hci_event.c revision 847012c5e04544aef485dfec29c1c07dc90615a4
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/export.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32 33/* Handle HCI Event packets */ 34 35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 36{ 37 __u8 status = *((__u8 *) skb->data); 38 39 BT_DBG("%s status 0x%2.2x", hdev->name, status); 40 41 if (status) { 42 hci_dev_lock(hdev); 43 mgmt_stop_discovery_failed(hdev, status); 44 hci_dev_unlock(hdev); 45 return; 46 } 47 48 clear_bit(HCI_INQUIRY, &hdev->flags); 49 50 hci_dev_lock(hdev); 51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 52 hci_dev_unlock(hdev); 53 54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 55 56 hci_conn_check_pending(hdev); 57} 58 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 60{ 61 __u8 status = *((__u8 *) skb->data); 62 63 BT_DBG("%s status 0x%2.2x", hdev->name, status); 64 65 if (status) 66 return; 67 68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 69} 70 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 72{ 73 __u8 status = *((__u8 *) skb->data); 74 75 BT_DBG("%s status 0x%2.2x", hdev->name, status); 76 77 if (status) 78 return; 79 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 81 82 hci_conn_check_pending(hdev); 83} 84 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, 86 struct sk_buff *skb) 87{ 88 BT_DBG("%s", hdev->name); 89} 90 91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 92{ 93 struct hci_rp_role_discovery *rp = (void *) skb->data; 94 struct hci_conn *conn; 95 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 97 98 if (rp->status) 99 return; 100 101 hci_dev_lock(hdev); 102 103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 104 if (conn) { 105 if (rp->role) 106 conn->link_mode &= ~HCI_LM_MASTER; 107 else 108 conn->link_mode |= HCI_LM_MASTER; 109 } 110 111 hci_dev_unlock(hdev); 112} 113 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 115{ 116 struct hci_rp_read_link_policy *rp = (void *) skb->data; 117 struct hci_conn *conn; 118 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 120 121 if (rp->status) 122 return; 123 124 hci_dev_lock(hdev); 125 126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 127 if (conn) 128 conn->link_policy = __le16_to_cpu(rp->policy); 129 130 hci_dev_unlock(hdev); 131} 132 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 134{ 135 struct hci_rp_write_link_policy *rp = (void *) skb->data; 136 struct hci_conn *conn; 137 void *sent; 138 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 140 141 if (rp->status) 142 return; 143 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 145 if (!sent) 146 return; 147 148 hci_dev_lock(hdev); 149 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 151 if (conn) 152 conn->link_policy = get_unaligned_le16(sent + 2); 153 154 hci_dev_unlock(hdev); 155} 156 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev, 158 struct sk_buff *skb) 159{ 160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 161 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 163 164 if (rp->status) 165 return; 166 167 hdev->link_policy = __le16_to_cpu(rp->policy); 168} 169 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev, 171 struct sk_buff *skb) 172{ 173 __u8 status = *((__u8 *) skb->data); 174 void *sent; 175 176 BT_DBG("%s status 0x%2.2x", hdev->name, status); 177 178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 179 if (!sent) 180 return; 181 182 if (!status) 183 hdev->link_policy = get_unaligned_le16(sent); 184 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status); 186} 187 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 189{ 190 __u8 status = *((__u8 *) skb->data); 191 192 BT_DBG("%s status 0x%2.2x", hdev->name, status); 193 194 clear_bit(HCI_RESET, &hdev->flags); 195 196 hci_req_complete(hdev, HCI_OP_RESET, status); 197 198 /* Reset all non-persistent flags */ 199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) | 200 BIT(HCI_PERIODIC_INQ)); 201 202 hdev->discovery.state = DISCOVERY_STOPPED; 203} 204 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 206{ 207 __u8 status = *((__u8 *) skb->data); 208 void *sent; 209 210 BT_DBG("%s status 0x%2.2x", hdev->name, status); 211 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 213 if (!sent) 214 return; 215 216 hci_dev_lock(hdev); 217 218 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 219 mgmt_set_local_name_complete(hdev, sent, status); 220 else if (!status) 221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 222 223 hci_dev_unlock(hdev); 224 225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status); 226} 227 228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 229{ 230 struct hci_rp_read_local_name *rp = (void *) skb->data; 231 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 233 234 if (rp->status) 235 return; 236 237 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 239} 240 241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 242{ 243 __u8 status = *((__u8 *) skb->data); 244 void *sent; 245 246 BT_DBG("%s status 0x%2.2x", hdev->name, status); 247 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 249 if (!sent) 250 return; 251 252 if (!status) { 253 __u8 param = *((__u8 *) sent); 254 255 if (param == AUTH_ENABLED) 256 set_bit(HCI_AUTH, &hdev->flags); 257 else 258 clear_bit(HCI_AUTH, &hdev->flags); 259 } 260 261 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 262 mgmt_auth_enable_complete(hdev, status); 263 264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status); 265} 266 267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 268{ 269 __u8 status = *((__u8 *) skb->data); 270 void *sent; 271 272 BT_DBG("%s status 0x%2.2x", hdev->name, status); 273 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 275 if (!sent) 276 return; 277 278 if (!status) { 279 __u8 param = *((__u8 *) sent); 280 281 if (param) 282 set_bit(HCI_ENCRYPT, &hdev->flags); 283 else 284 clear_bit(HCI_ENCRYPT, &hdev->flags); 285 } 286 287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status); 288} 289 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 291{ 292 __u8 param, status = *((__u8 *) skb->data); 293 int old_pscan, old_iscan; 294 void *sent; 295 296 BT_DBG("%s status 0x%2.2x", hdev->name, status); 297 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 299 if (!sent) 300 return; 301 302 param = *((__u8 *) sent); 303 304 hci_dev_lock(hdev); 305 306 if (status != 0) { 307 mgmt_write_scan_failed(hdev, param, status); 308 hdev->discov_timeout = 0; 309 goto done; 310 } 311 312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 314 315 if (param & SCAN_INQUIRY) { 316 set_bit(HCI_ISCAN, &hdev->flags); 317 if (!old_iscan) 318 mgmt_discoverable(hdev, 1); 319 if (hdev->discov_timeout > 0) { 320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 321 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 322 to); 323 } 324 } else if (old_iscan) 325 mgmt_discoverable(hdev, 0); 326 327 if (param & SCAN_PAGE) { 328 set_bit(HCI_PSCAN, &hdev->flags); 329 if (!old_pscan) 330 mgmt_connectable(hdev, 1); 331 } else if (old_pscan) 332 mgmt_connectable(hdev, 0); 333 334done: 335 hci_dev_unlock(hdev); 336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status); 337} 338 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 340{ 341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 342 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 344 345 if (rp->status) 346 return; 347 348 memcpy(hdev->dev_class, rp->dev_class, 3); 349 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 352} 353 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 355{ 356 __u8 status = *((__u8 *) skb->data); 357 void *sent; 358 359 BT_DBG("%s status 0x%2.2x", hdev->name, status); 360 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 362 if (!sent) 363 return; 364 365 hci_dev_lock(hdev); 366 367 if (status == 0) 368 memcpy(hdev->dev_class, sent, 3); 369 370 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 371 mgmt_set_class_of_dev_complete(hdev, sent, status); 372 373 hci_dev_unlock(hdev); 374} 375 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 377{ 378 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 379 __u16 setting; 380 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 382 383 if (rp->status) 384 return; 385 386 setting = __le16_to_cpu(rp->voice_setting); 387 388 if (hdev->voice_setting == setting) 389 return; 390 391 hdev->voice_setting = setting; 392 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 394 395 if (hdev->notify) 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 397} 398 399static void hci_cc_write_voice_setting(struct hci_dev *hdev, 400 struct sk_buff *skb) 401{ 402 __u8 status = *((__u8 *) skb->data); 403 __u16 setting; 404 void *sent; 405 406 BT_DBG("%s status 0x%2.2x", hdev->name, status); 407 408 if (status) 409 return; 410 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 412 if (!sent) 413 return; 414 415 setting = get_unaligned_le16(sent); 416 417 if (hdev->voice_setting == setting) 418 return; 419 420 hdev->voice_setting = setting; 421 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 423 424 if (hdev->notify) 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 426} 427 428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 429{ 430 __u8 status = *((__u8 *) skb->data); 431 432 BT_DBG("%s status 0x%2.2x", hdev->name, status); 433 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 435} 436 437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 438{ 439 __u8 status = *((__u8 *) skb->data); 440 void *sent; 441 442 BT_DBG("%s status 0x%2.2x", hdev->name, status); 443 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 445 if (!sent) 446 