 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1662
1663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1664
1665 if (rp->status)
1666 return;
1667
1668 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1669 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1670 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1671 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1672}
1673
1674static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1675 struct sk_buff *skb)
1676{
1677 struct hci_cp_write_le_host_supported *sent;
1678 __u8 status = *((__u8 *) skb->data);
1679
1680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1681
1682 if (status)
1683 return;
1684
1685 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1686 if (!sent)
1687 return;
1688
1689 hci_dev_lock(hdev);
1690
1691 if (sent->le) {
1692 hdev->features[1][0] |= LMP_HOST_LE;
1693 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
1694 } else {
1695 hdev->features[1][0] &= ~LMP_HOST_LE;
1696 hci_dev_clear_flag(hdev, HCI_LE_ENABLED);
1697 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1698 }
1699
1700 if (sent->simul)
1701 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1702 else
1703 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1704
1705 hci_dev_unlock(hdev);
1706}
1707
1708static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1709{
1710 struct hci_cp_le_set_adv_param *cp;
1711 u8 status = *((u8 *) skb->data);
1712
1713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1714
1715 if (status)
1716 return;
1717
1718 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1719 if (!cp)
1720 return;
1721
1722 hci_dev_lock(hdev);
1723 hdev->adv_addr_type = cp->own_address_type;
1724 hci_dev_unlock(hdev);
1725}
1726
1727static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1728{
1729 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1730 struct hci_cp_le_set_ext_adv_params *cp;
1731 struct adv_info *adv_instance;
1732
1733 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1734
1735 if (rp->status)
1736 return;
1737
1738 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1739 if (!cp)
1740 return;
1741
1742 hci_dev_lock(hdev);
1743 hdev->adv_addr_type = cp->own_addr_type;
1744 if (!hdev->cur_adv_instance) {
1745
1746 hdev->adv_tx_power = rp->tx_power;
1747 } else {
1748 adv_instance = hci_find_adv_instance(hdev,
1749 hdev->cur_adv_instance);
1750 if (adv_instance)
1751 adv_instance->tx_power = rp->tx_power;
1752 }
1753
1754 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1755 hci_dev_unlock(hdev);
1756}
1757
1758static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1759{
1760 struct hci_rp_read_rssi *rp = (void *) skb->data;
1761 struct hci_conn *conn;
1762
1763 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1764
1765 if (rp->status)
1766 return;
1767
1768 hci_dev_lock(hdev);
1769
1770 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1771 if (conn)
1772 conn->rssi = rp->rssi;
1773
1774 hci_dev_unlock(hdev);
1775}
1776
1777static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1778{
1779 struct hci_cp_read_tx_power *sent;
1780 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1781 struct hci_conn *conn;
1782
1783 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1784
1785 if (rp->status)
1786 return;
1787
1788 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1789 if (!sent)
1790 return;
1791
1792 hci_dev_lock(hdev);
1793
1794 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1795 if (!conn)
1796 goto unlock;
1797
1798 switch (sent->type) {
1799 case 0x00:
1800 conn->tx_power = rp->tx_power;
1801 break;
1802 case 0x01:
1803 conn->max_tx_power = rp->tx_power;
1804 break;
1805 }
1806
1807unlock:
1808 hci_dev_unlock(hdev);
1809}
1810
1811static void hci_cc_write_ssp_debug_mode(struct hci_dev *hdev, struct sk_buff *skb)
1812{
1813 u8 status = *((u8 *) skb->data);
1814 u8 *mode;
1815
1816 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1817
1818 if (status)
1819 return;
1820
1821 mode = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE);
1822 if (mode)
1823 hdev->ssp_debug_mode = *mode;
1824}
1825
1826static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1827{
1828 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1829
1830 if (status) {
1831 hci_conn_check_pending(hdev);
1832 return;
1833 }
1834
1835 set_bit(HCI_INQUIRY, &hdev->flags);
1836}
1837
1838static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1839{
1840 struct hci_cp_create_conn *cp;
1841 struct hci_conn *conn;
1842
1843 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1844
1845 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1846 if (!cp)
1847 return;
1848
1849 hci_dev_lock(hdev);
1850
1851 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1852
1853 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1854
1855 if (status) {
1856 if (conn && conn->state == BT_CONNECT) {
1857 if (status != 0x0c || conn->attempt > 2) {
1858 conn->state = BT_CLOSED;
1859 hci_connect_cfm(conn, status);
1860 hci_conn_del(conn);
1861 } else
1862 conn->state = BT_CONNECT2;
1863 }
1864 } else {
1865 if (!conn) {
1866 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1867 HCI_ROLE_MASTER);
1868 if (!conn)
1869 bt_dev_err(hdev, "no memory for new connection");
1870 }
1871 }
1872
1873 hci_dev_unlock(hdev);
1874}
1875
1876static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1877{
1878 struct hci_cp_add_sco *cp;
1879 struct hci_conn *acl, *sco;
1880 __u16 handle;
1881
1882 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1883
1884 if (!status)
1885 return;
1886
1887 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1888 if (!cp)
1889 return;
1890
1891 handle = __le16_to_cpu(cp->handle);
1892
1893 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1894
1895 hci_dev_lock(hdev);
1896
1897 acl = hci_conn_hash_lookup_handle(hdev, handle);
1898 if (acl) {
1899 sco = acl->link;
1900 if (sco) {
1901 sco->state = BT_CLOSED;
1902
1903 hci_connect_cfm(sco, status);
1904 hci_conn_del(sco);
1905 }
1906 }
1907
1908 hci_dev_unlock(hdev);
1909}
1910
1911static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1912{
1913 struct hci_cp_auth_requested *cp;
1914 struct hci_conn *conn;
1915
1916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1917
1918 if (!status)
1919 return;
1920
1921 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1922 if (!cp)
1923 return;
1924
1925 hci_dev_lock(hdev);
1926
1927 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1928 if (conn) {
1929 if (conn->state == BT_CONFIG) {
1930 hci_connect_cfm(conn, status);
1931 hci_conn_drop(conn);
1932 }
1933 }
1934
1935 hci_dev_unlock(hdev);
1936}
1937
1938static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1939{
1940 struct hci_cp_set_conn_encrypt *cp;
1941 struct hci_conn *conn;
1942
1943 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1944
1945 if (!status)
1946 return;
1947
1948 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1949 if (!cp)
1950 return;
1951
1952 hci_dev_lock(hdev);
1953
1954 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1955 if (conn) {
1956 if (conn->state == BT_CONFIG) {
1957 hci_connect_cfm(conn, status);
1958 hci_conn_drop(conn);
1959 }
1960 }
1961
1962 hci_dev_unlock(hdev);
1963}
1964
1965static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1966 struct hci_conn *conn)
1967{
1968 if (conn->state != BT_CONFIG || !conn->out)
1969 return 0;
1970
1971 if (conn->pending_sec_level == BT_SECURITY_SDP)
1972 return 0;
1973
1974
1975
1976
1977
1978 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1979 conn->pending_sec_level != BT_SECURITY_FIPS &&
1980 conn->pending_sec_level != BT_SECURITY_HIGH &&
1981 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1982 return 0;
1983
1984 return 1;
1985}
1986
1987static int hci_resolve_name(struct hci_dev *hdev,
1988 struct inquiry_entry *e)
1989{
1990 struct hci_cp_remote_name_req cp;
1991
1992 memset(&cp, 0, sizeof(cp));
1993
1994 bacpy(&cp.bdaddr, &e->data.bdaddr);
1995 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1996 cp.pscan_mode = e->data.pscan_mode;
1997 cp.clock_offset = e->data.clock_offset;
1998
1999 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2000}
2001
2002static bool hci_resolve_next_name(struct hci_dev *hdev)
2003{
2004 struct discovery_state *discov = &hdev->discovery;
2005 struct inquiry_entry *e;
2006
2007 if (list_empty(&discov->resolve))
2008 return false;
2009
2010 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2011 if (!e)
2012 return false;
2013
2014 if (hci_resolve_name(hdev, e) == 0) {
2015 e->name_state = NAME_PENDING;
2016 return true;
2017 }
2018
2019 return false;
2020}
2021
2022static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
2023 bdaddr_t *bdaddr, u8 *name, u8 name_len)
2024{
2025 struct discovery_state *discov = &hdev->discovery;
2026 struct inquiry_entry *e;
2027
2028
2029
2030
2031
2032
2033 if (conn &&
2034 (conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
2035 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2036 mgmt_device_connected(hdev, conn, 0, name, name_len);
2037
2038 if (discov->state == DISCOVERY_STOPPED)
2039 return;
2040
2041 if (discov->state == DISCOVERY_STOPPING)
2042 goto discov_complete;
2043
2044 if (discov->state != DISCOVERY_RESOLVING)
2045 return;
2046
2047 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
2048
2049
2050
2051
2052 if (!e)
2053 return;
2054
2055 list_del(&e->list);
2056 if (name) {
2057 e->name_state = NAME_KNOWN;
2058 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
2059 e->data.rssi, name, name_len);
2060 } else {
2061 e->name_state = NAME_NOT_KNOWN;
2062 }
2063
2064 if (hci_resolve_next_name(hdev))
2065 return;
2066
2067discov_complete:
2068 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2069}
2070
2071static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
2072{
2073 struct hci_cp_remote_name_req *cp;
2074 struct hci_conn *conn;
2075
2076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2077
2078
2079
2080 if (!status)
2081 return;
2082
2083 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
2084 if (!cp)
2085 return;
2086
2087 hci_dev_lock(hdev);
2088
2089 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2090
2091 if (hci_dev_test_flag(hdev, HCI_MGMT))
2092 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
2093
2094 if (!conn)
2095 goto unlock;
2096
2097 if (!hci_outgoing_auth_needed(hdev, conn))
2098 goto unlock;
2099
2100 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2101 struct hci_cp_auth_requested auth_cp;
2102
2103 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2104
2105 auth_cp.handle = __cpu_to_le16(conn->handle);
2106 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
2107 sizeof(auth_cp), &auth_cp);
2108 }
2109
2110unlock:
2111 hci_dev_unlock(hdev);
2112}
2113
2114static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
2115{
2116 struct hci_cp_read_remote_features *cp;
2117 struct hci_conn *conn;
2118
2119 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2120
2121 if (!status)
2122 return;
2123
2124 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
2125 if (!cp)
2126 return;
2127
2128 hci_dev_lock(hdev);
2129
2130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2131 if (conn) {
2132 if (conn->state == BT_CONFIG) {
2133 hci_connect_cfm(conn, status);
2134 hci_conn_drop(conn);
2135 }
2136 }
2137
2138 hci_dev_unlock(hdev);
2139}
2140
2141static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
2142{
2143 struct hci_cp_read_remote_ext_features *cp;
2144 struct hci_conn *conn;
2145
2146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2147
2148 if (!status)
2149 return;
2150
2151 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
2152 if (!cp)
2153 return;
2154
2155 hci_dev_lock(hdev);
2156
2157 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2158 if (conn) {
2159 if (conn->state == BT_CONFIG) {
2160 hci_connect_cfm(conn, status);
2161 hci_conn_drop(conn);
2162 }
2163 }
2164
2165 hci_dev_unlock(hdev);
2166}
2167
2168static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
2169{
2170 struct hci_cp_setup_sync_conn *cp;
2171 struct hci_conn *acl, *sco;
2172 __u16 handle;
2173
2174 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2175
2176 if (!status)
2177 return;
2178
2179 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
2180 if (!cp)
2181 return;
2182
2183 handle = __le16_to_cpu(cp->handle);
2184
2185 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
2186
2187 hci_dev_lock(hdev);
2188
2189 acl = hci_conn_hash_lookup_handle(hdev, handle);
2190 if (acl) {
2191 sco = acl->link;
2192 if (sco) {
2193 sco->state = BT_CLOSED;
2194
2195 hci_connect_cfm(sco, status);
2196 hci_conn_del(sco);
2197 }
2198 }
2199
2200 hci_dev_unlock(hdev);
2201}
2202
2203static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
2204{
2205 struct hci_cp_sniff_mode *cp;
2206 struct hci_conn *conn;
2207
2208 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2209
2210 if (!status)
2211 return;
2212
2213 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
2214 if (!cp)
2215 return;
2216
2217 hci_dev_lock(hdev);
2218
2219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2220 if (conn) {
2221 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2222
2223 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2224 hci_sco_setup(conn, status);
2225 }
2226
2227 hci_dev_unlock(hdev);
2228}
2229
2230static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
2231{
2232 struct hci_cp_exit_sniff_mode *cp;
2233 struct hci_conn *conn;
2234
2235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2236
2237 if (!status)
2238 return;
2239
2240 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2241 if (!cp)
2242 return;
2243
2244 hci_dev_lock(hdev);
2245
2246 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2247 if (conn) {
2248 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2249
2250 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2251 hci_sco_setup(conn, status);
2252 }
2253
2254 hci_dev_unlock(hdev);
2255}
2256
2257static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2258{
2259 struct hci_cp_disconnect *cp;
2260 struct hci_conn *conn;
2261
2262 if (!status)
2263 return;
2264
2265 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2266 if (!cp)
2267 return;
2268
2269 hci_dev_lock(hdev);
2270
2271 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2272 if (conn) {
2273 u8 type = conn->type;
2274
2275 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2276 conn->dst_type, status);