return; 447 448 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status); 450 else if (!status) { 451 if (*((u8 *) sent)) 452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 453 else 454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 455 } 456} 457 458static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 459{ 460 if (hdev->features[6] & LMP_EXT_INQ) 461 return 2; 462 463 if (hdev->features[3] & LMP_RSSI_INQ) 464 return 1; 465 466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 467 hdev->lmp_subver == 0x0757) 468 return 1; 469 470 if (hdev->manufacturer == 15) { 471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 472 return 1; 473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 474 return 1; 475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 476 return 1; 477 } 478 479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 480 hdev->lmp_subver == 0x1805) 481 return 1; 482 483 return 0; 484} 485 486static void hci_setup_inquiry_mode(struct hci_dev *hdev) 487{ 488 u8 mode; 489 490 mode = hci_get_inquiry_mode(hdev); 491 492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 493} 494 495static void hci_setup_event_mask(struct hci_dev *hdev) 496{ 497 /* The second byte is 0xff instead of 0x9f (two reserved bits 498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 499 * command otherwise */ 500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 501 502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set 503 * any event mask for pre 1.2 devices */ 504 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 505 return; 506 507 events[4] |= 0x01; /* Flow Specification Complete */ 508 events[4] |= 0x02; /* Inquiry Result with RSSI */ 509 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 510 events[5] |= 0x08; /* Synchronous Connection Complete */ 511 events[5] |= 0x10; /* Synchronous Connection Changed */ 512 513 if (hdev->features[3] & LMP_RSSI_INQ) 514 events[4] |= 0x02; /* Inquiry Result with RSSI */ 515 516 if (lmp_sniffsubr_capable(hdev)) 517 events[5] |= 0x20; /* Sniff Subrating */ 518 519 if (hdev->features[5] & LMP_PAUSE_ENC) 520 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 521 522 if (hdev->features[6] & LMP_EXT_INQ) 523 events[5] |= 0x40; /* Extended Inquiry Result */ 524 525 if (lmp_no_flush_capable(hdev)) 526 events[7] |= 0x01; /* Enhanced Flush Complete */ 527 528 if (hdev->features[7] & LMP_LSTO) 529 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 530 531 if (lmp_ssp_capable(hdev)) { 532 events[6] |= 0x01; /* IO Capability Request */ 533 events[6] |= 0x02; /* IO Capability Response */ 534 events[6] |= 0x04; /* User Confirmation Request */ 535 events[6] |= 0x08; /* User Passkey Request */ 536 events[6] |= 0x10; /* Remote OOB Data Request */ 537 events[6] |= 0x20; /* Simple Pairing Complete */ 538 events[7] |= 0x04; /* User Passkey Notification */ 539 events[7] |= 0x08; /* Keypress Notification */ 540 events[7] |= 0x10; /* Remote Host Supported 541 * Features Notification */ 542 } 543 544 if (lmp_le_capable(hdev)) 545 events[7] |= 0x20; /* LE Meta-Event */ 546 547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 548} 549 550static void hci_setup(struct hci_dev *hdev) 551{ 552 if (hdev->dev_type != HCI_BREDR) 553 return; 554 555 hci_setup_event_mask(hdev); 556 557 if (hdev->hci_ver > BLUETOOTH_VER_1_1) 558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 559 560 if (lmp_ssp_capable(hdev)) { 561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 562 u8 mode = 0x01; 563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 564 sizeof(mode), &mode); 565 } else { 566 struct hci_cp_write_eir cp; 567 568 memset(hdev->eir, 0, sizeof(hdev->eir)); 569 memset(&cp, 0, sizeof(cp)); 570 571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 572 } 573 } 574 575 if (hdev->features[3] & LMP_RSSI_INQ) 576 hci_setup_inquiry_mode(hdev); 577 578 if (hdev->features[7] & LMP_INQ_TX_PWR) 579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 580 581 if (hdev->features[7] & LMP_EXTFEATURES) { 582 struct hci_cp_read_local_ext_features cp; 583 584 cp.page = 0x01; 585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), 586 &cp); 587 } 588 589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) { 590 u8 enable = 1; 591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable), 592 &enable); 593 } 594} 595 596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 597{ 598 struct hci_rp_read_local_version *rp = (void *) skb->data; 599 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 601 602 if (rp->status) 603 goto done; 604 605 hdev->hci_ver = rp->hci_ver; 606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 607 hdev->lmp_ver = rp->lmp_ver; 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 610 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name, 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev); 613 614 if (test_bit(HCI_INIT, &hdev->flags)) 615 hci_setup(hdev); 616 617done: 618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status); 619} 620 621static void hci_setup_link_policy(struct hci_dev *hdev) 622{ 623 struct hci_cp_write_def_link_policy cp; 624 u16 link_policy = 0; 625 626 if (lmp_rswitch_capable(hdev)) 627 link_policy |= HCI_LP_RSWITCH; 628 if (hdev->features[0] & LMP_HOLD) 629 link_policy |= HCI_LP_HOLD; 630 if (lmp_sniff_capable(hdev)) 631 link_policy |= HCI_LP_SNIFF; 632 if (hdev->features[1] & LMP_PARK) 633 link_policy |= HCI_LP_PARK; 634 635 cp.policy = cpu_to_le16(link_policy); 636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp); 637} 638 639static void hci_cc_read_local_commands(struct hci_dev *hdev, 640 struct sk_buff *skb) 641{ 642 struct hci_rp_read_local_commands *rp = (void *) skb->data; 643 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 645 646 if (rp->status) 647 goto done; 648 649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 650 651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10)) 652 hci_setup_link_policy(hdev); 653 654done: 655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status); 656} 657 658static void hci_cc_read_local_features(struct hci_dev *hdev, 659 struct sk_buff *skb) 660{ 661 struct hci_rp_read_local_features *rp = (void *) skb->data; 662 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 664 665 if (rp->status) 666 return; 667 668 memcpy(hdev->features, rp->features, 8); 669 670 /* Adjust default settings according to features 671 * supported by device. */ 672 673 if (hdev->features[0] & LMP_3SLOT) 674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 675 676 if (hdev->features[0] & LMP_5SLOT) 677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 678 679 if (hdev->features[1] & LMP_HV2) { 680 hdev->pkt_type |= (HCI_HV2); 681 hdev->esco_type |= (ESCO_HV2); 682 } 683 684 if (hdev->features[1] & LMP_HV3) { 685 hdev->pkt_type |= (HCI_HV3); 686 hdev->esco_type |= (ESCO_HV3); 687 } 688 689 if (lmp_esco_capable(hdev)) 690 hdev->esco_type |= (ESCO_EV3); 691 692 if (hdev->features[4] & LMP_EV4) 693 hdev->esco_type |= (ESCO_EV4); 694 695 if (hdev->features[4] & LMP_EV5) 696 hdev->esco_type |= (ESCO_EV5); 697 698 if (hdev->features[5] & LMP_EDR_ESCO_2M) 699 hdev->esco_type |= (ESCO_2EV3); 700 701 if (hdev->features[5] & LMP_EDR_ESCO_3M) 702 hdev->esco_type |= (ESCO_3EV3); 703 704 if (hdev->features[5] & LMP_EDR_3S_ESCO) 705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 706 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 708 hdev->features[0], hdev->features[1], 709 hdev->features[2], hdev->features[3], 710 hdev->features[4], hdev->features[5], 711 hdev->features[6], hdev->features[7]); 712} 713 714static void hci_set_le_support(struct hci_dev *hdev) 715{ 716 struct hci_cp_write_le_host_supported cp; 717 718 memset(&cp, 0, sizeof(cp)); 719 720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 721 cp.le = 1; 722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 723 } 724 725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE)) 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), 727 &cp); 728} 729 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 731 struct sk_buff *skb) 732{ 733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data; 734 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 736 737 if (rp->status) 738 goto done; 739 740 switch (rp->page) { 741 case 0: 742 memcpy(hdev->features, rp->features, 8); 743 break; 744 case 1: 745 memcpy(hdev->host_features, rp->features, 8); 746 break; 747 } 748 749 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev)) 750 hci_set_le_support(hdev); 751 752done: 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); 754} 755 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, 757 struct sk_buff *skb) 758{ 759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data; 760 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 762 763 if (rp->status) 764 return; 765 766 hdev->flow_ctl_mode = rp->mode; 767 768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status); 769} 770 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 772{ 773 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 774 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 776 777 if (rp->status) 778 return; 779 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 781 hdev->sco_mtu = rp->sco_mtu; 782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 784 785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 786 hdev->sco_mtu = 64; 787 hdev->sco_pkts = 8; 788 } 789 790 hdev->acl_cnt = hdev->acl_pkts; 791 hdev->sco_cnt = hdev->sco_pkts; 792 793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, 794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); 795} 796 797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 798{ 799 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 800 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 802 803 if (!rp->status) 804 bacpy(&hdev->bdaddr, &rp->bdaddr); 805 806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status); 807} 808 809static void hci_cc_read_data_block_size(struct hci_dev *hdev, 810 struct sk_buff *skb) 811{ 812 struct hci_rp_read_data_block_size *rp = (void *) skb->data; 813 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 815 816 if (rp->status) 817 return; 818 819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len); 820 hdev->block_len = __le16_to_cpu(rp->block_len); 821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks); 822 823 hdev->block_cnt = hdev->num_blocks; 824 825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu, 826 hdev->block_cnt, hdev->block_len); 827 828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status); 829} 830 831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb) 832{ 833 __u8 status = *((__u8 *) skb->data); 834 835 BT_DBG("%s status 0x%2.2x", hdev->name, status); 836 837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 838} 839 840static void hci_cc_read_local_amp_info(struct hci_dev *hdev, 841 struct sk_buff *skb) 842{ 843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data; 844 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 846 847 if (rp->status) 848 return; 849 850 hdev->amp_status = rp->amp_status; 851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw); 853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency); 854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu); 855 hdev->amp_type = rp->amp_type; 856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap); 857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size); 858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to); 859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 860 861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status); 862} 863 864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 865 struct sk_buff *skb) 866{ 867 __u8 status = *((__u8 *) skb->data); 868 869 BT_DBG("%s status 0x%2.2x", hdev->name, status); 870 871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 872} 873 874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb) 875{ 876 __u8 status = *((__u8 *) skb->data); 877 878 BT_DBG("%s status 0x%2.2x", hdev->name, status); 879 880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 881} 882 883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev, 884 struct sk_buff *skb) 885{ 886 __u8 status = *((__u8 *) skb->data); 887 888 BT_DBG("%s status 0x%2.2x", hdev->name, status); 889 890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 891} 892 893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 894 struct sk_buff *skb) 895{ 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data; 897 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 899 900 if (!rp->status) 901 hdev->inq_tx_power = rp->tx_power; 902 903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status); 904} 905 906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb) 907{ 908 __u8 status = *((__u8 *) skb->data); 909 910 BT_DBG("%s status 0x%2.2x", hdev->name, status); 911 912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 913} 914 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb) 916{ 917 struct hci_rp_pin_code_reply *rp = (void *) skb->data; 918 struct hci_cp_pin_code_reply *cp; 919 struct hci_conn *conn; 920 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 922 923 hci_dev_lock(hdev); 924 925 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status); 927 928 if (rp->status != 0) 929 goto unlock; 930 931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY); 932 if (!cp) 933 goto unlock; 934 935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 936 if (conn) 937 conn->pin_length = cp->pin_len; 938 939unlock: 940 hci_dev_unlock(hdev); 941} 942 943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 944{ 945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 946 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 948 949 hci_dev_lock(hdev); 950 951 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr, 953 rp->status); 954 955 hci_dev_unlock(hdev); 956} 957 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev, 959 struct sk_buff *skb) 960{ 961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 962 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 964 965 if (rp->status) 966 return; 967 968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); 969 hdev->le_pkts = rp->le_max_pkt; 970 971 hdev->le_cnt = hdev->le_pkts; 972 973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); 974 975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status); 976} 977 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 979{ 980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 981 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 983 984 hci_dev_lock(hdev); 985 986 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0, 988 rp->status); 989 990 hci_dev_unlock(hdev); 991} 992 993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev, 994 struct sk_buff *skb) 995{ 996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 997 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 999 1000 hci_dev_lock(hdev); 1001 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr, 1004 ACL_LINK, 0, rp->status); 1005 1006 hci_dev_unlock(hdev); 1007} 1008 1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb) 1010{ 1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1012 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1014 1015 hci_dev_lock(hdev); 1016 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 1019 0, rp->status); 1020 1021 hci_dev_unlock(hdev); 1022} 1023 1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev, 1025 struct sk_buff *skb) 1026{ 1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1028 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1030 1031 hci_dev_lock(hdev); 1032 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr, 1035 ACL_LINK, 0, rp->status); 1036 1037 hci_dev_unlock(hdev); 1038} 1039 1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, 1041 struct sk_buff *skb) 1042{ 1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 1044 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1046 1047 hci_dev_lock(hdev); 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash, 1049 rp->randomizer, rp->status); 1050 hci_dev_unlock(hdev); 1051} 1052 1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb) 1054{ 1055 __u8 status = *((__u8 *) skb->data); 1056 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1058 1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status); 1060 1061 if (status) { 1062 hci_dev_lock(hdev); 1063 mgmt_start_discovery_failed(hdev, status); 1064 hci_dev_unlock(hdev); 1065 return; 1066 } 1067} 1068 1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, 1070 struct sk_buff *skb) 1071{ 1072 struct hci_cp_le_set_scan_enable *cp; 1073 __u8 status = *((__u8 *) skb->data); 1074 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1076 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 1078 if (!cp) 1079 return; 1080 1081 switch (cp->enable) { 1082 case LE_SCANNING_ENABLED: 1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status); 1084 1085 if (status) { 1086 hci_dev_lock(hdev); 1087 mgmt_start_discovery_failed(hdev, status); 1088 hci_dev_unlock(hdev); 1089 return; 1090 } 1091 1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags); 1093 1094 hci_dev_lock(hdev); 1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 1096 hci_dev_unlock(hdev); 1097 break; 1098 1099 case LE_SCANNING_DISABLED: 1100 if (status) { 1101 hci_dev_lock(hdev); 1102 mgmt_stop_discovery_failed(hdev, status); 1103 hci_dev_unlock(hdev); 1104 return; 1105 } 1106 1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags); 1108 1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED && 1110 hdev->discovery.state == DISCOVERY_FINDING) { 1111 mgmt_interleaved_discovery(hdev); 1112 } else { 1113 hci_dev_lock(hdev); 1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1115 hci_dev_unlock(hdev); 1116 } 1117 1118 break; 1119 1120 default: 1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); 1122 break; 1123 } 1124} 1125 1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb) 1127{ 1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data; 1129 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1131 1132 if (rp->status) 1133 return; 1134 1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status); 1136} 1137 1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 1139{ 1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data; 1141 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1143 1144 if (rp->status) 1145 return; 1146 1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status); 1148} 1149 1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev, 1151 struct sk_buff *skb) 1152{ 1153 struct hci_cp_write_le_host_supported *sent; 1154 __u8 status = *((__u8 *) skb->data); 1155 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1157 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED); 1159 if (!sent) 1160 return; 1161 1162 if (!status) { 1163 if (sent->le) 1164 hdev->host_features[0] |= LMP_HOST_LE; 1165 else 1166 hdev->host_features[0] &= ~LMP_HOST_LE; 1167 } 1168 1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) && 1170 !test_bit(HCI_INIT, &hdev->flags)) 1171 mgmt_le_enable_complete(hdev, sent->le, status); 1172 1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status); 1174} 1175 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1177{ 