2277
2278
2279
2280
2281
2282
2283 hci_conn_del(conn);
2284 if (type == LE_LINK)
2285 hci_req_reenable_advertising(hdev);
2286 }
2287
2288 hci_dev_unlock(hdev);
2289}
2290
2291static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2292 u8 peer_addr_type, u8 own_address_type,
2293 u8 filter_policy)
2294{
2295 struct hci_conn *conn;
2296
2297 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2298 peer_addr_type);
2299 if (!conn)
2300 return;
2301
2302
2303
2304
2305
2306 if (use_ll_privacy(hdev) &&
2307 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) {
2308 switch (own_address_type) {
2309 case ADDR_LE_DEV_PUBLIC_RESOLVED:
2310 own_address_type = ADDR_LE_DEV_PUBLIC;
2311 break;
2312 case ADDR_LE_DEV_RANDOM_RESOLVED:
2313 own_address_type = ADDR_LE_DEV_RANDOM;
2314 break;
2315 }
2316 }
2317
2318
2319
2320
2321
2322 conn->init_addr_type = own_address_type;
2323 if (own_address_type == ADDR_LE_DEV_RANDOM)
2324 bacpy(&conn->init_addr, &hdev->random_addr);
2325 else
2326 bacpy(&conn->init_addr, &hdev->bdaddr);
2327
2328 conn->resp_addr_type = peer_addr_type;
2329 bacpy(&conn->resp_addr, peer_addr);
2330
2331
2332
2333
2334
2335
2336 if (filter_policy == HCI_LE_USE_PEER_ADDR)
2337 queue_delayed_work(conn->hdev->workqueue,
2338 &conn->le_conn_timeout,
2339 conn->conn_timeout);
2340}
2341
2342static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2343{
2344 struct hci_cp_le_create_conn *cp;
2345
2346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2347
2348
2349
2350
2351
2352 if (status)
2353 return;
2354
2355 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2356 if (!cp)
2357 return;
2358
2359 hci_dev_lock(hdev);
2360
2361 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2362 cp->own_address_type, cp->filter_policy);
2363
2364 hci_dev_unlock(hdev);
2365}
2366
2367static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
2368{
2369 struct hci_cp_le_ext_create_conn *cp;
2370
2371 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2372
2373
2374
2375
2376
2377 if (status)
2378 return;
2379
2380 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2381 if (!cp)
2382 return;
2383
2384 hci_dev_lock(hdev);
2385
2386 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2387 cp->own_addr_type, cp->filter_policy);
2388
2389 hci_dev_unlock(hdev);
2390}
2391
2392static void hci_cs_le_read_remote_features(struct hci_dev *hdev, u8 status)
2393{
2394 struct hci_cp_le_read_remote_features *cp;
2395 struct hci_conn *conn;
2396
2397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2398
2399 if (!status)
2400 return;
2401
2402 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_REMOTE_FEATURES);
2403 if (!cp)
2404 return;
2405
2406 hci_dev_lock(hdev);
2407
2408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2409 if (conn) {
2410 if (conn->state == BT_CONFIG) {
2411 hci_connect_cfm(conn, status);
2412 hci_conn_drop(conn);
2413 }
2414 }
2415
2416 hci_dev_unlock(hdev);
2417}
2418
2419static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2420{
2421 struct hci_cp_le_start_enc *cp;
2422 struct hci_conn *conn;
2423
2424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2425
2426 if (!status)
2427 return;
2428
2429 hci_dev_lock(hdev);
2430
2431 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2432 if (!cp)
2433 goto unlock;
2434
2435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2436 if (!conn)
2437 goto unlock;
2438
2439 if (conn->state != BT_CONNECTED)
2440 goto unlock;
2441
2442 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2443 hci_conn_drop(conn);
2444
2445unlock:
2446 hci_dev_unlock(hdev);
2447}
2448
2449static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2450{
2451 struct hci_cp_switch_role *cp;
2452 struct hci_conn *conn;
2453
2454 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2455
2456 if (!status)
2457 return;
2458
2459 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2460 if (!cp)
2461 return;
2462
2463 hci_dev_lock(hdev);
2464
2465 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2466 if (conn)
2467 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2468
2469 hci_dev_unlock(hdev);
2470}
2471
2472static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2473{
2474 __u8 status = *((__u8 *) skb->data);
2475 struct discovery_state *discov = &hdev->discovery;
2476 struct inquiry_entry *e;
2477
2478 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2479
2480 hci_conn_check_pending(hdev);
2481
2482 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2483 return;
2484
2485 smp_mb__after_atomic();
2486 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2487
2488 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2489 return;
2490
2491 hci_dev_lock(hdev);
2492
2493 if (discov->state != DISCOVERY_FINDING)
2494 goto unlock;
2495
2496 if (list_empty(&discov->resolve)) {
2497
2498
2499
2500
2501
2502
2503
2504 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2505 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2506 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2507 goto unlock;
2508 }
2509
2510 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2511 if (e && hci_resolve_name(hdev, e) == 0) {
2512 e->name_state = NAME_PENDING;
2513 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2514 } else {
2515
2516
2517
2518
2519
2520
2521
2522 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN) ||
2523 !test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
2524 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2525 }
2526
2527unlock:
2528 hci_dev_unlock(hdev);
2529}
2530
2531static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2532{
2533 struct inquiry_data data;
2534 struct inquiry_info *info = (void *) (skb->data + 1);
2535 int num_rsp = *((__u8 *) skb->data);
2536
2537 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2538
2539 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
2540 return;
2541
2542 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
2543 return;
2544
2545 hci_dev_lock(hdev);
2546
2547 for (; num_rsp; num_rsp--, info++) {
2548 u32 flags;
2549
2550 bacpy(&data.bdaddr, &info->bdaddr);
2551 data.pscan_rep_mode = info->pscan_rep_mode;
2552 data.pscan_period_mode = info->pscan_period_mode;
2553 data.pscan_mode = info->pscan_mode;
2554 memcpy(data.dev_class, info->dev_class, 3);
2555 data.clock_offset = info->clock_offset;
2556 data.rssi = HCI_RSSI_INVALID;
2557 data.ssp_mode = 0x00;
2558
2559 flags = hci_inquiry_cache_update(hdev, &data, false);
2560
2561 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2562 info->dev_class, HCI_RSSI_INVALID,
2563 flags, NULL, 0, NULL, 0);
2564 }
2565
2566 hci_dev_unlock(hdev);
2567}
2568
2569static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570{
2571 struct hci_ev_conn_complete *ev = (void *) skb->data;
2572 struct hci_conn *conn;
2573
2574 BT_DBG("%s", hdev->name);
2575
2576 hci_dev_lock(hdev);
2577
2578 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2579 if (!conn) {
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589 if (ev->link_type == ACL_LINK &&
2590 hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
2591 &ev->bdaddr,
2592 BDADDR_BREDR)) {
2593 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2594 HCI_ROLE_SLAVE);
2595 if (!conn) {
2596 bt_dev_err(hdev, "no memory for new conn");
2597 goto unlock;
2598 }
2599 } else {
2600 if (ev->link_type != SCO_LINK)
2601 goto unlock;
2602
2603 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK,
2604 &ev->bdaddr);
2605 if (!conn)
2606 goto unlock;
2607
2608 conn->type = SCO_LINK;
2609 }
2610 }
2611
2612 if (!ev->status) {
2613 conn->handle = __le16_to_cpu(ev->handle);
2614
2615 if (conn->type == ACL_LINK) {
2616 conn->state = BT_CONFIG;
2617 hci_conn_hold(conn);
2618
2619 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2620 !hci_find_link_key(hdev, &ev->bdaddr))
2621 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2622 else
2623 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2624 } else
2625 conn->state = BT_CONNECTED;
2626
2627 hci_debugfs_create_conn(conn);
2628 hci_conn_add_sysfs(conn);
2629
2630 if (test_bit(HCI_AUTH, &hdev->flags))
2631 set_bit(HCI_CONN_AUTH, &conn->flags);
2632
2633 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2634 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2635
2636
2637 if (conn->type == ACL_LINK) {
2638 struct hci_cp_read_remote_features cp;
2639 cp.handle = ev->handle;
2640 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2641 sizeof(cp), &cp);
2642
2643 hci_req_update_scan(hdev);
2644 }
2645
2646
2647 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2648 struct hci_cp_change_conn_ptype cp;
2649 cp.handle = ev->handle;
2650 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2651 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2652 &cp);
2653 }
2654 } else {
2655 conn->state = BT_CLOSED;
2656 if (conn->type == ACL_LINK)
2657 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2658 conn->dst_type, ev->status);
2659 }
2660
2661 if (conn->type == ACL_LINK)
2662 hci_sco_setup(conn, ev->status);
2663
2664 if (ev->status) {
2665 hci_connect_cfm(conn, ev->status);
2666 hci_conn_del(conn);
2667 } else if (ev->link_type == SCO_LINK) {
2668 switch (conn->setting & SCO_AIRMODE_MASK) {
2669 case SCO_AIRMODE_CVSD:
2670 if (hdev->notify)
2671 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
2672 break;
2673 }
2674
2675 hci_connect_cfm(conn, ev->status);
2676 }
2677
2678unlock:
2679 hci_dev_unlock(hdev);
2680
2681 hci_conn_check_pending(hdev);
2682}
2683
2684static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2685{
2686 struct hci_cp_reject_conn_req cp;
2687
2688 bacpy(&cp.bdaddr, bdaddr);
2689 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2690 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2691}
2692
2693static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2694{
2695 struct hci_ev_conn_request *ev = (void *) skb->data;
2696 int mask = hdev->link_mode;
2697 struct inquiry_entry *ie;
2698 struct hci_conn *conn;
2699 __u8 flags = 0;
2700
2701 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2702 ev->link_type);
2703
2704 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2705 &flags);
2706
2707 if (!(mask & HCI_LM_ACCEPT)) {
2708 hci_reject_conn(hdev, &ev->bdaddr);
2709 return;
2710 }
2711
2712 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2713 BDADDR_BREDR)) {
2714 hci_reject_conn(hdev, &ev->bdaddr);
2715 return;
2716 }
2717
2718
2719
2720
2721
2722 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
2723 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
2724 !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
2725 BDADDR_BREDR)) {
2726 hci_reject_conn(hdev, &ev->bdaddr);
2727 return;
2728 }
2729
2730
2731
2732 hci_dev_lock(hdev);
2733
2734 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2735 if (ie)
2736 memcpy(ie->data.dev_class, ev->dev_class, 3);
2737
2738 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2739 &ev->bdaddr);
2740 if (!conn) {
2741 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2742 HCI_ROLE_SLAVE);
2743 if (!conn) {
2744 bt_dev_err(hdev, "no memory for new connection");
2745 hci_dev_unlock(hdev);
2746 return;
2747 }
2748 }
2749
2750 memcpy(conn->dev_class, ev->dev_class, 3);
2751
2752 hci_dev_unlock(hdev);
2753
2754 if (ev->link_type == ACL_LINK ||
2755 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2756 struct hci_cp_accept_conn_req cp;
2757 conn->state = BT_CONNECT;
2758
2759 bacpy(&cp.bdaddr, &ev->bdaddr);
2760
2761 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2762 cp.role = 0x00;
2763 else
2764 cp.role = 0x01;
2765
2766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2767 } else if (!(flags & HCI_PROTO_DEFER)) {
2768 struct hci_cp_accept_sync_conn_req cp;
2769 conn->state = BT_CONNECT;
2770
2771 bacpy(&cp.bdaddr, &ev->bdaddr);
2772 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2773
2774 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2775 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2776 cp.max_latency = cpu_to_le16(0xffff);
2777 cp.content_format = cpu_to_le16(hdev->voice_setting);
2778 cp.retrans_effort = 0xff;
2779
2780 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2781 &cp);
2782 } else {
2783 conn->state = BT_CONNECT2;
2784 hci_connect_cfm(conn, 0);
2785 }
2786}
2787
2788static u8 hci_to_mgmt_reason(u8 err)
2789{
2790 switch (err) {
2791 case HCI_ERROR_CONNECTION_TIMEOUT:
2792 return MGMT_DEV_DISCONN_TIMEOUT;
2793 case HCI_ERROR_REMOTE_USER_TERM:
2794 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2795 case HCI_ERROR_REMOTE_POWER_OFF:
2796 return MGMT_DEV_DISCONN_REMOTE;
2797 case HCI_ERROR_LOCAL_HOST_TERM:
2798 return MGMT_DEV_DISCONN_LOCAL_HOST;
2799 default:
2800 return MGMT_DEV_DISCONN_UNKNOWN;
2801 }
2802}
2803
2804static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2805{
2806 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2807 u8 reason;
2808 struct hci_conn_params *params;
2809 struct hci_conn *conn;
2810 bool mgmt_connected;
2811 u8 type;
2812
2813 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2814
2815 hci_dev_lock(hdev);
2816
2817 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2818 if (!conn)
2819 goto unlock;
2820
2821 if (ev->status) {
2822 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2823 conn->dst_type, ev->status);
2824 goto unlock;
2825 }
2826
2827 conn->state = BT_CLOSED;
2828
2829 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2830
2831 if (test_bit(HCI_CONN_AUTH_FAILURE, &conn->flags))
2832 reason = MGMT_DEV_DISCONN_AUTH_FAILURE;
2833 else
2834 reason = hci_to_mgmt_reason(ev->reason);
2835
2836 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2837 reason, mgmt_connected);
2838
2839 if (conn->type == ACL_LINK) {
2840 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2841 hci_remove_link_key(hdev, &conn->dst);
2842
2843 hci_req_update_scan(hdev);
2844 }
2845
2846 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2847 if (params) {
2848 switch (params->auto_connect) {
2849 case HCI_AUTO_CONN_LINK_LOSS:
2850 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2851 break;
2852 fallthrough;
2853
2854 case HCI_AUTO_CONN_DIRECT:
2855 case HCI_AUTO_CONN_ALWAYS:
2856 list_del_init(¶ms->action);
2857 list_add(¶ms->action, &hdev->pend_le_conns);
2858 hci_update_background_scan(hdev);
2859 break;
2860
2861 default:
2862 break;
2863 }
2864 }
2865
2866 type = conn->type;
2867
2868 hci_disconn_cfm(conn, ev->reason);
2869 hci_conn_del(conn);