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1179 1180 if (status) { 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1182 hci_conn_check_pending(hdev); 1183 hci_dev_lock(hdev); 1184 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1185 mgmt_start_discovery_failed(hdev, status); 1186 hci_dev_unlock(hdev); 1187 return; 1188 } 1189 1190 set_bit(HCI_INQUIRY, &hdev->flags); 1191 1192 hci_dev_lock(hdev); 1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 1194 hci_dev_unlock(hdev); 1195} 1196 1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 1198{ 1199 struct hci_cp_create_conn *cp; 1200 struct hci_conn *conn; 1201 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1203 1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 1205 if (!cp) 1206 return; 1207 1208 hci_dev_lock(hdev); 1209 1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1211 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn); 1213 1214 if (status) { 1215 if (conn && conn->state == BT_CONNECT) { 1216 if (status != 0x0c || conn->attempt > 2) { 1217 conn->state = BT_CLOSED; 1218 hci_proto_connect_cfm(conn, status); 1219 hci_conn_del(conn); 1220 } else 1221 conn->state = BT_CONNECT2; 1222 } 1223 } else { 1224 if (!conn) { 1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 1226 if (conn) { 1227 conn->out = true; 1228 conn->link_mode |= HCI_LM_MASTER; 1229 } else 1230 BT_ERR("No memory for new connection"); 1231 } 1232 } 1233 1234 hci_dev_unlock(hdev); 1235} 1236 1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 1238{ 1239 struct hci_cp_add_sco *cp; 1240 struct hci_conn *acl, *sco; 1241 __u16 handle; 1242 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1244 1245 if (!status) 1246 return; 1247 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 1249 if (!cp) 1250 return; 1251 1252 handle = __le16_to_cpu(cp->handle); 1253 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1255 1256 hci_dev_lock(hdev); 1257 1258 acl = hci_conn_hash_lookup_handle(hdev, handle); 1259 if (acl) { 1260 sco = acl->link; 1261 if (sco) { 1262 sco->state = BT_CLOSED; 1263 1264 hci_proto_connect_cfm(sco, status); 1265 hci_conn_del(sco); 1266 } 1267 } 1268 1269 hci_dev_unlock(hdev); 1270} 1271 1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 1273{ 1274 struct hci_cp_auth_requested *cp; 1275 struct hci_conn *conn; 1276 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1278 1279 if (!status) 1280 return; 1281 1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 1283 if (!cp) 1284 return; 1285 1286 hci_dev_lock(hdev); 1287 1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1289 if (conn) { 1290 if (conn->state == BT_CONFIG) { 1291 hci_proto_connect_cfm(conn, status); 1292 hci_conn_put(conn); 1293 } 1294 } 1295 1296 hci_dev_unlock(hdev); 1297} 1298 1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 1300{ 1301 struct hci_cp_set_conn_encrypt *cp; 1302 struct hci_conn *conn; 1303 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1305 1306 if (!status) 1307 return; 1308 1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 1310 if (!cp) 1311 return; 1312 1313 hci_dev_lock(hdev); 1314 1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1316 if (conn) { 1317 if (conn->state == BT_CONFIG) { 1318 hci_proto_connect_cfm(conn, status); 1319 hci_conn_put(conn); 1320 } 1321 } 1322 1323 hci_dev_unlock(hdev); 1324} 1325 1326static int hci_outgoing_auth_needed(struct hci_dev *hdev, 1327 struct hci_conn *conn) 1328{ 1329 if (conn->state != BT_CONFIG || !conn->out) 1330 return 0; 1331 1332 if (conn->pending_sec_level == BT_SECURITY_SDP) 1333 return 0; 1334 1335 /* Only request authentication for SSP connections or non-SSP 1336 * devices with sec_level HIGH or if MITM protection is requested */ 1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && 1338 conn->pending_sec_level != BT_SECURITY_HIGH) 1339 return 0; 1340 1341 return 1; 1342} 1343 1344static int hci_resolve_name(struct hci_dev *hdev, 1345 struct inquiry_entry *e) 1346{ 1347 struct hci_cp_remote_name_req cp; 1348 1349 memset(&cp, 0, sizeof(cp)); 1350 1351 bacpy(&cp.bdaddr, &e->data.bdaddr); 1352 cp.pscan_rep_mode = e->data.pscan_rep_mode; 1353 cp.pscan_mode = e->data.pscan_mode; 1354 cp.clock_offset = e->data.clock_offset; 1355 1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1357} 1358 1359static bool hci_resolve_next_name(struct hci_dev *hdev) 1360{ 1361 struct discovery_state *discov = &hdev->discovery; 1362 struct inquiry_entry *e; 1363 1364 if (list_empty(&discov->resolve)) 1365 return false; 1366 1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1368 if (hci_resolve_name(hdev, e) == 0) { 1369 e->name_state = NAME_PENDING; 1370 return true; 1371 } 1372 1373 return false; 1374} 1375 1376static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, 1377 bdaddr_t *bdaddr, u8 *name, u8 name_len) 1378{ 1379 struct discovery_state *discov = &hdev->discovery; 1380 struct inquiry_entry *e; 1381 1382 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 1383 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name, 1384 name_len, conn->dev_class); 1385 1386 if (discov->state == DISCOVERY_STOPPED) 1387 return; 1388 1389 if (discov->state == DISCOVERY_STOPPING) 1390 goto discov_complete; 1391 1392 if (discov->state != DISCOVERY_RESOLVING) 1393 return; 1394 1395 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); 1396 if (e) { 1397 e->name_state = NAME_KNOWN; 1398 list_del(&e->list); 1399 if (name) 1400 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, 1401 e->data.rssi, name, name_len); 1402 } 1403 1404 if (hci_resolve_next_name(hdev)) 1405 return; 1406 1407discov_complete: 1408 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1409} 1410 1411static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1412{ 1413 struct hci_cp_remote_name_req *cp; 1414 struct hci_conn *conn; 1415 1416 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1417 1418 /* If successful wait for the name req complete event before 1419 * checking for the need to do authentication */ 1420 if (!status) 1421 return; 1422 1423 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 1424 if (!cp) 1425 return; 1426 1427 hci_dev_lock(hdev); 1428 1429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1430 1431 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1432 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0); 1433 1434 if (!conn) 1435 goto unlock; 1436 1437 if (!hci_outgoing_auth_needed(hdev, conn)) 1438 goto unlock; 1439 1440 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 1441 struct hci_cp_auth_requested cp; 1442 cp.handle = __cpu_to_le16(conn->handle); 1443 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1444 } 1445 1446unlock: 1447 hci_dev_unlock(hdev); 1448} 1449 1450static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1451{ 1452 struct hci_cp_read_remote_features *cp; 1453 struct hci_conn *conn; 1454 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1456 1457 if (!status) 1458 return; 1459 1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 1461 if (!cp) 1462 return; 1463 1464 hci_dev_lock(hdev); 1465 1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1467 if (conn) { 1468 if (conn->state == BT_CONFIG) { 1469 hci_proto_connect_cfm(conn, status); 1470 hci_conn_put(conn); 1471 } 1472 } 1473 1474 hci_dev_unlock(hdev); 1475} 1476 1477static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 1478{ 1479 struct hci_cp_read_remote_ext_features *cp; 1480 struct hci_conn *conn; 1481 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1483 1484 if (!status) 1485 return; 1486 1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 1488 if (!cp) 1489 return; 1490 1491 hci_dev_lock(hdev); 1492 1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1494 if (conn) { 1495 if (conn->state == BT_CONFIG) { 1496 hci_proto_connect_cfm(conn, status); 1497 hci_conn_put(conn); 1498 } 1499 } 1500 1501 hci_dev_unlock(hdev); 1502} 1503 1504static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 1505{ 1506 struct hci_cp_setup_sync_conn *cp; 1507 struct hci_conn *acl, *sco; 1508 __u16 handle; 1509 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1511 1512 if (!status) 1513 return; 1514 1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 1516 if (!cp) 1517 return; 1518 1519 handle = __le16_to_cpu(cp->handle); 1520 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1522 1523 hci_dev_lock(hdev); 1524 1525 acl = hci_conn_hash_lookup_handle(hdev, handle); 1526 if (acl) { 1527 sco = acl->link; 1528 if (sco) { 1529 sco->state = BT_CLOSED; 1530 1531 hci_proto_connect_cfm(sco, status); 1532 hci_conn_del(sco); 1533 } 1534 } 1535 1536 hci_dev_unlock(hdev); 1537} 1538 1539static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1540{ 1541 struct hci_cp_sniff_mode *cp; 1542 struct hci_conn *conn; 1543 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1545 1546 if (!status) 1547 return; 1548 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1550 if (!cp) 1551 return; 1552 1553 hci_dev_lock(hdev); 1554 1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1556 if (conn) { 1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1558 1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1560 hci_sco_setup(conn, status); 1561 } 1562 1563 hci_dev_unlock(hdev); 1564} 1565 1566static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1567{ 1568 struct hci_cp_exit_sniff_mode *cp; 1569 struct hci_conn *conn; 1570 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1572 1573 if (!status) 1574 return; 1575 1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1577 if (!cp) 1578 return; 1579 1580 hci_dev_lock(hdev); 1581 1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1583 if (conn) { 