2870
2871
2872
2873
2874 if (list_empty(&hdev->conn_hash.list) &&
2875 test_and_clear_bit(SUSPEND_DISCONNECTING, hdev->suspend_tasks)) {
2876 wake_up(&hdev->suspend_wait_q);
2877 }
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889 if (type == LE_LINK)
2890 hci_req_reenable_advertising(hdev);
2891
2892unlock:
2893 hci_dev_unlock(hdev);
2894}
2895
2896static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2897{
2898 struct hci_ev_auth_complete *ev = (void *) skb->data;
2899 struct hci_conn *conn;
2900
2901 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2902
2903 hci_dev_lock(hdev);
2904
2905 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2906 if (!conn)
2907 goto unlock;
2908
2909 if (!ev->status) {
2910 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2911
2912 if (!hci_conn_ssp_enabled(conn) &&
2913 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2914 bt_dev_info(hdev, "re-auth of legacy device is not possible.");
2915 } else {
2916 set_bit(HCI_CONN_AUTH, &conn->flags);
2917 conn->sec_level = conn->pending_sec_level;
2918 }
2919 } else {
2920 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
2921 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
2922
2923 mgmt_auth_failed(conn, ev->status);
2924 }
2925
2926 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2927 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2928
2929 if (conn->state == BT_CONFIG) {
2930 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2931 struct hci_cp_set_conn_encrypt cp;
2932 cp.handle = ev->handle;
2933 cp.encrypt = 0x01;
2934 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2935 &cp);
2936 } else {
2937 conn->state = BT_CONNECTED;
2938 hci_connect_cfm(conn, ev->status);
2939 hci_conn_drop(conn);
2940 }
2941 } else {
2942 hci_auth_cfm(conn, ev->status);
2943
2944 hci_conn_hold(conn);
2945 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2946 hci_conn_drop(conn);
2947 }
2948
2949 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2950 if (!ev->status) {
2951 struct hci_cp_set_conn_encrypt cp;
2952 cp.handle = ev->handle;
2953 cp.encrypt = 0x01;
2954 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2955 &cp);
2956 } else {
2957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2958 hci_encrypt_cfm(conn, ev->status);
2959 }
2960 }
2961
2962unlock:
2963 hci_dev_unlock(hdev);
2964}
2965
2966static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2967{
2968 struct hci_ev_remote_name *ev = (void *) skb->data;
2969 struct hci_conn *conn;
2970
2971 BT_DBG("%s", hdev->name);
2972
2973 hci_conn_check_pending(hdev);
2974
2975 hci_dev_lock(hdev);
2976
2977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2978
2979 if (!hci_dev_test_flag(hdev, HCI_MGMT))
2980 goto check_auth;
2981
2982 if (ev->status == 0)
2983 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2984 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2985 else
2986 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2987
2988check_auth:
2989 if (!conn)
2990 goto unlock;
2991
2992 if (!hci_outgoing_auth_needed(hdev, conn))
2993 goto unlock;
2994
2995 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2996 struct hci_cp_auth_requested cp;
2997
2998 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2999
3000 cp.handle = __cpu_to_le16(conn->handle);
3001 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
3002 }
3003
3004unlock:
3005 hci_dev_unlock(hdev);
3006}
3007
3008static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
3009 u16 opcode, struct sk_buff *skb)
3010{
3011 const struct hci_rp_read_enc_key_size *rp;
3012 struct hci_conn *conn;
3013 u16 handle;
3014
3015 BT_DBG("%s status 0x%02x", hdev->name, status);
3016
3017 if (!skb || skb->len < sizeof(*rp)) {
3018 bt_dev_err(hdev, "invalid read key size response");
3019 return;
3020 }
3021
3022 rp = (void *)skb->data;
3023 handle = le16_to_cpu(rp->handle);
3024
3025 hci_dev_lock(hdev);
3026
3027 conn = hci_conn_hash_lookup_handle(hdev, handle);
3028 if (!conn)
3029 goto unlock;
3030
3031
3032
3033
3034
3035 if (rp->status) {
3036 bt_dev_err(hdev, "failed to read key size for handle %u",
3037 handle);
3038 conn->enc_key_size = 0;
3039 } else {
3040 conn->enc_key_size = rp->key_size;
3041 }
3042
3043 hci_encrypt_cfm(conn, 0);
3044
3045unlock:
3046 hci_dev_unlock(hdev);
3047}
3048
3049static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3050{
3051 struct hci_ev_encrypt_change *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
3054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3055
3056 hci_dev_lock(hdev);
3057
3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3059 if (!conn)
3060 goto unlock;
3061
3062 if (!ev->status) {
3063 if (ev->encrypt) {
3064
3065 set_bit(HCI_CONN_AUTH, &conn->flags);
3066 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
3067 conn->sec_level = conn->pending_sec_level;
3068
3069
3070 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
3071 set_bit(HCI_CONN_FIPS, &conn->flags);
3072
3073 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
3074 conn->type == LE_LINK)
3075 set_bit(HCI_CONN_AES_CCM, &conn->flags);
3076 } else {
3077 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
3078 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
3079 }
3080 }
3081
3082
3083
3084
3085 if (ev->status && conn->type == LE_LINK) {
3086 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
3087 hci_adv_instances_set_rpa_expired(hdev, true);
3088 }
3089
3090 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3091
3092
3093 if (!hci_conn_check_link_mode(conn))
3094 ev->status = HCI_ERROR_AUTH_FAILURE;
3095
3096 if (ev->status && conn->state == BT_CONNECTED) {
3097 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
3098 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
3099
3100
3101
3102
3103 hci_encrypt_cfm(conn, ev->status);
3104 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3105 hci_conn_drop(conn);
3106 goto unlock;
3107 }
3108
3109
3110 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
3111 struct hci_cp_read_enc_key_size cp;
3112 struct hci_request req;
3113
3114
3115
3116
3117
3118 if (!(hdev->commands[20] & 0x10)) {
3119 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3120 goto notify;
3121 }
3122
3123 hci_req_init(&req, hdev);
3124
3125 cp.handle = cpu_to_le16(conn->handle);
3126 hci_req_add(&req, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp);
3127
3128 if (hci_req_run_skb(&req, read_enc_key_size_complete)) {
3129 bt_dev_err(hdev, "sending read key size failed");
3130 conn->enc_key_size = HCI_LINK_KEY_SIZE;
3131 goto notify;
3132 }
3133
3134 goto unlock;
3135 }
3136
3137
3138
3139
3140
3141
3142
3143
3144 if (test_bit(HCI_CONN_ENCRYPT, &conn->flags) &&
3145 test_bit(HCI_CONN_AES_CCM, &conn->flags) &&
3146 ((conn->type == ACL_LINK && lmp_ping_capable(hdev)) ||
3147 (conn->type == LE_LINK && (hdev->le_features[0] & HCI_LE_PING)))) {
3148 struct hci_cp_write_auth_payload_to cp;
3149
3150 cp.handle = cpu_to_le16(conn->handle);
3151 cp.timeout = cpu_to_le16(hdev->auth_payload_timeout);
3152 hci_send_cmd(conn->hdev, HCI_OP_WRITE_AUTH_PAYLOAD_TO,
3153 sizeof(cp), &cp);
3154 }
3155
3156notify:
3157 hci_encrypt_cfm(conn, ev->status);
3158
3159unlock:
3160 hci_dev_unlock(hdev);
3161}
3162
3163static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
3164 struct sk_buff *skb)
3165{
3166 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
3167 struct hci_conn *conn;
3168
3169 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3170
3171 hci_dev_lock(hdev);
3172
3173 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3174 if (conn) {
3175 if (!ev->status)
3176 set_bit(HCI_CONN_SECURE, &conn->flags);
3177
3178 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
3179
3180 hci_key_change_cfm(conn, ev->status);
3181 }
3182
3183 hci_dev_unlock(hdev);
3184}
3185
3186static void hci_remote_features_evt(struct hci_dev *hdev,
3187 struct sk_buff *skb)
3188{
3189 struct hci_ev_remote_features *ev = (void *) skb->data;
3190 struct hci_conn *conn;
3191
3192 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3193
3194 hci_dev_lock(hdev);
3195
3196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3197 if (!conn)
3198 goto unlock;
3199
3200 if (!ev->status)
3201 memcpy(conn->features[0], ev->features, 8);
3202
3203 if (conn->state != BT_CONFIG)
3204 goto unlock;
3205
3206 if (!ev->status && lmp_ext_feat_capable(hdev) &&
3207 lmp_ext_feat_capable(conn)) {
3208 struct hci_cp_read_remote_ext_features cp;
3209 cp.handle = ev->handle;
3210 cp.page = 0x01;
3211 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
3212 sizeof(cp), &cp);
3213 goto unlock;
3214 }
3215
3216 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3217 struct hci_cp_remote_name_req cp;
3218 memset(&cp, 0, sizeof(cp));
3219 bacpy(&cp.bdaddr, &conn->dst);
3220 cp.pscan_rep_mode = 0x02;
3221 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3222 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3223 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3224
3225 if (!hci_outgoing_auth_needed(hdev, conn)) {
3226 conn->state = BT_CONNECTED;
3227 hci_connect_cfm(conn, ev->status);
3228 hci_conn_drop(conn);
3229 }
3230
3231unlock:
3232 hci_dev_unlock(hdev);
3233}
3234
3235static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3236 u16 *opcode, u8 *status,
3237 hci_req_complete_t *req_complete,
3238 hci_req_complete_skb_t *req_complete_skb)
3239{
3240 struct hci_ev_cmd_complete *ev = (void *) skb->data;
3241
3242 *opcode = __le16_to_cpu(ev->opcode);
3243 *status = skb->data[sizeof(*ev)];
3244
3245 skb_pull(skb, sizeof(*ev));
3246
3247 switch (*opcode) {
3248 case HCI_OP_INQUIRY_CANCEL:
3249 hci_cc_inquiry_cancel(hdev, skb, status);
3250 break;
3251
3252 case HCI_OP_PERIODIC_INQ:
3253 hci_cc_periodic_inq(hdev, skb);
3254 break;
3255
3256 case HCI_OP_EXIT_PERIODIC_INQ:
3257 hci_cc_exit_periodic_inq(hdev, skb);
3258 break;
3259
3260 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
3261 hci_cc_remote_name_req_cancel(hdev, skb);
3262 break;
3263
3264 case HCI_OP_ROLE_DISCOVERY:
3265 hci_cc_role_discovery(hdev, skb);
3266 break;
3267
3268 case HCI_OP_READ_LINK_POLICY:
3269 hci_cc_read_link_policy(hdev, skb);
3270 break;
3271
3272 case HCI_OP_WRITE_LINK_POLICY:
3273 hci_cc_write_link_policy(hdev, skb);
3274 break;
3275
3276 case HCI_OP_READ_DEF_LINK_POLICY:
3277 hci_cc_read_def_link_policy(hdev, skb);
3278 break;
3279
3280 case HCI_OP_WRITE_DEF_LINK_POLICY:
3281 hci_cc_write_def_link_policy(hdev, skb);
3282 break;
3283
3284 case HCI_OP_RESET:
3285 hci_cc_reset(hdev, skb);
3286 break;
3287
3288 case HCI_OP_READ_STORED_LINK_KEY:
3289 hci_cc_read_stored_link_key(hdev, skb);
3290 break;
3291
3292 case HCI_OP_DELETE_STORED_LINK_KEY:
3293 hci_cc_delete_stored_link_key(hdev, skb);
3294 break;
3295
3296 case HCI_OP_WRITE_LOCAL_NAME:
3297 hci_cc_write_local_name(hdev, skb);
3298 break;
3299
3300 case HCI_OP_READ_LOCAL_NAME:
3301 hci_cc_read_local_name(hdev, skb);
3302 break;
3303
3304 case HCI_OP_WRITE_AUTH_ENABLE:
3305 hci_cc_write_auth_enable(hdev, skb);
3306 break;
3307
3308 case HCI_OP_WRITE_ENCRYPT_MODE:
3309 hci_cc_write_encrypt_mode(hdev, skb);
3310 break;
3311
3312 case HCI_OP_WRITE_SCAN_ENABLE:
3313 hci_cc_write_scan_enable(hdev, skb);
3314 break;
3315
3316 case HCI_OP_READ_CLASS_OF_DEV:
3317 hci_cc_read_class_of_dev(hdev, skb);
3318 break;
3319
3320 case HCI_OP_WRITE_CLASS_OF_DEV:
3321 hci_cc_write_class_of_dev(hdev, skb);
3322 break;
3323
3324 case HCI_OP_READ_VOICE_SETTING:
3325 hci_cc_read_voice_setting(hdev, skb);
3326 break;
3327
3328 case HCI_OP_WRITE_VOICE_SETTING:
3329 hci_cc_write_voice_setting(hdev, skb);
3330 break;
3331
3332 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3333 hci_cc_read_num_supported_iac(hdev, skb);
3334 break;
3335
3336 case HCI_OP_WRITE_SSP_MODE:
3337 hci_cc_write_ssp_mode(hdev, skb);
3338 break;
3339
3340 case HCI_OP_WRITE_SC_SUPPORT:
3341 hci_cc_write_sc_support(hdev, skb);
3342 break;
3343
3344 case HCI_OP_READ_AUTH_PAYLOAD_TO:
3345 hci_cc_read_auth_payload_timeout(hdev, skb);
3346 break;
3347
3348 case HCI_OP_WRITE_AUTH_PAYLOAD_TO:
3349 hci_cc_write_auth_payload_timeout(hdev, skb);
3350 break;
3351
3352 case HCI_OP_READ_LOCAL_VERSION:
3353 hci_cc_read_local_version(hdev, skb);
3354 break;
3355
3356 case HCI_OP_READ_LOCAL_COMMANDS:
3357 hci_cc_read_local_commands(hdev, skb);
3358 break;
3359
3360 case HCI_OP_READ_LOCAL_FEATURES:
3361 hci_cc_read_local_features(hdev, skb);
3362 break;
3363
3364 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3365 hci_cc_read_local_ext_features(hdev, skb);
3366 break;
3367
3368 case HCI_OP_READ_BUFFER_SIZE:
3369 hci_cc_read_buffer_size(hdev, skb);
3370 break;
3371
3372 case HCI_OP_READ_BD_ADDR:
3373 hci_cc_read_bd_addr(hdev, skb);
3374 break;
3375
3376 case HCI_OP_READ_LOCAL_PAIRING_OPTS:
3377 hci_cc_read_local_pairing_opts(hdev, skb);
3378 break;
3379
3380 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3381 hci_cc_read_page_scan_activity(hdev, skb);
3382 break;
3383
3384 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3385 hci_cc_write_page_scan_activity(hdev, skb);
3386 break;
3387
3388 case HCI_OP_READ_PAGE_SCAN_TYPE:
3389 hci_cc_read_page_scan_type(hdev, skb);
3390 break;
3391
3392 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3393 hci_cc_write_page_scan_type(hdev, skb);
3394 break;
3395
3396 case HCI_OP_READ_DATA_BLOCK_SIZE:
3397 hci_cc_read_data_block_size(hdev, skb);
3398 break;
3399
3400 case HCI_OP_READ_FLOW_CONTROL_MODE:
3401 hci_cc_read_flow_control_mode(hdev, skb);
3402 break;
3403
3404 case HCI_OP_READ_LOCAL_AMP_INFO:
3405 hci_cc_read_local_amp_info(hdev, skb);
3406 break;
3407
3408 case HCI_OP_READ_CLOCK:
3409 hci_cc_read_clock(hdev, skb);
3410 break;
3411
3412 case HCI_OP_READ_INQ_RSP_TX_POWER:
3413 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3414 break;
3415
3416 case HCI_OP_READ_DEF_ERR_DATA_REPORTING:
3417 hci_cc_read_def_err_data_reporting(hdev, skb);
3418 break;
3419
3420 case HCI_OP_WRITE_DEF_ERR_DATA_REPORTING:
3421 hci_cc_write_def_err_data_reporting(hdev, skb);
3422 break;
3423
3424 case HCI_OP_PIN_CODE_REPLY:
3425 hci_cc_pin_code_reply(hdev, skb);
3426 break;
3427
3428 case HCI_OP_PIN_CODE_NEG_REPLY:
3429 hci_cc_pin_code_neg_reply(hdev, skb);
3430 break;
3431
3432 case HCI_OP_READ_LOCAL_OOB_DATA:
3433 hci_cc_read_local_oob_data(hdev, skb);
3434 break;
3435
3436 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3437 hci_cc_read_local_oob_ext_data(hdev, skb);
3438 break;
3439
3440 case HCI_OP_LE_READ_BUFFER_SIZE:
3441 hci_cc_le_read_buffer_size(hdev, skb);
3442 break;
3443
3444 case HCI_OP_LE_READ_LOCAL_FEATURES:
3445 hci_cc_le_read_local_features(hdev, skb);
3446 break;
3447
3448 case HCI_OP_LE_READ_ADV_TX_POWER:
3449 hci_cc_le_read_adv_tx_power(hdev, skb);
3450 break;
3451
3452 case HCI_OP_USER_CONFIRM_REPLY:
3453 hci_cc_user_confirm_reply(hdev, skb);
3454 break;
3455
3456 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3457 hci_cc_user_confirm_neg_reply(hdev, skb);
3458 break;
3459
3460 case HCI_OP_USER_PASSKEY_REPLY:
3461 hci_cc_user_passkey_reply(hdev, skb);
3462 break;
3463
3464 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3465 hci_cc_user_passkey_neg_reply(hdev, skb);
3466 break;
3467
3468 case HCI_OP_LE_SET_RANDOM_ADDR:
3469 hci_cc_le_set_random_addr(hdev, skb);
3470 break;
3471
3472 case HCI_OP_LE_SET_ADV_ENABLE:
3473 hci_cc_le_set_adv_enable(hdev, skb);
3474 break;
3475
3476 case HCI_OP_LE_SET_SCAN_PARAM:
3477 hci_cc_le_set_scan_param(hdev, skb);
3478 break;
3479
3480 case HCI_OP_LE_SET_SCAN_ENABLE:
3481 hci_cc_le_set_scan_enable(hdev, skb);
3482 break;
3483
3484 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3485 hci_cc_le_read_white_list_size(hdev, skb);
3486 break;
3487
3488 case HCI_OP_LE_CLEAR_WHITE_LIST:
3489 hci_cc_le_clear_white_list(hdev, skb);
3490 break;
3491
3492 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3493 hci_cc_le_add_to_white_list(hdev, skb);
3494 break;
3495
3496 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3497 hci_cc_le_del_from_white_list(hdev, skb);
3498 break;
3499
3500 case HCI_OP_LE_READ_SUPPORTED_STATES:
3501 hci_cc_le_read_supported_states(hdev, skb);
3502 break;
3503
3504 case HCI_OP_LE_READ_DEF_DATA_LEN:
3505 hci_cc_le_read_def_data_len(hdev, skb);
3506 break;
3507
3508 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3509 hci_cc_le_write_def_data_len(hdev, skb);
3510 break;
3511
3512 case HCI_OP_LE_ADD_TO_RESOLV_LIST:
3513 hci_cc_le_add_to_resolv_list(hdev, skb);
3514 break;
3515
3516 case HCI_OP_LE_DEL_FROM_RESOLV_LIST:
3517 hci_cc_le_del_from_resolv_list(hdev, skb);
3518 break;
3519
3520 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3521 hci_cc_le_clear_resolv_list(hdev, skb);
3522 break;
3523
3524 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3525 hci_cc_le_read_resolv_list_size(hdev, skb);
3526 break;
3527
3528 case HCI_OP_LE_SET_ADDR_RESOLV_ENABLE:
3529 hci_cc_le_set_addr_resolution_enable(hdev, skb);
3530 break;
3531
3532 case HCI_OP_LE_READ_MAX_DATA_LEN:
3533 hci_cc_le_read_max_data_len(hdev, skb);
3534 break;
3535
3536 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3537 hci_cc_write_le_host_supported(hdev, skb);
3538 break;
3539
3540 case HCI_OP_LE_SET_ADV_PARAM:
3541 hci_cc_set_adv_param(hdev, skb);
3542 break;
3543
3544 case HCI_OP_READ_RSSI:
3545 hci_cc_read_rssi(hdev, skb);
3546 break;
3547
3548 case HCI_OP_READ_TX_POWER:
3549 hci_cc_read_tx_power(hdev, skb);
3550 break;
3551
3552 case HCI_OP_WRITE_SSP_DEBUG_MODE:
3553 hci_cc_write_ssp_debug_mode(hdev, skb);
3554 break;
3555
3556 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3557 hci_cc_le_set_ext_scan_param(hdev, skb);
3558 break;
3559
3560 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3561 hci_cc_le_set_ext_scan_enable(hdev, skb);
3562 break;
3563
3564 case HCI_OP_LE_SET_DEFAULT_PHY:
3565 hci_cc_le_set_default_phy(hdev, skb);
3566 break;
3567
3568 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3569 hci_cc_le_read_num_adv_sets(hdev, skb);
3570 break;
3571
3572 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3573 hci_cc_set_ext_adv_param(hdev, skb);
3574 break;
3575
3576 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3577 hci_cc_le_set_ext_adv_enable(hdev, skb);
3578 break;
3579
3580 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3581 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3582 break;
3583
3584 default:
3585 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3586 break;
3587 }
3588
3589 if (*opcode != HCI_OP_NOP)
3590 cancel_delayed_work(&hdev->cmd_timer);
3591
3592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3593 atomic_set(&hdev->cmd_cnt, 1);
3594
3595 hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3596 req_complete_skb);
3597
3598 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3599 bt_dev_err(hdev,
3600 "unexpected event for opcode 0x%4.4x", *opcode);
3601 return;
3602 }
3603
3604 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3605 queue_work(hdev->workqueue, &hdev->cmd_work);
3606}
3607
3608static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3609 u16 *opcode, u8 *status,
3610 hci_req_complete_t *req_complete,
3611 hci_req_complete_skb_t *req_complete_skb)
3612{
3613 struct hci_ev_cmd_status *ev = (void *) skb->data;
3614
3615 skb_pull(skb, sizeof(*ev));
3616
3617 *opcode = __le16_to_cpu(ev->opcode);
3618 *status = ev->status;
3619
3620 switch (*opcode) {
3621 case HCI_OP_INQUIRY:
3622 hci_cs_inquiry(hdev, ev->status);
3623 break;
3624
3625 case HCI_OP_CREATE_CONN:
3626 hci_cs_create_conn(hdev, ev->status);
3627 break;
3628
3629 case HCI_OP_DISCONNECT:
3630 hci_cs_disconnect(hdev, ev->status);
3631 break;
3632
3633 case HCI_OP_ADD_SCO:
3634 hci_cs_add_sco(hdev, ev->status);
3635 break;
3636
3637 case HCI_OP_AUTH_REQUESTED:
3638 hci_cs_auth_requested(hdev, ev->status);
3639 break;
3640
3641 case HCI_OP_SET_CONN_ENCRYPT:
3642 hci_cs_set_conn_encrypt(hdev, ev->status);
3643 break;
3644
3645 case HCI_OP_REMOTE_NAME_REQ:
3646 hci_cs_remote_name_req(hdev, ev->status);
3647 break;
3648
3649 case HCI_OP_READ_REMOTE_FEATURES:
3650 hci_cs_read_remote_features(hdev, ev->status);
3651 break;
3652
3653 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3654 hci_cs_read_remote_ext_features(hdev, ev->status);
3655 break;
3656
3657 case HCI_OP_SETUP_SYNC_CONN:
3658 hci_cs_setup_sync_conn(hdev, ev->status);
3659 break;
3660
3661 case HCI_OP_SNIFF_MODE:
3662 hci_cs_sniff_mode(hdev, ev->status);
3663 break;
3664
3665 case HCI_OP_EXIT_SNIFF_MODE:
3666 hci_cs_exit_sniff_mode(hdev, ev->status);
3667 break;
3668
3669 case HCI_OP_SWITCH_ROLE:
3670 hci_cs_switch_role(hdev, ev->status);
3671 break;
3672
3673 case HCI_OP_LE_CREATE_CONN:
3674 hci_cs_le_create_conn(hdev, ev->status);
3675 break;
3676
3677 case HCI_OP_LE_READ_REMOTE_FEATURES:
3678 hci_cs_le_read_remote_features(hdev, ev->status);
3679 break;
3680
3681 case HCI_OP_LE_START_ENC:
3682 hci_cs_le_start_enc(hdev, ev->status);
3683 break;
3684
3685 case HCI_OP_LE_EXT_CREATE_CONN:
3686 hci_cs_le_ext_create_conn(hdev, ev->status);
3687 break;
3688
3689 default:
3690 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3691 break;
3692 }
3693
3694 if (*opcode != HCI_OP_NOP)
3695 cancel_delayed_work(&hdev->cmd_timer);
3696
3697 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3698 atomic_set(&hdev->cmd_cnt, 1);
3699
3700
3701
3702
3703
3704
3705
3706 if (ev->status ||
3707 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->hci.req_event))
3708 hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3709 req_complete_skb);
3710
3711 if (hci_dev_test_flag(hdev, HCI_CMD_PENDING)) {
3712 bt_dev_err(hdev,
3713 "unexpected event for opcode 0x%4.4x", *opcode);
3714 return;
3715 }
3716
3717 if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3718 queue_work(hdev->workqueue, &hdev->cmd_work);
3719}
3720
3721static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3722{
3723 struct hci_ev_hardware_error *ev = (void *) skb->data;
3724
3725 hdev->hw_error_code = ev->code;
3726
3727 queue_work(hdev->req_workqueue, &hdev->error_reset);
3728}
3729
3730static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3731{
3732 struct hci_ev_role_change *ev = (void *) skb->data;
3733 struct hci_conn *conn;
3734
3735 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3736
3737 hci_dev_lock(hdev);
3738
3739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3740 if (conn) {
3741 if (!ev->status)
3742 conn->role = ev->role;
3743
3744 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3745
3746 hci_role_switch_cfm(conn, ev->status, ev->role);
3747 }
3748
3749 hci_dev_unlock(hdev);
3750}
3751
3752static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3753{
3754 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3755 int i;
3756
3757 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3758 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3759 return;
3760 }
3761
3762 if (skb->len < sizeof(*ev) ||
3763 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3764 BT_DBG("%s bad parameters", hdev->name);
3765 return;
3766 }
3767
3768 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3769
3770 for (i = 0; i < ev->num_hndl; i++) {
3771 struct hci_comp_pkts_info *info = &ev->handles[i];
3772 struct hci_conn *conn;
3773 __u16 handle, count;
3774
3775 handle = __le16_to_cpu(info->handle);
3776 count = __le16_to_cpu(info->count);
3777
3778 conn = hci_conn_hash_lookup_handle(hdev, handle);
3779 if (!conn)
3780 continue;
3781
3782 conn->sent -= count;
3783
3784 switch (conn->type) {
3785 case ACL_LINK:
3786 hdev->acl_cnt += count;
3787 if (hdev->acl_cnt > hdev->acl_pkts)
3788 hdev->acl_cnt = hdev->acl_pkts;
3789 break;
3790
3791 case LE_LINK:
3792 if (hdev->le_pkts) {
3793 hdev->le_cnt += count;
3794 if (hdev->le_cnt > hdev->le_pkts)
3795 hdev->le_cnt = hdev->le_pkts;
3796 } else {
3797 hdev->acl_cnt += count;
3798 if (hdev->acl_cnt > hdev->acl_pkts)
3799 hdev->acl_cnt = hdev->acl_pkts;
3800 }
3801 break;
3802
3803 case SCO_LINK:
3804 hdev->sco_cnt += count;
3805 if (hdev->sco_cnt > hdev->sco_pkts)
3806 hdev->sco_cnt = hdev->sco_pkts;
3807 break;
3808
3809 default:
3810 bt_dev_err(hdev, "unknown type %d conn %p",
3811 conn->type, conn);
3812 break;
3813 }
3814 }
3815
3816 queue_work(hdev->workqueue, &hdev->tx_work);
3817}
3818
3819static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3820 __u16 handle)
3821{
3822 struct hci_chan *chan;
3823
3824 switch (hdev->dev_type) {
3825 case HCI_PRIMARY:
3826 return hci_conn_hash_lookup_handle(hdev, handle);
3827 case HCI_AMP:
3828 chan = hci_chan_lookup_handle(hdev, handle);
3829 if (chan)
3830 return chan->conn;
3831 break;
3832 default:
3833 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
3834 break;
3835 }
3836
3837 return NULL;
3838}
3839
3840static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3841{
3842 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3843 int i;
3844
3845 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3846 bt_dev_err(hdev, "wrong event for mode %d", hdev->flow_ctl_mode);
3847 return;
3848 }
3849
3850 if (skb->len < sizeof(*ev) ||
3851 skb->len < struct_size(ev, handles, ev->num_hndl)) {
3852 BT_DBG("%s bad parameters", hdev->name);
3853 return;
3854 }
3855
3856 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3857 ev->num_hndl);
3858
3859 for (i = 0; i < ev->num_hndl; i++) {
3860 struct hci_comp_blocks_info *info = &ev->handles[i];
3861 struct hci_conn *conn = NULL;
3862 __u16 handle, block_count;
3863
3864 handle = __le16_to_cpu(info->handle);
3865 block_count = __le16_to_cpu(info->blocks);
3866
3867 conn = __hci_conn_lookup_handle(hdev, handle);
3868 if (!conn)
3869 continue;
3870
3871 conn->sent -= block_count;
3872
3873 switch (conn->type) {
3874 case ACL_LINK:
3875 case AMP_LINK:
3876 hdev->block_cnt += block_count;
3877 if (hdev->block_cnt > hdev->num_blocks)
3878 hdev->block_cnt = hdev->num_blocks;
3879 break;
3880
3881 default:
3882 bt_dev_err(hdev, "unknown type %d conn %p",
3883 conn->type, conn);
3884 break;
3885 }
3886 }
3887
3888 queue_work(hdev->workqueue, &hdev->tx_work);
3889}
3890
3891static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3892{
3893 struct hci_ev_mode_change *ev = (void *) skb->data;
3894 struct hci_conn *conn;
3895
3896 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3897
3898 hci_dev_lock(hdev);
3899
3900 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3901 if (conn) {
3902 conn->mode = ev->mode;
3903
3904 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3905 &conn->flags)) {
3906 if (conn->mode == HCI_CM_ACTIVE)
3907 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3908 else
3909 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3910 }
3911
3912 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3913 hci_sco_setup(conn, ev->status);
3914 }
3915
3916 hci_dev_unlock(hdev);
3917}
3918
3919static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3920{
3921 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3922 struct hci_conn *conn;
3923
3924 BT_DBG("%s", hdev->name);
3925
3926 hci_dev_lock(hdev);
3927
3928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3929 if (!conn)
3930 goto unlock;
3931
3932 if (conn->state == BT_CONNECTED) {
3933 hci_conn_hold(conn);
3934 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3935 hci_conn_drop(conn);
3936 }
3937
3938 if (!hci_dev_test_flag(hdev, HCI_BONDABLE) &&
3939 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3940 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3941 sizeof(ev->bdaddr), &ev->bdaddr);
3942 } else if (hci_dev_test_flag(hdev, HCI_MGMT)) {
3943 u8 secure;
3944
3945 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3946 secure = 1;
3947 else
3948 secure = 0;
3949
3950 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3951 }
3952
3953unlock:
3954 hci_dev_unlock(hdev);
3955}
3956
3957static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3958{
3959 if (key_type == HCI_LK_CHANGED_COMBINATION)
3960 return;
3961
3962 conn->pin_length = pin_len;
3963 conn->key_type = key_type;
3964
3965 switch (key_type) {
3966 case HCI_LK_LOCAL_UNIT:
3967 case HCI_LK_REMOTE_UNIT:
3968 case HCI_LK_DEBUG_COMBINATION:
3969 return;
3970 case HCI_LK_COMBINATION:
3971 if (pin_len == 16)
3972 conn->pending_sec_level = BT_SECURITY_HIGH;
3973 else
3974 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3975 break;
3976 case HCI_LK_UNAUTH_COMBINATION_P192:
3977 case HCI_LK_UNAUTH_COMBINATION_P256:
3978 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3979 break;
3980 case HCI_LK_AUTH_COMBINATION_P192:
3981 conn->pending_sec_level = BT_SECURITY_HIGH;
3982 break;
3983 case HCI_LK_AUTH_COMBINATION_P256:
3984 conn->pending_sec_level = BT_SECURITY_FIPS;
3985 break;
3986 }
3987}
3988
3989static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3990{
3991 struct hci_ev_link_key_req *ev = (void *) skb->data;
3992 struct hci_cp_link_key_reply cp;
3993 struct hci_conn *conn;
3994 struct link_key *key;
3995
3996 BT_DBG("%s", hdev->name);
3997
3998 if (!hci_dev_test_flag(hdev, HCI_MGMT))