1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1585 1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1587 hci_sco_setup(conn, status); 1588 } 1589 1590 hci_dev_unlock(hdev); 1591} 1592 1593static void hci_cs_disconnect(struct hci_dev *hdev, u8 status) 1594{ 1595 struct hci_cp_disconnect *cp; 1596 struct hci_conn *conn; 1597 1598 if (!status) 1599 return; 1600 1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT); 1602 if (!cp) 1603 return; 1604 1605 hci_dev_lock(hdev); 1606 1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1608 if (conn) 1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 1610 conn->dst_type, status); 1611 1612 hci_dev_unlock(hdev); 1613} 1614 1615static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status) 1616{ 1617 struct hci_cp_le_create_conn *cp; 1618 struct hci_conn *conn; 1619 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1621 1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1623 if (!cp) 1624 return; 1625 1626 hci_dev_lock(hdev); 1627 1628 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr); 1629 1630 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr), 1631 conn); 1632 1633 if (status) { 1634 if (conn && conn->state == BT_CONNECT) { 1635 conn->state = BT_CLOSED; 1636 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type, 1637 conn->dst_type, status); 1638 hci_proto_connect_cfm(conn, status); 1639 hci_conn_del(conn); 1640 } 1641 } 1642 1643 hci_dev_unlock(hdev); 1644} 1645 1646static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) 1647{ 1648 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1649} 1650 1651static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1652{ 1653 __u8 status = *((__u8 *) skb->data); 1654 struct discovery_state *discov = &hdev->discovery; 1655 struct inquiry_entry *e; 1656 1657 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1658 1659 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1660 1661 hci_conn_check_pending(hdev); 1662 1663 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1664 return; 1665 1666 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1667 return; 1668 1669 hci_dev_lock(hdev); 1670 1671 if (discov->state != DISCOVERY_FINDING) 1672 goto unlock; 1673 1674 if (list_empty(&discov->resolve)) { 1675 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1676 goto unlock; 1677 } 1678 1679 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1680 if (e && hci_resolve_name(hdev, e) == 0) { 1681 e->name_state = NAME_PENDING; 1682 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING); 1683 } else { 1684 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1685 } 1686 1687unlock: 1688 hci_dev_unlock(hdev); 1689} 1690 1691static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1692{ 1693 struct inquiry_data data; 1694 struct inquiry_info *info = (void *) (skb->data + 1); 1695 int num_rsp = *((__u8 *) skb->data); 1696 1697 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1698 1699 if (!num_rsp) 1700 return; 1701 1702 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 1703 return; 1704 1705 hci_dev_lock(hdev); 1706 1707 for (; num_rsp; num_rsp--, info++) { 1708 bool name_known, ssp; 1709 1710 bacpy(&data.bdaddr, &info->bdaddr); 1711 data.pscan_rep_mode = info->pscan_rep_mode; 1712 data.pscan_period_mode = info->pscan_period_mode; 1713 data.pscan_mode = info->pscan_mode; 1714 memcpy(data.dev_class, info->dev_class, 3); 1715 data.clock_offset = info->clock_offset; 1716 data.rssi = 0x00; 1717 data.ssp_mode = 0x00; 1718 1719 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); 1720 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 1721 info->dev_class, 0, !name_known, ssp, NULL, 1722 0); 1723 } 1724 1725 hci_dev_unlock(hdev); 1726} 1727 1728static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1729{ 1730 struct hci_ev_conn_complete *ev = (void *) skb->data; 1731 struct hci_conn *conn; 1732 1733 BT_DBG("%s", hdev->name); 1734 1735 hci_dev_lock(hdev); 1736 1737 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1738 if (!conn) { 1739 if (ev->link_type != SCO_LINK) 1740 goto unlock; 1741 1742 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1743 if (!conn) 1744 goto unlock; 1745 1746 conn->type = SCO_LINK; 1747 } 1748 1749 if (!ev->status) { 1750 conn->handle = __le16_to_cpu(ev->handle); 1751 1752 if (conn->type == ACL_LINK) { 1753 conn->state = BT_CONFIG; 1754 hci_conn_hold(conn); 1755 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1756 } else 1757 conn->state = BT_CONNECTED; 1758 1759 hci_conn_hold_device(conn); 1760 hci_conn_add_sysfs(conn); 1761 1762 if (test_bit(HCI_AUTH, &hdev->flags)) 1763 conn->link_mode |= HCI_LM_AUTH; 1764 1765 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1766 conn->link_mode |= HCI_LM_ENCRYPT; 1767 1768 /* Get remote features */ 1769 if (conn->type == ACL_LINK) { 1770 struct hci_cp_read_remote_features cp; 1771 cp.handle = ev->handle; 1772 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1773 sizeof(cp), &cp); 1774 } 1775 1776 /* Set packet type for incoming connection */ 1777 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) { 1778 struct hci_cp_change_conn_ptype cp; 1779 cp.handle = ev->handle; 1780 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1781 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), 1782 &cp); 1783 } 1784 } else { 1785 conn->state = BT_CLOSED; 1786 if (conn->type == ACL_LINK) 1787 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, 1788 conn->dst_type, ev->status); 1789 } 1790 1791 if (conn->type == ACL_LINK) 1792 hci_sco_setup(conn, ev->status); 1793 1794 if (ev->status) { 1795 hci_proto_connect_cfm(conn, ev->status); 1796 hci_conn_del(conn); 1797 } else if (ev->link_type != ACL_LINK) 1798 hci_proto_connect_cfm(conn, ev->status); 1799 1800unlock: 1801 hci_dev_unlock(hdev); 1802 1803 hci_conn_check_pending(hdev); 1804} 1805 1806static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1807{ 1808 struct hci_ev_conn_request *ev = (void *) skb->data; 1809 int mask = hdev->link_mode; 1810 1811 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr), 1812 ev->link_type); 1813 1814 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1815 1816 if ((mask & HCI_LM_ACCEPT) && 1817 !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1818 /* Connection accepted */ 1819 struct inquiry_entry *ie; 1820 struct hci_conn *conn; 1821 1822 hci_dev_lock(hdev); 1823 1824 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1825 if (ie) 1826 memcpy(ie->data.dev_class, ev->dev_class, 3); 1827 1828 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, 1829 &ev->bdaddr); 1830 if (!conn) { 1831 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1832 if (!conn) { 1833 BT_ERR("No memory for new connection"); 1834 hci_dev_unlock(hdev); 1835 return; 1836 } 1837 } 1838 1839 memcpy(conn->dev_class, ev->dev_class, 3); 1840 conn->state = BT_CONNECT; 1841 1842 hci_dev_unlock(hdev); 1843 1844 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 1845 struct hci_cp_accept_conn_req cp; 1846 1847 bacpy(&cp.bdaddr, &ev->bdaddr); 1848 1849 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1850 cp.role = 0x00; /* Become master */ 1851 else 1852 cp.role = 0x01; /* Remain slave */ 1853 1854 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), 1855 &cp); 1856 } else { 1857 struct hci_cp_accept_sync_conn_req cp; 1858 1859 bacpy(&cp.bdaddr, &ev->bdaddr); 1860 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1861 1862 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 1863 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 1864 cp.max_latency = __constant_cpu_to_le16(0xffff); 1865 cp.content_format = cpu_to_le16(hdev->voice_setting); 1866 cp.retrans_effort = 0xff; 1867 1868 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1869 sizeof(cp), &cp); 1870 } 1871 } else { 1872 /* Connection rejected */ 1873 struct hci_cp_reject_conn_req cp; 1874 1875 bacpy(&cp.bdaddr, &ev->bdaddr); 1876 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 1877 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1878 } 1879} 1880 1881static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1882{ 1883 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1884 struct hci_conn *conn; 1885 1886 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1887 1888 hci_dev_lock(hdev); 1889 1890 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1891 if (!conn) 1892 goto unlock; 1893 1894 if (ev->status == 0) 1895 conn->state = BT_CLOSED; 1896 1897 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) && 1898 (conn->type == ACL_LINK || conn->type == LE_LINK)) { 1899 if (ev->status != 0) 1900 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 1901 conn->dst_type, ev->status); 1902 else 1903 mgmt_device_disconnected(hdev, &conn->dst, conn->type, 1904 conn->dst_type); 1905 } 1906 1907 if (ev->status == 0) { 1908 if (conn->type == ACL_LINK && conn->flush_key) 1909 hci_remove_link_key(hdev, &conn->dst); 1910 hci_proto_disconn_cfm(conn, ev->reason); 1911 hci_conn_del(conn); 1912 } 1913 1914unlock: 1915 hci_dev_unlock(hdev); 1916} 1917 1918static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1919{ 1920 struct hci_ev_auth_complete *ev = (void *) skb->data; 1921 struct hci_conn *conn; 1922 1923 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1924 1925 hci_dev_lock(hdev); 1926 1927 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1928 if (!conn) 1929 goto unlock; 1930 1931 if (!ev->status) { 1932 if (!hci_conn_ssp_enabled(conn) && 1933 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) { 1934 BT_INFO("re-auth of legacy device is not possible."); 1935 } else { 1936 conn->link_mode |= HCI_LM_AUTH; 1937 conn->sec_level = conn->pending_sec_level; 1938 } 1939 } else { 1940 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 1941 ev->status); 1942 } 1943 1944 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 1945 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 1946 1947 if (conn->state == BT_CONFIG) { 1948 if (!ev->status && hci_conn_ssp_enabled(conn)) { 1949 struct hci_cp_set_conn_encrypt cp; 1950 cp.handle = ev->handle; 1951 cp.encrypt = 0x01; 1952 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 1953 &cp); 1954 } else { 1955 conn->state = BT_CONNECTED; 1956 hci_proto_connect_cfm(conn, ev->status); 1957 hci_conn_put(conn); 1958 } 1959 } else { 1960 hci_auth_cfm(conn, ev->status); 1961 1962 hci_conn_hold(conn); 1963 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1964 hci_conn_put(conn); 1965 } 1966 1967 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 1968 if (!ev->status) { 1969 struct hci_cp_set_conn_encrypt cp; 1970 cp.handle = ev->handle; 1971 cp.encrypt = 0x01; 1972 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 1973 &cp); 1974 } else { 1975 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 1976 hci_encrypt_cfm(conn, ev->status, 0x00); 1977 } 1978 } 1979 1980unlock: 1981 hci_dev_unlock(hdev); 1982} 1983 1984static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1985{ 1986 struct hci_ev_remote_name *ev = (void *) skb->data; 1987 struct hci_conn *conn; 1988 1989 BT_DBG("%s", hdev->name); 1990 1991 hci_conn_check_pending(hdev); 1992 1993 hci_dev_lock(hdev); 1994 1995 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1996 1997 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1998 goto check_auth; 1999 2000 if (ev->status == 0) 2001 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name, 2002 strnlen(ev->name, HCI_MAX_NAME_LENGTH)); 2003 else 2004 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0); 2005 2006check_auth: 2007 if (!conn) 2008 goto unlock; 2009 2010 if (!hci_outgoing_auth_needed(hdev, conn)) 2011 goto unlock; 2012 2013 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 2014 struct hci_cp_auth_requested cp; 2015 cp.handle = __cpu_to_le16(conn->handle); 2016 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 2017 } 2018 2019unlock: 2020 hci_dev_unlock(hdev); 2021} 2022 2023static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2024{ 2025 struct hci_ev_encrypt_change *ev = (void *) skb->data; 2026 struct hci_conn *conn; 2027 2028 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2029 2030 hci_dev_lock(hdev); 2031 2032 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2033 if (conn) { 2034 if (!ev->status) { 2035 if (ev->encrypt) { 2036 /* Encryption implies authentication */ 2037 conn->link_mode |= HCI_LM_AUTH; 2038 conn->link_mode |= HCI_LM_ENCRYPT; 2039 conn->sec_level = conn->pending_sec_level; 2040 } else 2041 conn->link_mode &= ~HCI_LM_ENCRYPT; 2042 } 2043 2044 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2045 2046 if (ev->status && conn->state == BT_CONNECTED) { 2047 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE); 2048 hci_conn_put(conn); 2049 goto unlock; 2050 } 2051 2052 if (conn->state == BT_CONFIG) { 2053 if (!ev->status) 2054 conn->state = BT_CONNECTED; 2055 2056 hci_proto_connect_cfm(conn, ev->status); 2057 hci_conn_put(conn); 2058 } else 2059 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 2060 } 2061 2062unlock: 2063 hci_dev_unlock(hdev); 2064} 2065 2066static void hci_change_link_key_complete_evt(struct hci_dev *hdev, 2067 struct sk_buff *skb) 2068{ 2069 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 2070 struct hci_conn *conn; 2071 2072 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2073 2074 hci_dev_lock(hdev); 2075 2076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2077 if (conn) { 2078 if (!ev->status) 2079 conn->link_mode |= HCI_LM_SECURE; 2080 2081 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 2082 2083 hci_key_change_cfm(conn, ev->status); 2084 } 2085 2086 hci_dev_unlock(hdev); 2087} 2088 2089static void hci_remote_features_evt(struct hci_dev *hdev, 2090 struct sk_buff *skb) 2091{ 2092 struct hci_ev_remote_features *ev = (void *) skb->data; 2093 struct hci_conn *conn; 2094 2095 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2096 2097 hci_dev_lock(hdev); 2098 2099 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2100 if (!conn) 2101 goto unlock; 2102 2103 if (!ev->status) 2104 memcpy(conn->features, ev->features, 8); 2105 2106 if (conn->state != BT_CONFIG) 2107 goto unlock; 2108 2109 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 2110 struct hci_cp_read_remote_ext_features cp; 2111 cp.handle = ev->handle; 2112 cp.page = 0x01; 2113 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 2114 sizeof(cp), &cp); 2115 goto unlock; 2116 } 2117 2118 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 2119 struct hci_cp_remote_name_req cp; 2120 memset(&cp, 0, sizeof(cp)); 2121 bacpy(&cp.bdaddr, &conn->dst); 2122 cp.pscan_rep_mode = 0x02; 2123 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2124 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2125 mgmt_device_connected(hdev, &conn->dst, conn->type, 2126 conn->dst_type, 0, NULL, 0, 2127 conn->dev_class); 2128 2129 if (!hci_outgoing_auth_needed(hdev, conn)) { 2130 conn->state = BT_CONNECTED; 2131 hci_proto_connect_cfm(conn, ev->status); 2132 hci_conn_put(conn); 2133 } 2134 2135unlock: 2136 hci_dev_unlock(hdev); 2137} 2138 2139static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 2140{ 2141 BT_DBG("%s", hdev->name); 2142} 2143 2144static void hci_qos_setup_complete_evt(struct hci_dev *hdev, 2145 struct sk_buff *skb) 2146{ 2147 BT_DBG("%s", hdev->name); 2148} 2149 2150static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2151{ 2152 struct hci_ev_cmd_complete *ev = (void *) skb->data; 2153 __u16 opcode; 2154 2155 skb_pull(skb, sizeof(*ev)); 2156 2157 opcode = __le16_to_cpu(ev->opcode); 2158 2159 switch (opcode) { 2160 case HCI_OP_INQUIRY_CANCEL: 2161 hci_cc_inquiry_cancel(hdev, skb); 2162 break; 2163 2164 case HCI_OP_PERIODIC_INQ: 2165 hci_cc_periodic_inq(hdev, skb); 2166 break; 2167 2168 case HCI_OP_EXIT_PERIODIC_INQ: 2169 hci_cc_exit_periodic_inq(hdev, skb); 2170 break; 2171 2172 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 2173 hci_cc_remote_name_req_cancel(hdev, skb); 2174 break; 2175 2176 case HCI_OP_ROLE_DISCOVERY: 2177 hci_cc_role_discovery(hdev, skb); 2178 break; 2179 2180 case HCI_OP_READ_LINK_POLICY: 2181 hci_cc_read_link_policy(hdev, skb); 2182 break; 2183 2184 case HCI_OP_WRITE_LINK_POLICY: 2185 hci_cc_write_link_policy(hdev, skb); 2186 break; 2187 2188 case HCI_OP_READ_DEF_LINK_POLICY: 2189 hci_cc_read_def_link_policy(hdev, skb); 2190 break; 2191 2192 case HCI_OP_WRITE_DEF_LINK_POLICY: 2193 hci_cc_write_def_link_policy(hdev, skb); 2194 break; 2195 2196 case HCI_OP_RESET: 2197 hci_cc_reset(hdev, skb); 2198 break; 2199 2200 case HCI_OP_WRITE_LOCAL_NAME: 2201 hci_cc_write_local_name(hdev, skb); 2202 break; 2203 2204 case HCI_OP_READ_LOCAL_NAME: 2205 hci_cc_read_local_name(hdev, skb); 2206 break; 2207 2208 case HCI_OP_WRITE_AUTH_ENABLE: 2209 hci_cc_write_auth_enable(hdev, skb); 2210 break; 2211 2212 case HCI_OP_WRITE_ENCRYPT_MODE: 2213 hci_cc_write_encrypt_mode(hdev, skb); 2214 break; 2215 2216 case HCI_OP_WRITE_SCAN_ENABLE: 2217 hci_cc_write_scan_enable(hdev, skb); 2218 break; 2219 2220 case HCI_OP_READ_CLASS_OF_DEV: 2221 hci_cc_read_class_of_dev(hdev, skb); 2222 break; 2223 2224 case HCI_OP_WRITE_CLASS_OF_DEV: 2225 hci_cc_write_class_of_dev(hdev, skb); 2226 break; 2227 2228 case HCI_OP_READ_VOICE_SETTING: 2229 hci_cc_read_voice_setting(hdev, skb); 2230 break; 2231 2232 case HCI_OP_WRITE_VOICE_SETTING: 2233 hci_cc_write_voice_setting(hdev, skb); 2234 break; 2235 2236 case HCI_OP_HOST_BUFFER_SIZE: 2237 hci_cc_host_buffer_size(hdev, skb); 2238 break; 2239 2240 case HCI_OP_WRITE_SSP_MODE: 2241 hci_cc_write_ssp_mode(hdev, skb); 2242 break; 2243 2244 case HCI_OP_READ_LOCAL_VERSION: 2245 hci_cc_read_local_version(hdev, skb); 2246 break; 2247 2248 case HCI_OP_READ_LOCAL_COMMANDS: 2249 hci_cc_read_local_commands(hdev, skb); 2250 break; 2251 2252 case HCI_OP_READ_LOCAL_FEATURES: 2253 hci_cc_read_local_features(hdev, skb); 2254 break; 2255 2256 case HCI_OP_READ_LOCAL_EXT_FEATURES: 2257 hci_cc_read_local_ext_features(hdev, skb); 2258 break; 2259 2260 case HCI_OP_READ_BUFFER_SIZE: 2261 hci_cc_read_buffer_size(hdev, skb); 2262 break; 2263 2264 case HCI_OP_READ_BD_ADDR: 2265 hci_cc_read_bd_addr(hdev, skb); 2266 break; 2267 2268 case HCI_OP_READ_DATA_BLOCK_SIZE: 2269 hci_cc_read_data_block_size(hdev, skb); 2270 break; 2271 2272 case HCI_OP_WRITE_CA_TIMEOUT: 2273 hci_cc_write_ca_timeout(hdev, skb); 2274 break; 2275 2276 case HCI_OP_READ_FLOW_CONTROL_MODE: 2277 hci_cc_read_flow_control_mode(hdev, skb); 2278 break; 2279 2280 case HCI_OP_READ_LOCAL_AMP_INFO: 2281 hci_cc_read_local_amp_info(hdev, skb); 2282 break; 2283 2284 case HCI_OP_DELETE_STORED_LINK_KEY: 2285 hci_cc_delete_stored_link_key(hdev, skb); 2286 break; 2287 2288 case HCI_OP_SET_EVENT_MASK: 2289 hci_cc_set_event_mask(hdev, skb); 2290 break; 2291 2292 case HCI_OP_WRITE_INQUIRY_MODE: 2293 hci_cc_write_inquiry_mode(hdev, skb); 2294 break; 2295 2296 case HCI_OP_READ_INQ_RSP_TX_POWER: 2297 hci_cc_read_inq_rsp_tx_power(hdev, skb); 2298 break; 2299 2300 case HCI_OP_SET_EVENT_FLT: 2301 hci_cc_set_event_flt(hdev, skb); 2302 break; 2303 2304 case HCI_OP_PIN_CODE_REPLY: 2305 hci_cc_pin_code_reply(hdev, skb); 2306 break; 2307 2308 case HCI_OP_PIN_CODE_NEG_REPLY: 2309 hci_cc_pin_code_neg_reply(hdev, skb); 2310 break; 2311 2312 case HCI_OP_READ_LOCAL_OOB_DATA: 2313 hci_cc_read_local_oob_data_reply(hdev, skb); 2314 break; 2315 2316 case HCI_OP_LE_READ_BUFFER_SIZE: 2317 hci_cc_le_read_buffer_size(hdev, skb); 2318 