3999 return;
4000
4001 hci_dev_lock(hdev);
4002
4003 key = hci_find_link_key(hdev, &ev->bdaddr);
4004 if (!key) {
4005 BT_DBG("%s link key not found for %pMR", hdev->name,
4006 &ev->bdaddr);
4007 goto not_found;
4008 }
4009
4010 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
4011 &ev->bdaddr);
4012
4013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4014 if (conn) {
4015 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4016
4017 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
4018 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
4019 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
4020 BT_DBG("%s ignoring unauthenticated key", hdev->name);
4021 goto not_found;
4022 }
4023
4024 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
4025 (conn->pending_sec_level == BT_SECURITY_HIGH ||
4026 conn->pending_sec_level == BT_SECURITY_FIPS)) {
4027 BT_DBG("%s ignoring key unauthenticated for high security",
4028 hdev->name);
4029 goto not_found;
4030 }
4031
4032 conn_set_key(conn, key->type, key->pin_len);
4033 }
4034
4035 bacpy(&cp.bdaddr, &ev->bdaddr);
4036 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
4037
4038 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
4039
4040 hci_dev_unlock(hdev);
4041
4042 return;
4043
4044not_found:
4045 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
4046 hci_dev_unlock(hdev);
4047}
4048
4049static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4050{
4051 struct hci_ev_link_key_notify *ev = (void *) skb->data;
4052 struct hci_conn *conn;
4053 struct link_key *key;
4054 bool persistent;
4055 u8 pin_len = 0;
4056
4057 BT_DBG("%s", hdev->name);
4058
4059 hci_dev_lock(hdev);
4060
4061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4062 if (!conn)
4063 goto unlock;
4064
4065 hci_conn_hold(conn);
4066 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4067 hci_conn_drop(conn);
4068
4069 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
4070 conn_set_key(conn, ev->key_type, conn->pin_length);
4071
4072 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4073 goto unlock;
4074
4075 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
4076 ev->key_type, pin_len, &persistent);
4077 if (!key)
4078 goto unlock;
4079
4080
4081
4082
4083 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
4084 conn_set_key(conn, key->type, key->pin_len);
4085
4086 mgmt_new_link_key(hdev, key, persistent);
4087
4088
4089
4090
4091
4092
4093 if (key->type == HCI_LK_DEBUG_COMBINATION &&
4094 !hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) {
4095 list_del_rcu(&key->list);
4096 kfree_rcu(key, rcu);
4097 goto unlock;
4098 }
4099
4100 if (persistent)
4101 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4102 else
4103 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
4104
4105unlock:
4106 hci_dev_unlock(hdev);
4107}
4108
4109static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
4110{
4111 struct hci_ev_clock_offset *ev = (void *) skb->data;
4112 struct hci_conn *conn;
4113
4114 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4115
4116 hci_dev_lock(hdev);
4117
4118 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4119 if (conn && !ev->status) {
4120 struct inquiry_entry *ie;
4121
4122 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4123 if (ie) {
4124 ie->data.clock_offset = ev->clock_offset;
4125 ie->timestamp = jiffies;
4126 }
4127 }
4128
4129 hci_dev_unlock(hdev);
4130}
4131
4132static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
4133{
4134 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
4135 struct hci_conn *conn;
4136
4137 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4138
4139 hci_dev_lock(hdev);
4140
4141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4142 if (conn && !ev->status)
4143 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
4144
4145 hci_dev_unlock(hdev);
4146}
4147
4148static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
4149{
4150 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
4151 struct inquiry_entry *ie;
4152
4153 BT_DBG("%s", hdev->name);
4154
4155 hci_dev_lock(hdev);
4156
4157 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4158 if (ie) {
4159 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
4160 ie->timestamp = jiffies;
4161 }
4162
4163 hci_dev_unlock(hdev);
4164}
4165
4166static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
4167 struct sk_buff *skb)
4168{
4169 struct inquiry_data data;
4170 int num_rsp = *((__u8 *) skb->data);
4171
4172 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4173
4174 if (!num_rsp)
4175 return;
4176
4177 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4178 return;
4179
4180 hci_dev_lock(hdev);
4181
4182 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
4183 struct inquiry_info_with_rssi_and_pscan_mode *info;
4184 info = (void *) (skb->data + 1);
4185
4186 if (skb->len < num_rsp * sizeof(*info) + 1)
4187 goto unlock;
4188
4189 for (; num_rsp; num_rsp--, info++) {
4190 u32 flags;
4191
4192 bacpy(&data.bdaddr, &info->bdaddr);
4193 data.pscan_rep_mode = info->pscan_rep_mode;
4194 data.pscan_period_mode = info->pscan_period_mode;
4195 data.pscan_mode = info->pscan_mode;
4196 memcpy(data.dev_class, info->dev_class, 3);
4197 data.clock_offset = info->clock_offset;
4198 data.rssi = info->rssi;
4199 data.ssp_mode = 0x00;
4200
4201 flags = hci_inquiry_cache_update(hdev, &data, false);
4202
4203 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4204 info->dev_class, info->rssi,
4205 flags, NULL, 0, NULL, 0);
4206 }
4207 } else {
4208 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
4209
4210 if (skb->len < num_rsp * sizeof(*info) + 1)
4211 goto unlock;
4212
4213 for (; num_rsp; num_rsp--, info++) {
4214 u32 flags;
4215
4216 bacpy(&data.bdaddr, &info->bdaddr);
4217 data.pscan_rep_mode = info->pscan_rep_mode;
4218 data.pscan_period_mode = info->pscan_period_mode;
4219 data.pscan_mode = 0x00;
4220 memcpy(data.dev_class, info->dev_class, 3);
4221 data.clock_offset = info->clock_offset;
4222 data.rssi = info->rssi;
4223 data.ssp_mode = 0x00;
4224
4225 flags = hci_inquiry_cache_update(hdev, &data, false);
4226
4227 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4228 info->dev_class, info->rssi,
4229 flags, NULL, 0, NULL, 0);
4230 }
4231 }
4232
4233unlock:
4234 hci_dev_unlock(hdev);
4235}
4236
4237static void hci_remote_ext_features_evt(struct hci_dev *hdev,
4238 struct sk_buff *skb)
4239{
4240 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
4241 struct hci_conn *conn;
4242
4243 BT_DBG("%s", hdev->name);
4244
4245 hci_dev_lock(hdev);
4246
4247 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4248 if (!conn)
4249 goto unlock;
4250
4251 if (ev->page < HCI_MAX_PAGES)
4252 memcpy(conn->features[ev->page], ev->features, 8);
4253
4254 if (!ev->status && ev->page == 0x01) {
4255 struct inquiry_entry *ie;
4256
4257 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
4258 if (ie)
4259 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4260
4261 if (ev->features[0] & LMP_HOST_SSP) {
4262 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4263 } else {
4264
4265
4266
4267
4268
4269
4270
4271
4272 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
4273 }
4274
4275 if (ev->features[0] & LMP_HOST_SC)
4276 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
4277 }
4278
4279 if (conn->state != BT_CONFIG)
4280 goto unlock;
4281
4282 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
4283 struct hci_cp_remote_name_req cp;
4284 memset(&cp, 0, sizeof(cp));
4285 bacpy(&cp.bdaddr, &conn->dst);
4286 cp.pscan_rep_mode = 0x02;
4287 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
4288 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4289 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4290
4291 if (!hci_outgoing_auth_needed(hdev, conn)) {
4292 conn->state = BT_CONNECTED;
4293 hci_connect_cfm(conn, ev->status);
4294 hci_conn_drop(conn);
4295 }
4296
4297unlock:
4298 hci_dev_unlock(hdev);
4299}
4300
4301static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4302 struct sk_buff *skb)
4303{
4304 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4305 struct hci_conn *conn;
4306
4307 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4308
4309 hci_dev_lock(hdev);
4310
4311 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4312 if (!conn) {
4313 if (ev->link_type == ESCO_LINK)
4314 goto unlock;
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4326 if (!conn)
4327 goto unlock;
4328 }
4329
4330 switch (ev->status) {
4331 case 0x00:
4332 conn->handle = __le16_to_cpu(ev->handle);
4333 conn->state = BT_CONNECTED;
4334 conn->type = ev->link_type;
4335
4336 hci_debugfs_create_conn(conn);
4337 hci_conn_add_sysfs(conn);
4338 break;
4339
4340 case 0x10:
4341 case 0x0d:
4342 case 0x11:
4343 case 0x1c:
4344 case 0x1a:
4345 case 0x1e:
4346 case 0x1f:
4347 case 0x20:
4348 if (conn->out) {
4349 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4350 (hdev->esco_type & EDR_ESCO_MASK);
4351 if (hci_setup_sync(conn, conn->link->handle))
4352 goto unlock;
4353 }
4354 fallthrough;
4355
4356 default:
4357 conn->state = BT_CLOSED;
4358 break;
4359 }
4360
4361 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4362
4363 switch (conn->setting & SCO_AIRMODE_MASK) {
4364 case SCO_AIRMODE_CVSD:
4365 if (hdev->notify)
4366 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_CVSD);
4367 break;
4368 case SCO_AIRMODE_TRANSP:
4369 if (hdev->notify)
4370 hdev->notify(hdev, HCI_NOTIFY_ENABLE_SCO_TRANSP);
4371 break;
4372 }
4373
4374 hci_connect_cfm(conn, ev->status);
4375 if (ev->status)
4376 hci_conn_del(conn);
4377
4378unlock:
4379 hci_dev_unlock(hdev);
4380}
4381
4382static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4383{
4384 size_t parsed = 0;
4385
4386 while (parsed < eir_len) {
4387 u8 field_len = eir[0];
4388
4389 if (field_len == 0)
4390 return parsed;
4391
4392 parsed += field_len + 1;
4393 eir += field_len + 1;
4394 }
4395
4396 return eir_len;
4397}
4398
4399static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4400 struct sk_buff *skb)
4401{
4402 struct inquiry_data data;
4403 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4404 int num_rsp = *((__u8 *) skb->data);
4405 size_t eir_len;
4406
4407 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4408
4409 if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
4410 return;
4411
4412 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))
4413 return;
4414
4415 hci_dev_lock(hdev);
4416
4417 for (; num_rsp; num_rsp--, info++) {
4418 u32 flags;
4419 bool name_known;
4420
4421 bacpy(&data.bdaddr, &info->bdaddr);
4422 data.pscan_rep_mode = info->pscan_rep_mode;
4423 data.pscan_period_mode = info->pscan_period_mode;
4424 data.pscan_mode = 0x00;
4425 memcpy(data.dev_class, info->dev_class, 3);
4426 data.clock_offset = info->clock_offset;
4427 data.rssi = info->rssi;
4428 data.ssp_mode = 0x01;
4429
4430 if (hci_dev_test_flag(hdev, HCI_MGMT))
4431 name_known = eir_get_data(info->data,
4432 sizeof(info->data),
4433 EIR_NAME_COMPLETE, NULL);
4434 else
4435 name_known = true;
4436
4437 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4438
4439 eir_len = eir_get_length(info->data, sizeof(info->data));
4440
4441 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4442 info->dev_class, info->rssi,
4443 flags, info->data, eir_len, NULL, 0);
4444 }
4445
4446 hci_dev_unlock(hdev);
4447}
4448
4449static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4450 struct sk_buff *skb)
4451{
4452 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4453 struct hci_conn *conn;
4454
4455 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4456 __le16_to_cpu(ev->handle));
4457
4458 hci_dev_lock(hdev);
4459
4460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4461 if (!conn)
4462 goto unlock;
4463
4464
4465
4466
4467 if (conn->type != LE_LINK)
4468 goto unlock;
4469
4470 if (!ev->status)
4471 conn->sec_level = conn->pending_sec_level;
4472
4473 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4474
4475 if (ev->status && conn->state == BT_CONNECTED) {
4476 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4477 hci_conn_drop(conn);
4478 goto unlock;
4479 }
4480
4481 if (conn->state == BT_CONFIG) {
4482 if (!ev->status)
4483 conn->state = BT_CONNECTED;
4484
4485 hci_connect_cfm(conn, ev->status);
4486 hci_conn_drop(conn);
4487 } else {
4488 hci_auth_cfm(conn, ev->status);
4489
4490 hci_conn_hold(conn);
4491 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4492 hci_conn_drop(conn);
4493 }
4494
4495unlock:
4496 hci_dev_unlock(hdev);
4497}
4498
4499static u8 hci_get_auth_req(struct hci_conn *conn)
4500{
4501
4502 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4503 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4504 return conn->remote_auth | (conn->auth_type & 0x01);
4505
4506
4507
4508
4509 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4510 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4511 return conn->remote_auth | 0x01;
4512
4513
4514 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4515}
4516
4517static u8 bredr_oob_data_present(struct hci_conn *conn)
4518{
4519 struct hci_dev *hdev = conn->hdev;
4520 struct oob_data *data;
4521
4522 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4523 if (!data)
4524 return 0x00;
4525
4526 if (bredr_sc_enabled(hdev)) {
4527
4528
4529
4530
4531
4532
4533 if (!hci_dev_test_flag(hdev, HCI_SC_ONLY))
4534 return data->present;
4535
4536
4537
4538
4539
4540
4541 if (!memcmp(data->rand256, ZERO_KEY, 16) ||
4542 !memcmp(data->hash256, ZERO_KEY, 16))
4543 return 0x00;
4544
4545 return 0x02;
4546 }
4547
4548
4549
4550
4551
4552 if (!memcmp(data->rand192, ZERO_KEY, 16) ||
4553 !memcmp(data->hash192, ZERO_KEY, 16))
4554 return 0x00;
4555
4556 return 0x01;
4557}
4558
4559static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4560{
4561 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4562 struct hci_conn *conn;
4563
4564 BT_DBG("%s", hdev->name);
4565
4566 hci_dev_lock(hdev);
4567
4568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4569 if (!conn)
4570 goto unlock;
4571
4572 hci_conn_hold(conn);
4573
4574 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4575 goto unlock;
4576
4577
4578
4579
4580 if (hci_dev_test_flag(hdev, HCI_BONDABLE) ||
4581 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4582 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4583 struct hci_cp_io_capability_reply cp;
4584
4585 bacpy(&cp.bdaddr, &ev->bdaddr);
4586
4587
4588 cp.capability = (conn->io_capability == 0x04) ?
4589 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4590
4591
4592 if (conn->remote_auth == 0xff) {
4593
4594
4595
4596 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4597 conn->auth_type != HCI_AT_NO_BONDING)
4598 conn->auth_type |= 0x01;
4599 } else {
4600 conn->auth_type = hci_get_auth_req(conn);
4601 }
4602
4603
4604
4605
4606 if (!hci_dev_test_flag(hdev, HCI_BONDABLE))
4607 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4608
4609 cp.authentication = conn->auth_type;
4610 cp.oob_data = bredr_oob_data_present(conn);
4611
4612 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4613 sizeof(cp), &cp);
4614 } else {
4615 struct hci_cp_io_capability_neg_reply cp;
4616
4617 bacpy(&cp.bdaddr, &ev->bdaddr);
4618 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4619
4620 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4621 sizeof(cp), &cp);
4622 }
4623
4624unlock:
4625 hci_dev_unlock(hdev);
4626}
4627
4628static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4629{
4630 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4631 struct hci_conn *conn;
4632
4633 BT_DBG("%s", hdev->name);
4634
4635 hci_dev_lock(hdev);
4636
4637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4638 if (!conn)
4639 goto unlock;
4640
4641 conn->remote_cap = ev->capability;
4642 conn->remote_auth = ev->authentication;
4643
4644unlock:
4645 hci_dev_unlock(hdev);
4646}
4647
4648static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4649 struct sk_buff *skb)
4650{
4651 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4652 int loc_mitm, rem_mitm, confirm_hint = 0;
4653 struct hci_conn *conn;
4654
4655 BT_DBG("%s", hdev->name);
4656
4657 hci_dev_lock(hdev);
4658
4659 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4660 goto unlock;
4661
4662 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4663 if (!conn)
4664 goto unlock;
4665
4666 loc_mitm = (conn->auth_type & 0x01);
4667 rem_mitm = (conn->remote_auth & 0x01);
4668
4669
4670
4671
4672
4673
4674 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4675 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4676 BT_DBG("Rejecting request: remote device can't provide MITM");
4677 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4678 sizeof(ev->bdaddr), &ev->bdaddr);
4679 goto unlock;
4680 }
4681
4682
4683 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4684 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4685
4686
4687
4688
4689
4690
4691
4692 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4693 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4694 (loc_mitm || rem_mitm)) {
4695 BT_DBG("Confirming auto-accept as acceptor");
4696 confirm_hint = 1;
4697 goto confirm;
4698 }
4699
4700
4701
4702
4703
4704 if (hci_find_link_key(hdev, &ev->bdaddr)) {
4705 bt_dev_dbg(hdev, "Local host already has link key");
4706 confirm_hint = 1;
4707 goto confirm;
4708 }
4709
4710 BT_DBG("Auto-accept of user confirmation with %ums delay",
4711 hdev->auto_accept_delay);
4712
4713 if (hdev->auto_accept_delay > 0) {
4714 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4715 queue_delayed_work(conn->hdev->workqueue,
4716 &conn->auto_accept_work, delay);
4717 goto unlock;
4718 }
4719
4720 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4721 sizeof(ev->bdaddr), &ev->bdaddr);
4722 goto unlock;
4723 }
4724
4725confirm:
4726 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4727 le32_to_cpu(ev->passkey), confirm_hint);
4728
4729unlock:
4730 hci_dev_unlock(hdev);
4731}
4732
4733static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4734 struct sk_buff *skb)
4735{
4736 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4737
4738 BT_DBG("%s", hdev->name);
4739
4740 if (hci_dev_test_flag(hdev, HCI_MGMT))
4741 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4742}
4743
4744static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4745 struct sk_buff *skb)
4746{
4747 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4748 struct hci_conn *conn;
4749
4750 BT_DBG("%s", hdev->name);
4751
4752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4753 if (!conn)
4754 return;
4755
4756 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4757 conn->passkey_entered = 0;
4758
4759 if (hci_dev_test_flag(hdev, HCI_MGMT))
4760 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4761 conn->dst_type, conn->passkey_notify,
4762 conn->passkey_entered);
4763}
4764
4765static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4766{
4767 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4768 struct hci_conn *conn;
4769
4770 BT_DBG("%s", hdev->name);
4771
4772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4773 if (!conn)
4774 return;
4775
4776 switch (ev->type) {
4777 case HCI_KEYPRESS_STARTED:
4778 conn->passkey_entered = 0;
4779 return;
4780
4781 case HCI_KEYPRESS_ENTERED:
4782 conn->passkey_entered++;
4783 break;
4784
4785 case HCI_KEYPRESS_ERASED:
4786 conn->passkey_entered--;
4787 break;
4788
4789 case HCI_KEYPRESS_CLEARED:
4790 conn->passkey_entered = 0;
4791 break;
4792
4793 case HCI_KEYPRESS_COMPLETED:
4794 return;
4795 }
4796
4797 if (hci_dev_test_flag(hdev, HCI_MGMT))
4798 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4799 conn->dst_type, conn->passkey_notify,
4800 conn->passkey_entered);
4801}
4802
4803static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4804 struct sk_buff *skb)
4805{
4806 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4807 struct hci_conn *conn;
4808
4809 BT_DBG("%s", hdev->name);
4810
4811 hci_dev_lock(hdev);
4812
4813 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4814 if (!conn)
4815 goto unlock;
4816
4817
4818 conn->remote_auth = 0xff;
4819
4820
4821
4822
4823
4824
4825 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4826 mgmt_auth_failed(conn, ev->status);
4827
4828 hci_conn_drop(conn);
4829
4830unlock:
4831 hci_dev_unlock(hdev);
4832}
4833
4834static void hci_remote_host_features_evt(struct hci_dev *hdev,
4835 struct sk_buff *skb)
4836{
4837 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4838 struct inquiry_entry *ie;
4839 struct hci_conn *conn;
4840
4841 BT_DBG("%s", hdev->name);
4842
4843 hci_dev_lock(hdev);
4844
4845 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4846 if (conn)
4847 memcpy(conn->features[1], ev->features, 8);
4848
4849 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4850 if (ie)
4851 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4852
4853 hci_dev_unlock(hdev);
4854}
4855
4856static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4857 struct sk_buff *skb)
4858{
4859 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4860 struct oob_data *data;
4861
4862 BT_DBG("%s", hdev->name);
4863
4864 hci_dev_lock(hdev);
4865
4866 if (!hci_dev_test_flag(hdev, HCI_MGMT))
4867 goto unlock;
4868
4869 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4870 if (!data) {
4871 struct hci_cp_remote_oob_data_neg_reply cp;
4872
4873 bacpy(&cp.bdaddr, &ev->bdaddr);
4874 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4875 sizeof(cp), &cp);
4876 goto unlock;
4877 }
4878
4879 if (bredr_sc_enabled(hdev)) {
4880 struct hci_cp_remote_oob_ext_data_reply cp;
4881
4882 bacpy(&cp.bdaddr, &ev->bdaddr);
4883 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4884 memset(cp.hash192, 0, sizeof(cp.hash192));
4885 memset(cp.rand192, 0, sizeof(cp.rand192));
4886 } else {
4887 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4888 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4889 }
4890 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4891 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4892
4893 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4894 sizeof(cp), &cp);
4895 } else {
4896 struct hci_cp_remote_oob_data_reply cp;
4897
4898 bacpy(&cp.bdaddr, &ev->bdaddr);
4899 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4900 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4901
4902 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4903 sizeof(cp), &cp);
4904 }
4905
4906unlock:
4907 hci_dev_unlock(hdev);
4908}
4909
4910#if IS_ENABLED(CONFIG_BT_HS)
4911static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4912{
4913 struct hci_ev_channel_selected *ev = (void *)skb->data;
4914 struct hci_conn *hcon;
4915
4916 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4917
4918 skb_pull(skb, sizeof(*ev));
4919
4920 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4921 if (!hcon)
4922 return;
4923
4924 amp_read_loc_assoc_final_data(hdev, hcon);
4925}
4926
4927static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4928 struct sk_buff *skb)
4929{
4930 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4931 struct hci_conn *hcon, *bredr_hcon;
4932
4933 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4934 ev->status);
4935
4936 hci_dev_lock(hdev);
4937
4938 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4939 if (!hcon) {
4940 hci_dev_unlock(hdev);
4941 return;
4942 }
4943
4944 if (ev->status) {
4945 hci_conn_del(hcon);
4946 hci_dev_unlock(hdev);
4947 return;
4948 }
4949
4950 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4951
4952 hcon->state = BT_CONNECTED;
4953 bacpy(&hcon->dst, &bredr_hcon->dst);
4954
4955 hci_conn_hold(hcon);
4956 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4957 hci_conn_drop(hcon);
4958
4959 hci_debugfs_create_conn(hcon);
4960 hci_conn_add_sysfs(hcon);
4961
4962 amp_physical_cfm(bredr_hcon, hcon);
4963
4964 hci_dev_unlock(hdev);
4965}
4966
4967static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4968{
4969 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4970 struct hci_conn *hcon;
4971 struct hci_chan *hchan;
4972 struct amp_mgr *mgr;
4973
4974 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4975 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4976 ev->status);
4977
4978 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4979 if (!hcon)
4980 return;
4981
4982
4983 hchan = hci_chan_create(hcon);
4984 if (!hchan)
4985 return;
4986
4987 hchan->handle = le16_to_cpu(ev->handle);
4988
4989 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4990
4991 mgr = hcon->amp_mgr;
4992 if (mgr && mgr->bredr_chan) {
4993 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4994
4995 l2cap_chan_lock(bredr_chan);
4996
4997 bredr_chan->conn->mtu = hdev->block_mtu;
4998 l2cap_logical_cfm(bredr_chan, hchan, 0);
4999 hci_conn_hold(hcon);
5000
5001 l2cap_chan_unlock(bredr_chan);
5002 }
5003}
5004
5005static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
5006 struct sk_buff *skb)
5007{
5008 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
5009 struct hci_chan *hchan;
5010
5011 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
5012 le16_to_cpu(ev->handle), ev->status);
5013
5014 if (ev->status)
5015 return;
5016
5017 hci_dev_lock(hdev);
5018
5019 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
5020 if (!hchan)
5021 goto unlock;
5022
5023 amp_destroy_logical_link(hchan, ev->reason);
5024
5025unlock:
5026 hci_dev_unlock(hdev);
5027}
5028
5029static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
5030 struct sk_buff *skb)
5031{
5032 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
5033 struct hci_conn *hcon;
5034
5035 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5036
5037 if (ev->status)
5038 return;
5039
5040 hci_dev_lock(hdev);
5041
5042 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5043 if (hcon) {
5044 hcon->state = BT_CLOSED;
5045 hci_conn_del(hcon);
5046 }
5047
5048 hci_dev_unlock(hdev);
5049}
5050#endif
5051
5052static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
5053 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
5054 u16 interval, u16 latency, u16 supervision_timeout)
5055{
5056 struct hci_conn_params *params;
5057 struct hci_conn *conn;
5058 struct smp_irk *irk;
5059 u8 addr_type;
5060
5061 hci_dev_lock(hdev);
5062
5063
5064
5065
5066 hci_dev_clear_flag(hdev, HCI_LE_ADV);
5067
5068 conn = hci_lookup_le_connect(hdev);
5069 if (!conn) {
5070 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
5071 if (!conn) {
5072 bt_dev_err(hdev, "no memory for new connection");
5073 goto unlock;
5074 }
5075
5076 conn->dst_type = bdaddr_type;
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086 if (conn->out) {
5087 conn->resp_addr_type = bdaddr_type;
5088 bacpy(&conn->resp_addr, bdaddr);
5089 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5090 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
5091 bacpy(&conn->init_addr, &hdev->rpa);
5092 } else {
5093 hci_copy_identity_address(hdev,
5094 &conn->init_addr,
5095 &conn->init_addr_type);
5096 }
5097 }
5098 } else {
5099 cancel_delayed_work(&conn->le_conn_timeout);
5100 }
5101
5102 if (!conn->out) {
5103
5104
5105
5106 conn->resp_addr_type = hdev->adv_addr_type;
5107 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
5108
5109
5110
5111 if (!ext_adv_capable(hdev))
5112 bacpy(&conn->resp_addr, &hdev->random_addr);
5113 } else {
5114 bacpy(&conn->resp_addr, &hdev->bdaddr);
5115 }
5116
5117 conn->init_addr_type = bdaddr_type;
5118 bacpy(&conn->init_addr, bdaddr);
5119
5120
5121
5122
5123
5124
5125 conn->le_conn_min_interval = hdev->le_conn_min_interval;
5126 conn->le_conn_max_interval = hdev->le_conn_max_interval;
5127 }
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
5139 if (irk) {
5140 bacpy(&conn->dst, &irk->bdaddr);
5141 conn->dst_type = irk->addr_type;
5142 }
5143
5144 if (status) {
5145 hci_le_conn_failed(conn, status);
5146 goto unlock;
5147 }
5148
5149 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
5150 addr_type = BDADDR_LE_PUBLIC;
5151 else
5152 addr_type = BDADDR_LE_RANDOM;
5153
5154
5155 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
5156 hci_conn_drop(conn);
5157 goto unlock;
5158 }
5159
5160 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
5161 mgmt_device_connected(hdev, conn, 0, NULL, 0);