break; 2319 2320 case HCI_OP_USER_CONFIRM_REPLY: 2321 hci_cc_user_confirm_reply(hdev, skb); 2322 break; 2323 2324 case HCI_OP_USER_CONFIRM_NEG_REPLY: 2325 hci_cc_user_confirm_neg_reply(hdev, skb); 2326 break; 2327 2328 case HCI_OP_USER_PASSKEY_REPLY: 2329 hci_cc_user_passkey_reply(hdev, skb); 2330 break; 2331 2332 case HCI_OP_USER_PASSKEY_NEG_REPLY: 2333 hci_cc_user_passkey_neg_reply(hdev, skb); 2334 break; 2335 2336 case HCI_OP_LE_SET_SCAN_PARAM: 2337 hci_cc_le_set_scan_param(hdev, skb); 2338 break; 2339 2340 case HCI_OP_LE_SET_SCAN_ENABLE: 2341 hci_cc_le_set_scan_enable(hdev, skb); 2342 break; 2343 2344 case HCI_OP_LE_LTK_REPLY: 2345 hci_cc_le_ltk_reply(hdev, skb); 2346 break; 2347 2348 case HCI_OP_LE_LTK_NEG_REPLY: 2349 hci_cc_le_ltk_neg_reply(hdev, skb); 2350 break; 2351 2352 case HCI_OP_WRITE_LE_HOST_SUPPORTED: 2353 hci_cc_write_le_host_supported(hdev, skb); 2354 break; 2355 2356 default: 2357 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2358 break; 2359 } 2360 2361 if (ev->opcode != HCI_OP_NOP) 2362 del_timer(&hdev->cmd_timer); 2363 2364 if (ev->ncmd) { 2365 atomic_set(&hdev->cmd_cnt, 1); 2366 if (!skb_queue_empty(&hdev->cmd_q)) 2367 queue_work(hdev->workqueue, &hdev->cmd_work); 2368 } 2369} 2370 2371static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 2372{ 2373 struct hci_ev_cmd_status *ev = (void *) skb->data; 2374 __u16 opcode; 2375 2376 skb_pull(skb, sizeof(*ev)); 2377 2378 opcode = __le16_to_cpu(ev->opcode); 2379 2380 switch (opcode) { 2381 case HCI_OP_INQUIRY: 2382 hci_cs_inquiry(hdev, ev->status); 2383 break; 2384 2385 case HCI_OP_CREATE_CONN: 2386 hci_cs_create_conn(hdev, ev->status); 2387 break; 2388 2389 case HCI_OP_ADD_SCO: 2390 hci_cs_add_sco(hdev, ev->status); 2391 break; 2392 2393 case HCI_OP_AUTH_REQUESTED: 2394 hci_cs_auth_requested(hdev, ev->status); 2395 break; 2396 2397 case HCI_OP_SET_CONN_ENCRYPT: 2398 hci_cs_set_conn_encrypt(hdev, ev->status); 2399 break; 2400 2401 case HCI_OP_REMOTE_NAME_REQ: 2402 hci_cs_remote_name_req(hdev, ev->status); 2403 break; 2404 2405 case HCI_OP_READ_REMOTE_FEATURES: 2406 hci_cs_read_remote_features(hdev, ev->status); 2407 break; 2408 2409 case HCI_OP_READ_REMOTE_EXT_FEATURES: 2410 hci_cs_read_remote_ext_features(hdev, ev->status); 2411 break; 2412 2413 case HCI_OP_SETUP_SYNC_CONN: 2414 hci_cs_setup_sync_conn(hdev, ev->status); 2415 break; 2416 2417 case HCI_OP_SNIFF_MODE: 2418 hci_cs_sniff_mode(hdev, ev->status); 2419 break; 2420 2421 case HCI_OP_EXIT_SNIFF_MODE: 2422 hci_cs_exit_sniff_mode(hdev, ev->status); 2423 break; 2424 2425 case HCI_OP_DISCONNECT: 2426 hci_cs_disconnect(hdev, ev->status); 2427 break; 2428 2429 case HCI_OP_LE_CREATE_CONN: 2430 hci_cs_le_create_conn(hdev, ev->status); 2431 break; 2432 2433 case HCI_OP_LE_START_ENC: 2434 hci_cs_le_start_enc(hdev, ev->status); 2435 break; 2436 2437 default: 2438 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2439 break; 2440 } 2441 2442 if (ev->opcode != HCI_OP_NOP) 2443 del_timer(&hdev->cmd_timer); 2444 2445 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2446 atomic_set(&hdev->cmd_cnt, 1); 2447 if (!skb_queue_empty(&hdev->cmd_q)) 2448 queue_work(hdev->workqueue, &hdev->cmd_work); 2449 } 2450} 2451 2452static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2453{ 2454 struct hci_ev_role_change *ev = (void *) skb->data; 2455 struct hci_conn *conn; 2456 2457 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2458 2459 hci_dev_lock(hdev); 2460 2461 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2462 if (conn) { 2463 if (!ev->status) { 2464 if (ev->role) 2465 conn->link_mode &= ~HCI_LM_MASTER; 2466 else 2467 conn->link_mode |= HCI_LM_MASTER; 2468 } 2469 2470 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags); 2471 2472 hci_role_switch_cfm(conn, ev->status, ev->role); 2473 } 2474 2475 hci_dev_unlock(hdev); 2476} 2477 2478static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 2479{ 2480 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 2481 int i; 2482 2483 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { 2484 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2485 return; 2486 } 2487 2488 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2489 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) { 2490 BT_DBG("%s bad parameters", hdev->name); 2491 return; 2492 } 2493 2494 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 2495 2496 for (i = 0; i < ev->num_hndl; i++) { 2497 struct hci_comp_pkts_info *info = &ev->handles[i]; 2498 struct hci_conn *conn; 2499 __u16 handle, count; 2500 2501 handle = __le16_to_cpu(info->handle); 2502 count = __le16_to_cpu(info->count); 2503 2504 conn = hci_conn_hash_lookup_handle(hdev, handle); 2505 if (!conn) 2506 continue; 2507 2508 conn->sent -= count; 2509 2510 switch (conn->type) { 2511 case ACL_LINK: 2512 hdev->acl_cnt += count; 2513 if (hdev->acl_cnt > hdev->acl_pkts) 2514 hdev->acl_cnt = hdev->acl_pkts; 2515 break; 2516 2517 case LE_LINK: 2518 if (hdev->le_pkts) { 2519 hdev->le_cnt += count; 2520 if (hdev->le_cnt > hdev->le_pkts) 2521 hdev->le_cnt = hdev->le_pkts; 2522 } else { 2523 hdev->acl_cnt += count; 2524 if (hdev->acl_cnt > hdev->acl_pkts) 2525 hdev->acl_cnt = hdev->acl_pkts; 2526 } 2527 break; 2528 2529 case SCO_LINK: 2530 hdev->sco_cnt += count; 2531 if (hdev->sco_cnt > hdev->sco_pkts) 2532 hdev->sco_cnt = hdev->sco_pkts; 2533 break; 2534 2535 default: 2536 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2537 break; 2538 } 2539 } 2540 2541 queue_work(hdev->workqueue, &hdev->tx_work); 2542} 2543 2544static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2545{ 2546 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2547 int i; 2548 2549 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) { 2550 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2551 return; 2552 } 2553 2554 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2555 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) { 2556 BT_DBG("%s bad parameters", hdev->name); 2557 return; 2558 } 2559 2560 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks, 2561 ev->num_hndl); 2562 2563 for (i = 0; i < ev->num_hndl; i++) { 2564 struct hci_comp_blocks_info *info = &ev->handles[i]; 2565 struct hci_conn *conn; 2566 __u16 handle, block_count; 2567 2568 handle = __le16_to_cpu(info->handle); 2569 block_count = __le16_to_cpu(info->blocks); 2570 2571 conn = hci_conn_hash_lookup_handle(hdev, handle); 2572 if (!conn) 2573 continue; 2574 2575 conn->sent -= block_count; 2576 2577 switch (conn->type) { 2578 case ACL_LINK: 2579 hdev->block_cnt += block_count; 2580 if (hdev->block_cnt > hdev->num_blocks) 2581 hdev->block_cnt = hdev->num_blocks; 2582 break; 2583 2584 default: 2585 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2586 break; 2587 } 2588 } 2589 2590 queue_work(hdev->workqueue, &hdev->tx_work); 2591} 2592 2593static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2594{ 2595 struct hci_ev_mode_change *ev = (void *) skb->data; 2596 struct hci_conn *conn; 2597 2598 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2599 2600 hci_dev_lock(hdev); 2601 2602 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2603 if (conn) { 2604 conn->mode = ev->mode; 2605 conn->interval = __le16_to_cpu(ev->interval); 2606 2607 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, 2608 &conn->flags)) { 2609 if (conn->mode == HCI_CM_ACTIVE) 2610 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2611 else 2612 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2613 } 2614 2615 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 2616 hci_sco_setup(conn, ev->status); 2617 } 2618 2619 hci_dev_unlock(hdev); 2620} 2621 2622static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2623{ 2624 struct hci_ev_pin_code_req *ev = (void *) skb->data; 2625 struct hci_conn *conn; 2626 2627 BT_DBG("%s", hdev->name); 2628 2629 hci_dev_lock(hdev); 2630 2631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2632 if (!conn) 2633 goto unlock; 2634 2635 if (conn->state == BT_CONNECTED) { 2636 hci_conn_hold(conn); 2637 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2638 hci_conn_put(conn); 2639 } 2640 2641 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 2642 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2643 sizeof(ev->bdaddr), &ev->bdaddr); 2644 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) { 2645 u8 secure; 2646 2647 if (conn->pending_sec_level == BT_SECURITY_HIGH) 2648 secure = 1; 2649 else 2650 secure = 0; 2651 2652 mgmt_pin_code_request(hdev, &ev->bdaddr, secure); 2653 } 2654 2655unlock: 2656 hci_dev_unlock(hdev); 2657} 2658 2659static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2660{ 2661 struct hci_ev_link_key_req *ev = (void *) skb->data; 2662 struct hci_cp_link_key_reply cp; 2663 struct hci_conn *conn; 2664 struct link_key *key; 2665 2666 BT_DBG("%s", hdev->name); 2667 2668 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) 2669 return; 2670 2671 hci_dev_lock(hdev); 2672 2673 key = hci_find_link_key(hdev, &ev->bdaddr); 2674 if (!key) { 2675 BT_DBG("%s link key not found for %s", hdev->name, 2676 batostr(&ev->bdaddr)); 2677 goto not_found; 2678 } 2679 2680 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2681 batostr(&ev->bdaddr)); 2682 2683 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 2684 key->type == HCI_LK_DEBUG_COMBINATION) { 2685 BT_DBG("%s ignoring debug key", hdev->name); 2686 goto not_found; 2687 } 2688 2689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2690 if (conn) { 2691 if (key->type == HCI_LK_UNAUTH_COMBINATION && 2692 conn->auth_type != 0xff && (conn->auth_type & 0x01)) { 2693 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2694 goto not_found; 2695 } 2696 2697 