5162
5163 conn->sec_level = BT_SECURITY_LOW;
5164 conn->handle = handle;
5165 conn->state = BT_CONFIG;
5166
5167 conn->le_conn_interval = interval;
5168 conn->le_conn_latency = latency;
5169 conn->le_supv_timeout = supervision_timeout;
5170
5171 hci_debugfs_create_conn(conn);
5172 hci_conn_add_sysfs(conn);
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183 if (conn->out ||
5184 (hdev->le_features[0] & HCI_LE_SLAVE_FEATURES)) {
5185 struct hci_cp_le_read_remote_features cp;
5186
5187 cp.handle = __cpu_to_le16(conn->handle);
5188
5189 hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES,
5190 sizeof(cp), &cp);
5191
5192 hci_conn_hold(conn);
5193 } else {
5194 conn->state = BT_CONNECTED;
5195 hci_connect_cfm(conn, status);
5196 }
5197
5198 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
5199 conn->dst_type);
5200 if (params) {
5201 list_del_init(¶ms->action);
5202 if (params->conn) {
5203 hci_conn_drop(params->conn);
5204 hci_conn_put(params->conn);
5205 params->conn = NULL;
5206 }
5207 }
5208
5209unlock:
5210 hci_update_background_scan(hdev);
5211 hci_dev_unlock(hdev);
5212}
5213
5214static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
5215{
5216 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
5217
5218 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5219
5220 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5221 ev->role, le16_to_cpu(ev->handle),
5222 le16_to_cpu(ev->interval),
5223 le16_to_cpu(ev->latency),
5224 le16_to_cpu(ev->supervision_timeout));
5225}
5226
5227static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
5228 struct sk_buff *skb)
5229{
5230 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
5231
5232 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5233
5234 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
5235 ev->role, le16_to_cpu(ev->handle),
5236 le16_to_cpu(ev->interval),
5237 le16_to_cpu(ev->latency),
5238 le16_to_cpu(ev->supervision_timeout));
5239
5240 if (use_ll_privacy(hdev) &&
5241 hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
5242 hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION))
5243 hci_req_disable_address_resolution(hdev);
5244}
5245
5246static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
5247{
5248 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
5249 struct hci_conn *conn;
5250
5251 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5252
5253 if (ev->status)
5254 return;
5255
5256 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
5257 if (conn) {
5258 struct adv_info *adv_instance;
5259
5260 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
5261 return;
5262
5263 if (!hdev->cur_adv_instance) {
5264 bacpy(&conn->resp_addr, &hdev->random_addr);
5265 return;
5266 }
5267
5268 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
5269 if (adv_instance)
5270 bacpy(&conn->resp_addr, &adv_instance->random_addr);
5271 }
5272}
5273
5274static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
5275 struct sk_buff *skb)
5276{
5277 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
5278 struct hci_conn *conn;
5279
5280 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5281
5282 if (ev->status)
5283 return;
5284
5285 hci_dev_lock(hdev);
5286
5287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5288 if (conn) {
5289 conn->le_conn_interval = le16_to_cpu(ev->interval);
5290 conn->le_conn_latency = le16_to_cpu(ev->latency);
5291 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
5292 }
5293
5294 hci_dev_unlock(hdev);
5295}
5296
5297
5298static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
5299 bdaddr_t *addr,
5300 u8 addr_type, u8 adv_type,
5301 bdaddr_t *direct_rpa)
5302{
5303 struct hci_conn *conn;
5304 struct hci_conn_params *params;
5305
5306
5307 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
5308 return NULL;
5309
5310
5311 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
5312 return NULL;
5313
5314
5315
5316
5317 if (hdev->conn_hash.le_num_slave > 0 &&
5318 (!test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) ||
5319 !(hdev->le_states[3] & 0x10)))
5320 return NULL;
5321
5322
5323
5324
5325 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, addr,
5326 addr_type);
5327 if (!params)
5328 return NULL;
5329
5330 if (!params->explicit_connect) {
5331 switch (params->auto_connect) {
5332 case HCI_AUTO_CONN_DIRECT:
5333
5334
5335
5336
5337 if (adv_type != LE_ADV_DIRECT_IND)
5338 return NULL;
5339 break;
5340 case HCI_AUTO_CONN_ALWAYS:
5341
5342
5343
5344
5345
5346
5347 break;
5348 default:
5349 return NULL;
5350 }
5351 }
5352
5353 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
5354 hdev->def_le_autoconnect_timeout, HCI_ROLE_MASTER,
5355 direct_rpa);
5356 if (!IS_ERR(conn)) {
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366 if (!params->explicit_connect)
5367 params->conn = hci_conn_get(conn);
5368
5369 return conn;
5370 }
5371
5372 switch (PTR_ERR(conn)) {
5373 case -EBUSY:
5374
5375
5376
5377
5378
5379 break;
5380 default:
5381 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
5382 return NULL;
5383 }
5384
5385 return NULL;
5386}
5387
5388static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
5389 u8 bdaddr_type, bdaddr_t *direct_addr,
5390 u8 direct_addr_type, s8 rssi, u8 *data, u8 len,
5391 bool ext_adv)
5392{
5393 struct discovery_state *d = &hdev->discovery;
5394 struct smp_irk *irk;
5395 struct hci_conn *conn;
5396 bool match;
5397 u32 flags;
5398 u8 *ptr, real_len;
5399
5400 switch (type) {
5401 case LE_ADV_IND:
5402 case LE_ADV_DIRECT_IND:
5403 case LE_ADV_SCAN_IND:
5404 case LE_ADV_NONCONN_IND:
5405 case LE_ADV_SCAN_RSP:
5406 break;
5407 default:
5408 bt_dev_err_ratelimited(hdev, "unknown advertising packet "
5409 "type: 0x%02x", type);
5410 return;
5411 }
5412
5413 if (!ext_adv && len > HCI_MAX_AD_LENGTH) {
5414 bt_dev_err_ratelimited(hdev, "legacy adv larger than 31 bytes");
5415 return;
5416 }
5417
5418
5419
5420
5421
5422
5423
5424 for (ptr = data; ptr < data + len && *ptr; ptr += *ptr + 1) {
5425 if (ptr + 1 + *ptr > data + len)
5426 break;
5427 }
5428
5429 real_len = ptr - data;
5430
5431
5432 if (len != real_len) {
5433 bt_dev_err_ratelimited(hdev, "advertising data len corrected %u -> %u",
5434 len, real_len);
5435 len = real_len;
5436 }
5437
5438
5439
5440
5441
5442
5443 if (direct_addr) {
5444
5445
5446
5447 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
5448 return;
5449
5450
5451
5452
5453 if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
5454 return;
5455
5456
5457
5458
5459
5460 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
5461 return;
5462 }
5463
5464
5465 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
5466 if (irk) {
5467 bdaddr = &irk->bdaddr;
5468 bdaddr_type = irk->addr_type;
5469 }
5470
5471
5472
5473
5474
5475
5476 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
5477 direct_addr);
5478 if (!ext_adv && conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {
5479
5480
5481
5482 memcpy(conn->le_adv_data, data, len);
5483 conn->le_adv_data_len = len;
5484 }
5485
5486
5487
5488
5489
5490 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
5491 if (type == LE_ADV_DIRECT_IND)
5492 return;
5493
5494 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
5495 bdaddr, bdaddr_type) &&
5496 idr_is_empty(&hdev->adv_monitors_idr))
5497 return;
5498
5499 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
5500 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5501 else
5502 flags = 0;
5503 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5504 rssi, flags, data, len, NULL, 0);
5505 return;
5506 }
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5524 type == LE_ADV_SCAN_RSP)
5525 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5526 else
5527 flags = 0;
5528
5529
5530
5531
5532
5533 if (!ext_adv && !has_pending_adv_report(hdev)) {
5534
5535
5536
5537 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5538 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5539 rssi, flags, data, len);
5540 return;
5541 }
5542
5543 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5544 rssi, flags, data, len, NULL, 0);
5545 return;
5546 }
5547
5548
5549 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5550 bdaddr_type == d->last_adv_addr_type);
5551
5552
5553
5554
5555
5556 if (type != LE_ADV_SCAN_RSP || !match) {
5557
5558 if (!match)
5559 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5560 d->last_adv_addr_type, NULL,
5561 d->last_adv_rssi, d->last_adv_flags,
5562 d->last_adv_data,
5563 d->last_adv_data_len, NULL, 0);
5564
5565
5566
5567
5568 if (!ext_adv && (type == LE_ADV_IND ||
5569 type == LE_ADV_SCAN_IND)) {
5570 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5571 rssi, flags, data, len);
5572 return;
5573 }
5574
5575
5576
5577
5578 clear_pending_adv_report(hdev);
5579 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5580 rssi, flags, data, len, NULL, 0);
5581 return;
5582 }
5583
5584
5585
5586
5587
5588 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5589 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5590 d->last_adv_data, d->last_adv_data_len, data, len);
5591 clear_pending_adv_report(hdev);
5592}
5593
5594static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5595{
5596 u8 num_reports = skb->data[0];
5597 void *ptr = &skb->data[1];
5598
5599 hci_dev_lock(hdev);
5600
5601 while (num_reports--) {
5602 struct hci_ev_le_advertising_info *ev = ptr;
5603 s8 rssi;
5604
5605 if (ev->length <= HCI_MAX_AD_LENGTH) {
5606 rssi = ev->data[ev->length];
5607 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5608 ev->bdaddr_type, NULL, 0, rssi,
5609 ev->data, ev->length, false);
5610 } else {
5611 bt_dev_err(hdev, "Dropping invalid advertising data");
5612 }
5613
5614 ptr += sizeof(*ev) + ev->length + 1;
5615 }
5616
5617 hci_dev_unlock(hdev);
5618}
5619
5620static u8 ext_evt_type_to_legacy(struct hci_dev *hdev, u16 evt_type)
5621{
5622 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5623 switch (evt_type) {
5624 case LE_LEGACY_ADV_IND:
5625 return LE_ADV_IND;
5626 case LE_LEGACY_ADV_DIRECT_IND:
5627 return LE_ADV_DIRECT_IND;
5628 case LE_LEGACY_ADV_SCAN_IND:
5629 return LE_ADV_SCAN_IND;
5630 case LE_LEGACY_NONCONN_IND:
5631 return LE_ADV_NONCONN_IND;
5632 case LE_LEGACY_SCAN_RSP_ADV:
5633 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5634 return LE_ADV_SCAN_RSP;
5635 }
5636
5637 goto invalid;
5638 }
5639
5640 if (evt_type & LE_EXT_ADV_CONN_IND) {
5641 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5642 return LE_ADV_DIRECT_IND;
5643
5644 return LE_ADV_IND;
5645 }
5646
5647 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5648 return LE_ADV_SCAN_RSP;
5649
5650 if (evt_type & LE_EXT_ADV_SCAN_IND)
5651 return LE_ADV_SCAN_IND;
5652
5653 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5654 evt_type & LE_EXT_ADV_DIRECT_IND)
5655 return LE_ADV_NONCONN_IND;
5656
5657invalid:
5658 bt_dev_err_ratelimited(hdev, "Unknown advertising packet type: 0x%02x",
5659 evt_type);
5660
5661 return LE_ADV_INVALID;
5662}
5663
5664static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5665{
5666 u8 num_reports = skb->data[0];
5667 void *ptr = &skb->data[1];
5668
5669 hci_dev_lock(hdev);
5670
5671 while (num_reports--) {
5672 struct hci_ev_le_ext_adv_report *ev = ptr;
5673 u8 legacy_evt_type;
5674 u16 evt_type;
5675
5676 evt_type = __le16_to_cpu(ev->evt_type);
5677 legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
5678 if (legacy_evt_type != LE_ADV_INVALID) {
5679 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5680 ev->bdaddr_type, NULL, 0, ev->rssi,
5681 ev->data, ev->length,
5682 !(evt_type & LE_EXT_ADV_LEGACY_PDU));
5683 }
5684
5685 ptr += sizeof(*ev) + ev->length;
5686 }
5687
5688 hci_dev_unlock(hdev);
5689}
5690
5691static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
5692 struct sk_buff *skb)
5693{
5694 struct hci_ev_le_remote_feat_complete *ev = (void *)skb->data;
5695 struct hci_conn *conn;
5696
5697 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5698
5699 hci_dev_lock(hdev);
5700
5701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5702 if (conn) {
5703 if (!ev->status)
5704 memcpy(conn->features[0], ev->features, 8);
5705
5706 if (conn->state == BT_CONFIG) {
5707 __u8 status;
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718 if ((hdev->le_features[0] & HCI_LE_SLAVE_FEATURES) &&
5719 !conn->out && ev->status == 0x1a)
5720 status = 0x00;
5721 else
5722 status = ev->status;
5723
5724 conn->state = BT_CONNECTED;
5725 hci_connect_cfm(conn, status);
5726 hci_conn_drop(conn);
5727 }
5728 }
5729
5730 hci_dev_unlock(hdev);
5731}
5732
5733static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5734{
5735 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5736 struct hci_cp_le_ltk_reply cp;
5737 struct hci_cp_le_ltk_neg_reply neg;
5738 struct hci_conn *conn;
5739 struct smp_ltk *ltk;
5740
5741 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5742
5743 hci_dev_lock(hdev);
5744
5745 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5746 if (conn == NULL)
5747 goto not_found;
5748
5749 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5750 if (!ltk)
5751 goto not_found;
5752
5753 if (smp_ltk_is_sc(ltk)) {
5754
5755 if (ev->ediv || ev->rand)
5756 goto not_found;
5757 } else {
5758
5759 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5760 goto not_found;
5761 }
5762
5763 memcpy(cp.ltk, ltk->val, ltk->enc_size);
5764 memset(cp.ltk + ltk->enc_size, 0, sizeof(cp.ltk) - ltk->enc_size);
5765 cp.handle = cpu_to_le16(conn->handle);
5766
5767 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5768
5769 conn->enc_key_size = ltk->enc_size;
5770
5771 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5772
5773
5774
5775
5776
5777
5778
5779 if (ltk->type == SMP_STK) {
5780 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5781 list_del_rcu(<k->list);
5782 kfree_rcu(ltk, rcu);
5783 } else {
5784 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5785 }
5786
5787 hci_dev_unlock(hdev);
5788
5789 return;
5790
5791not_found:
5792 neg.handle = ev->handle;
5793 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5794 hci_dev_unlock(hdev);
5795}
5796
5797static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5798 u8 reason)
5799{
5800 struct hci_cp_le_conn_param_req_neg_reply cp;
5801
5802 cp.handle = cpu_to_le16(handle);
5803 cp.reason = reason;
5804
5805 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5806 &cp);
5807}
5808
5809static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5810 struct sk_buff *skb)
5811{
5812 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5813 struct hci_cp_le_conn_param_req_reply cp;
5814 struct hci_conn *hcon;
5815 u16 handle, min, max, latency, timeout;
5816
5817 handle = le16_to_cpu(ev->handle);
5818 min = le16_to_cpu(ev->interval_min);
5819 max = le16_to_cpu(ev->interval_max);
5820 latency = le16_to_cpu(ev->latency);
5821 timeout = le16_to_cpu(ev->timeout);
5822
5823 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5824 if (!hcon || hcon->state != BT_CONNECTED)
5825 return send_conn_param_neg_reply(hdev, handle,
5826 HCI_ERROR_UNKNOWN_CONN_ID);
5827
5828 if (hci_check_conn_params(min, max, latency, timeout))
5829 return send_conn_param_neg_reply(hdev, handle,
5830 HCI_ERROR_INVALID_LL_PARAMS);
5831
5832 if (hcon->role == HCI_ROLE_MASTER) {
5833 struct hci_conn_params *params;
5834 u8 store_hint;
5835
5836 hci_dev_lock(hdev);
5837
5838 params = hci_conn_params_lookup(hdev, &hcon->dst,
5839 hcon->dst_type);
5840 if (params) {
5841 params->conn_min_interval = min;
5842 params->conn_max_interval = max;
5843 params->conn_latency = latency;
5844 params->supervision_timeout = timeout;
5845 store_hint = 0x01;
5846 } else{
5847 store_hint = 0x00;
5848 }
5849
5850 hci_dev_unlock(hdev);
5851
5852 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5853 store_hint, min, max, latency, timeout);
5854 }
5855
5856 cp.handle = ev->handle;
5857 cp.interval_min = ev->interval_min;
5858 cp.interval_max = ev->interval_max;
5859 cp.latency = ev->latency;
5860 cp.timeout = ev->timeout;
5861 cp.min_ce_len = 0;
5862 cp.max_ce_len = 0;
5863
5864 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5865}
5866
5867static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5868 struct sk_buff *skb)
5869{
5870 u8 num_reports = skb->data[0];
5871 void *ptr = &skb->data[1];
5872
5873 hci_dev_lock(hdev);
5874
5875 while (num_reports--) {
5876 struct hci_ev_le_direct_adv_info *ev = ptr;
5877
5878 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5879 ev->bdaddr_type, &ev->direct_addr,
5880 ev->direct_addr_type, ev->rssi, NULL, 0,
5881 false);
5882
5883 ptr += sizeof(*ev);
5884 }
5885
5886 hci_dev_unlock(hdev);
5887}
5888
5889static void hci_le_phy_update_evt(struct hci_dev *hdev, struct sk_buff *skb)
5890{
5891 struct hci_ev_le_phy_update_complete *ev = (void *) skb->data;
5892 struct hci_conn *conn;
5893
5894 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
5895
5896 if (!ev->status)
5897 return;
5898
5899 hci_dev_lock(hdev);
5900
5901 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5902 if (!conn)
5903 goto unlock;
5904
5905 conn->le_tx_phy = ev->tx_phy;
5906 conn->le_rx_phy = ev->rx_phy;
5907
5908unlock:
5909 hci_dev_unlock(hdev);
5910}
5911
5912static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5913{
5914 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5915
5916 skb_pull(skb, sizeof(*le_ev));
5917
5918 switch (le_ev->subevent) {
5919 case HCI_EV_LE_CONN_COMPLETE:
5920 hci_le_conn_complete_evt(hdev, skb);
5921 break;
5922
5923 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5924 hci_le_conn_update_complete_evt(hdev, skb);
5925 break;
5926
5927 case HCI_EV_LE_ADVERTISING_REPORT:
5928 hci_le_adv_report_evt(hdev, skb);
5929 break;
5930
5931 case HCI_EV_LE_REMOTE_FEAT_COMPLETE:
5932 hci_le_remote_feat_complete_evt(hdev, skb);
5933 break;
5934
5935 case HCI_EV_LE_LTK_REQ:
5936 hci_le_ltk_request_evt(hdev, skb);
5937 break;
5938
5939 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5940 hci_le_remote_conn_param_req_evt(hdev, skb);
5941 break;
5942
5943 case HCI_EV_LE_DIRECT_ADV_REPORT:
5944 hci_le_direct_adv_report_evt(hdev, skb);
5945 break;
5946
5947 case HCI_EV_LE_PHY_UPDATE_COMPLETE:
5948 hci_le_phy_update_evt(hdev, skb);
5949 break;
5950
5951 case HCI_EV_LE_EXT_ADV_REPORT:
5952 hci_le_ext_adv_report_evt(hdev, skb);
5953 break;
5954
5955 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5956 hci_le_enh_conn_complete_evt(hdev, skb);
5957 break;
5958
5959 case HCI_EV_LE_EXT_ADV_SET_TERM:
5960 hci_le_ext_adv_term_evt(hdev, skb);
5961 break;
5962
5963 default:
5964 break;
5965 }
5966}
5967
5968static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5969 u8 event, struct sk_buff *skb)
5970{
5971 struct hci_ev_cmd_complete *ev;
5972 struct hci_event_hdr *hdr;
5973
5974 if (!skb)
5975 return false;
5976
5977 if (skb->len < sizeof(*hdr)) {
5978 bt_dev_err(hdev, "too short HCI event");
5979 return false;
5980 }
5981
5982 hdr = (void *) skb->data;
5983 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5984
5985 if (event) {
5986 if (hdr->evt != event)
5987 return false;
5988 return true;
5989 }
5990
5991
5992
5993
5994 if (hdr->evt == HCI_EV_CMD_STATUS)
5995 return false;
5996
5997 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5998 bt_dev_err(hdev, "last event is not cmd complete (0x%2.2x)",
5999 hdr->evt);
6000 return false;
6001 }
6002
6003 if (skb->len < sizeof(*ev)) {
6004 bt_dev_err(hdev, "too short cmd_complete event");
6005 return false;
6006 }
6007
6008 ev = (void *) skb->data;
6009 skb_pull(skb, sizeof(*ev));
6010
6011 if (opcode != __le16_to_cpu(ev->opcode)) {
6012 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
6013 __le16_to_cpu(ev->opcode));
6014 return false;
6015 }
6016
6017 return true;
6018}
6019
6020static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
6021 struct sk_buff *skb)
6022{
6023 struct hci_ev_le_advertising_info *adv;
6024 struct hci_ev_le_direct_adv_info *direct_adv;
6025 struct hci_ev_le_ext_adv_report *ext_adv;
6026 const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
6027 const struct hci_ev_conn_request *conn_request = (void *)skb->data;
6028
6029 hci_dev_lock(hdev);
6030
6031
6032
6033
6034 if (!hdev->suspended || hdev->wake_reason)
6035 goto unlock;
6036
6037
6038
6039
6040 hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
6041
6042
6043
6044
6045
6046 if (event == HCI_EV_CONN_REQUEST) {
6047 bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
6048 hdev->wake_addr_type = BDADDR_BREDR;
6049 } else if (event == HCI_EV_CONN_COMPLETE) {
6050 bacpy(&hdev->wake_addr, &conn_request->bdaddr);
6051 hdev->wake_addr_type = BDADDR_BREDR;
6052 } else if (event == HCI_EV_LE_META) {
6053 struct hci_ev_le_meta *le_ev = (void *)skb->data;
6054 u8 subevent = le_ev->subevent;
6055 u8 *ptr = &skb->data[sizeof(*le_ev)];
6056 u8 num_reports = *ptr;
6057
6058 if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
6059 subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
6060 subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
6061 num_reports) {
6062 adv = (void *)(ptr + 1);
6063 direct_adv = (void *)(ptr + 1);
6064 ext_adv = (void *)(ptr + 1);
6065
6066 switch (subevent) {
6067 case HCI_EV_LE_ADVERTISING_REPORT:
6068 bacpy(&hdev->wake_addr, &adv->bdaddr);
6069 hdev->wake_addr_type = adv->bdaddr_type;
6070 break;
6071 case HCI_EV_LE_DIRECT_ADV_REPORT:
6072 bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
6073 hdev->wake_addr_type = direct_adv->bdaddr_type;
6074 break;
6075 case HCI_EV_LE_EXT_ADV_REPORT:
6076 bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
6077 hdev->wake_addr_type = ext_adv->bdaddr_type;
6078 break;
6079 }
6080 }
6081 } else {
6082 hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
6083 }
6084
6085unlock:
6086 hci_dev_unlock(hdev);
6087}
6088
6089void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
6090{
6091 struct hci_event_hdr *hdr = (void *) skb->data;
6092 hci_req_complete_t req_complete = NULL;
6093 hci_req_complete_skb_t req_complete_skb = NULL;
6094 struct sk_buff *orig_skb = NULL;
6095 u8 status = 0, event = hdr->evt, req_evt = 0;
6096 u16 opcode = HCI_OP_NOP;
6097
6098 if (!event) {
6099 bt_dev_warn(hdev, "Received unexpected HCI Event 00000000");
6100 goto done;
6101 }
6102
6103 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
6104 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
6105 opcode = __le16_to_cpu(cmd_hdr->opcode);
6106 hci_req_cmd_complete(hdev, opcode, status, &req_complete,
6107 &req_complete_skb);
6108 req_evt = event;
6109 }
6110
6111
6112
6113
6114
6115
6116 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
6117 event == HCI_EV_CMD_COMPLETE)
6118 orig_skb = skb_clone(skb, GFP_KERNEL);
6119
6120 skb_pull(skb, HCI_EVENT_HDR_SIZE);
6121
6122
6123 hci_store_wake_reason(hdev, event, skb);
6124
6125 switch (event) {
6126 case HCI_EV_INQUIRY_COMPLETE:
6127 hci_inquiry_complete_evt(hdev, skb);
6128 break;
6129
6130 case HCI_EV_INQUIRY_RESULT:
6131 hci_inquiry_result_evt(hdev, skb);
6132 break;
6133
6134 case HCI_EV_CONN_COMPLETE:
6135 hci_conn_complete_evt(hdev, skb);
6136 break;
6137
6138 case HCI_EV_CONN_REQUEST:
6139 hci_conn_request_evt(hdev, skb);
6140 break;
6141
6142 case HCI_EV_DISCONN_COMPLETE:
6143 hci_disconn_complete_evt(hdev, skb);
6144 break;
6145
6146 case HCI_EV_AUTH_COMPLETE:
6147 hci_auth_complete_evt(hdev, skb);
6148 break;
6149
6150 case HCI_EV_REMOTE_NAME:
6151 hci_remote_name_evt(hdev, skb);
6152 break;
6153
6154 case HCI_EV_ENCRYPT_CHANGE:
6155 hci_encrypt_change_evt(hdev, skb);
6156 break;
6157
6158 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
6159 hci_change_link_key_complete_evt(hdev, skb);
6160 break;
6161
6162 case HCI_EV_REMOTE_FEATURES:
6163 hci_remote_features_evt(hdev, skb);
6164 break;
6165
6166 case HCI_EV_CMD_COMPLETE:
6167 hci_cmd_complete_evt(hdev, skb, &opcode, &status,
6168 &req_complete, &req_complete_skb);
6169 break;
6170
6171 case HCI_EV_CMD_STATUS:
6172 hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
6173 &req_complete_skb);
6174 break;
6175
6176 case HCI_EV_HARDWARE_ERROR:
6177 hci_hardware_error_evt(hdev, skb);
6178 break;
6179
6180 case HCI_EV_ROLE_CHANGE:
6181 hci_role_change_evt(hdev, skb);
6182 break;
6183
6184 case HCI_EV_NUM_COMP_PKTS:
6185 hci_num_comp_pkts_evt(hdev, skb);
6186 break;
6187
6188 case HCI_EV_MODE_CHANGE:
6189 hci_mode_change_evt(hdev, skb);
6190 break;
6191
6192 case HCI_EV_PIN_CODE_REQ:
6193 hci_pin_code_request_evt(hdev, skb);
6194 break;
6195
6196 case HCI_EV_LINK_KEY_REQ:
6197 hci_link_key_request_evt(hdev, skb);
6198 break;
6199
6200 case HCI_EV_LINK_KEY_NOTIFY:
6201 hci_link_key_notify_evt(hdev, skb);
6202 break;
6203
6204 case HCI_EV_CLOCK_OFFSET:
6205 hci_clock_offset_evt(hdev, skb);
6206 break;
6207
6208 case HCI_EV_PKT_TYPE_CHANGE:
6209 hci_pkt_type_change_evt(hdev, skb);
6210 break;
6211
6212 case HCI_EV_PSCAN_REP_MODE:
6213 hci_pscan_rep_mode_evt(hdev, skb);
6214 break;
6215
6216 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
6217 hci_inquiry_result_with_rssi_evt(hdev, skb);
6218 break;
6219
6220 case HCI_EV_REMOTE_EXT_FEATURES:
6221 hci_remote_ext_features_evt(hdev, skb);
6222 break;
6223
6224 case HCI_EV_SYNC_CONN_COMPLETE:
6225 hci_sync_conn_complete_evt(hdev, skb);
6226 break;
6227
6228 case HCI_EV_EXTENDED_INQUIRY_RESULT:
6229 hci_extended_inquiry_result_evt(hdev, skb);
6230 break;
6231
6232 case HCI_EV_KEY_REFRESH_COMPLETE:
6233 hci_key_refresh_complete_evt(hdev, skb);
6234 break;
6235
6236 case HCI_EV_IO_CAPA_REQUEST:
6237 hci_io_capa_request_evt(hdev, skb);
6238 break;
6239
6240 case HCI_EV_IO_CAPA_REPLY:
6241 hci_io_capa_reply_evt(hdev, skb);
6242 break;
6243
6244 case HCI_EV_USER_CONFIRM_REQUEST:
6245 hci_user_confirm_request_evt(hdev, skb);
6246 break;
6247
6248 case HCI_EV_USER_PASSKEY_REQUEST:
6249 hci_user_passkey_request_evt(hdev, skb);
6250 break;
6251
6252 case HCI_EV_USER_PASSKEY_NOTIFY:
6253 hci_user_passkey_notify_evt(hdev, skb);
6254 break;
6255
6256 case HCI_EV_KEYPRESS_NOTIFY:
6257 hci_keypress_notify_evt(hdev, skb);
6258 break;
6259
6260 case HCI_EV_SIMPLE_PAIR_COMPLETE:
6261 hci_simple_pair_complete_evt(hdev, skb);
6262 break;
6263
6264 case HCI_EV_REMOTE_HOST_FEATURES:
6265 hci_remote_host_features_evt(hdev, skb);
6266 break;
6267
6268 case HCI_EV_LE_META:
6269 hci_le_meta_evt(hdev, skb);
6270 break;
6271
6272 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
6273 hci_remote_oob_data_request_evt(hdev, skb);
6274 break;
6275
6276#if IS_ENABLED(CONFIG_BT_HS)
6277 case HCI_EV_CHANNEL_SELECTED:
6278 hci_chan_selected_evt(hdev, skb);
6279 break;
6280
6281 case HCI_EV_PHY_LINK_COMPLETE:
6282 hci_phy_link_complete_evt(hdev, skb);
6283 break;
6284
6285 case HCI_EV_LOGICAL_LINK_COMPLETE:
6286 hci_loglink_complete_evt(hdev, skb);
6287 break;
6288
6289 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
6290 hci_disconn_loglink_complete_evt(hdev, skb);
6291 break;
6292
6293 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
6294 hci_disconn_phylink_complete_evt(hdev, skb);
6295 break;
6296#endif
6297
6298 case HCI_EV_NUM_COMP_BLOCKS:
6299 hci_num_comp_blocks_evt(hdev, skb);
6300 break;
6301
6302 case HCI_EV_VENDOR:
6303 msft_vendor_evt(hdev, skb);
6304 break;
6305
6306 default:
6307 BT_DBG("%s event 0x%2.2x", hdev->name, event);
6308 break;
6309 }
6310
6311 if (req_complete) {
6312 req_complete(hdev, status, opcode);
6313 } else if (req_complete_skb) {
6314 if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
6315 kfree_skb(orig_skb);
6316 orig_skb = NULL;
6317 }
6318 req_complete_skb(hdev, status, opcode, orig_skb);
6319 }
6320
6321done:
6322 kfree_skb(orig_skb);
6323 kfree_skb(skb);
6324 hdev->stat.evt_rx++;
6325}
6326