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && 2698 conn->pending_sec_level == BT_SECURITY_HIGH) { 2699 BT_DBG("%s ignoring key unauthenticated for high security", 2700 hdev->name); 2701 goto not_found; 2702 } 2703 2704 conn->key_type = key->type; 2705 conn->pin_length = key->pin_len; 2706 } 2707 2708 bacpy(&cp.bdaddr, &ev->bdaddr); 2709 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE); 2710 2711 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 2712 2713 hci_dev_unlock(hdev); 2714 2715 return; 2716 2717not_found: 2718 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 2719 hci_dev_unlock(hdev); 2720} 2721 2722static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2723{ 2724 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2725 struct hci_conn *conn; 2726 u8 pin_len = 0; 2727 2728 BT_DBG("%s", hdev->name); 2729 2730 hci_dev_lock(hdev); 2731 2732 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2733 if (conn) { 2734 hci_conn_hold(conn); 2735 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2736 pin_len = conn->pin_length; 2737 2738 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2739 conn->key_type = ev->key_type; 2740 2741 hci_conn_put(conn); 2742 } 2743 2744 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) 2745 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key, 2746 ev->key_type, pin_len); 2747 2748 hci_dev_unlock(hdev); 2749} 2750 2751static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 2752{ 2753 struct hci_ev_clock_offset *ev = (void *) skb->data; 2754 struct hci_conn *conn; 2755 2756 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2757 2758 hci_dev_lock(hdev); 2759 2760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2761 if (conn && !ev->status) { 2762 struct inquiry_entry *ie; 2763 2764 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2765 if (ie) { 2766 ie->data.clock_offset = ev->clock_offset; 2767 ie->timestamp = jiffies; 2768 } 2769 } 2770 2771 hci_dev_unlock(hdev); 2772} 2773 2774static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2775{ 2776 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2777 struct hci_conn *conn; 2778 2779 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2780 2781 hci_dev_lock(hdev); 2782 2783 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2784 if (conn && !ev->status) 2785 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 2786 2787 hci_dev_unlock(hdev); 2788} 2789 2790static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 2791{ 2792 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 2793 struct inquiry_entry *ie; 2794 2795 BT_DBG("%s", hdev->name); 2796 2797 hci_dev_lock(hdev); 2798 2799 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2800 if (ie) { 2801 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 2802 ie->timestamp = jiffies; 2803 } 2804 2805 hci_dev_unlock(hdev); 2806} 2807 2808static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, 2809 struct sk_buff *skb) 2810{ 2811 struct inquiry_data data; 2812 int num_rsp = *((__u8 *) skb->data); 2813 bool name_known, ssp; 2814 2815 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2816 2817 if (!num_rsp) 2818 return; 2819 2820 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 2821 return; 2822 2823 hci_dev_lock(hdev); 2824 2825 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2826 struct inquiry_info_with_rssi_and_pscan_mode *info; 2827 info = (void *) (skb->data + 1); 2828 2829 for (; num_rsp; num_rsp--, info++) { 2830 bacpy(&data.bdaddr, &info->bdaddr); 2831 data.pscan_rep_mode = info->pscan_rep_mode; 2832 data.pscan_period_mode = info->pscan_period_mode; 2833 data.pscan_mode = info->pscan_mode; 2834 memcpy(data.dev_class, info->dev_class, 3); 2835 data.clock_offset = info->clock_offset; 2836 data.rssi = info->rssi; 2837 data.ssp_mode = 0x00; 2838 2839 name_known = hci_inquiry_cache_update(hdev, &data, 2840 false, &ssp); 2841 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2842 info->dev_class, info->rssi, 2843 !name_known, ssp, NULL, 0); 2844 } 2845 } else { 2846 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2847 2848 for (; num_rsp; num_rsp--, info++) { 2849 bacpy(&data.bdaddr, &info->bdaddr); 2850 data.pscan_rep_mode = info->pscan_rep_mode; 2851 data.pscan_period_mode = info->pscan_period_mode; 2852 data.pscan_mode = 0x00; 2853 memcpy(data.dev_class, info->dev_class, 3); 2854 data.clock_offset = info->clock_offset; 2855 data.rssi = info->rssi; 2856 data.ssp_mode = 0x00; 2857 name_known = hci_inquiry_cache_update(hdev, &data, 2858 false, &ssp); 2859 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2860 info->dev_class, info->rssi, 2861 !name_known, ssp, NULL, 0); 2862 } 2863 } 2864 2865 hci_dev_unlock(hdev); 2866} 2867 2868static void hci_remote_ext_features_evt(struct hci_dev *hdev, 2869 struct sk_buff *skb) 2870{ 2871 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 2872 struct hci_conn *conn; 2873 2874 BT_DBG("%s", hdev->name); 2875 2876 hci_dev_lock(hdev); 2877 2878 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2879 if (!conn) 2880 goto unlock; 2881 2882 if (!ev->status && ev->page == 0x01) { 2883 struct inquiry_entry *ie; 2884 2885 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2886 if (ie) 2887 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 2888 2889 if (ev->features[0] & LMP_HOST_SSP) 2890 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 2891 } 2892 2893 if (conn->state != BT_CONFIG) 2894 goto unlock; 2895 2896 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 2897 struct hci_cp_remote_name_req cp; 2898 memset(&cp, 0, sizeof(cp)); 2899 bacpy(&cp.bdaddr, &conn->dst); 2900 cp.pscan_rep_mode = 0x02; 2901 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2902 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2903 mgmt_device_connected(hdev, &conn->dst, conn->type, 2904 conn->dst_type, 0, NULL, 0, 2905 conn->dev_class); 2906 2907 if (!hci_outgoing_auth_needed(hdev, conn)) { 2908 conn->state = BT_CONNECTED; 2909 hci_proto_connect_cfm(conn, ev->status); 2910 hci_conn_put(conn); 2911 } 2912 2913unlock: 2914 hci_dev_unlock(hdev); 2915} 2916 2917static void hci_sync_conn_complete_evt(struct hci_dev *hdev, 2918 struct sk_buff *skb) 2919{ 2920 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2921 struct hci_conn *conn; 2922 2923 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2924 2925 hci_dev_lock(hdev); 2926 2927 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 2928 if (!conn) { 2929 if (ev->link_type == ESCO_LINK) 2930 goto unlock; 2931 2932 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 2933 if (!conn) 2934 goto unlock; 2935 2936 conn->type = SCO_LINK; 2937 } 2938 2939 switch (ev->status) { 2940 case 0x00: 2941 conn->handle = __le16_to_cpu(ev->handle); 2942 conn->state = BT_CONNECTED; 2943 2944 hci_conn_hold_device(conn); 2945 hci_conn_add_sysfs(conn); 2946 break; 2947 2948 case 0x11: /* Unsupported Feature or Parameter Value */ 2949 case 0x1c: /* SCO interval rejected */ 2950 case 0x1a: /* Unsupported Remote Feature */ 2951 case 0x1f: /* Unspecified error */ 2952 if (conn->out && conn->attempt < 2) { 2953 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2954 (hdev->esco_type & EDR_ESCO_MASK); 2955 hci_setup_sync(conn, conn->link->handle); 2956 goto unlock; 2957 } 2958 /* fall through */ 2959 2960 default: 2961 conn->state = BT_CLOSED; 2962 break; 2963 } 2964 2965 hci_proto_connect_cfm(conn, ev->status); 2966 if (ev->status) 2967 hci_conn_del(conn); 2968 2969unlock: 2970 hci_dev_unlock(hdev); 2971} 2972 2973static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 2974{ 2975 BT_DBG("%s", hdev->name); 2976} 2977 2978static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2979{ 2980 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2981 2982 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2983} 2984 2985static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, 2986 struct sk_buff *skb) 2987{ 2988 struct inquiry_data data; 2989 struct extended_inquiry_info *info = (void *) (skb->data + 1); 2990 int num_rsp = *((__u8 *) skb->data); 2991 size_t eir_len; 2992 2993 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2994 2995 if (!num_rsp) 2996 return; 2997 2998 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 2999 return; 3000 3001 hci_dev_lock(hdev); 3002 3003 for (; num_rsp; num_rsp--, info++) { 3004 bool name_known, ssp; 3005 3006 bacpy(&data.bdaddr, &info->bdaddr); 3007 data.pscan_rep_mode = info->pscan_rep_mode; 3008 data.pscan_period_mode = info->pscan_period_mode; 3009 data.pscan_mode = 0x00; 3010 memcpy(data.dev_class, info->dev_class, 3); 3011 data.clock_offset = info->clock_offset; 3012 data.rssi = info->rssi; 3013 data.ssp_mode = 0x01; 3014 3015 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3016 name_known = eir_has_data_type(info->data, 3017 sizeof(info->data), 3018 EIR_NAME_COMPLETE); 3019 else 3020 name_known = true; 3021 3022 name_known = hci_inquiry_cache_update(hdev, &data, name_known, 3023 &ssp); 3024 eir_len = eir_get_length(info->data, sizeof(info->data)); 3025 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3026 info->dev_class, info->rssi, !name_known, 3027 ssp, info->data, eir_len); 3028 } 3029 3030 hci_dev_unlock(hdev); 3031} 3032 3033static void hci_key_refresh_complete_evt(struct hci_dev *hdev, 3034 struct sk_buff *skb) 3035{ 3036 struct hci_ev_key_refresh_complete *ev = (void *) skb->data; 3037 struct hci_conn *conn; 3038 3039 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status, 3040 __le16_to_cpu(ev->handle)); 3041 3042 hci_dev_lock(hdev); 3043 3044 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3045 if (!conn) 3046 goto unlock; 3047 3048 if (!ev->status) 3049 conn->sec_level = conn->pending_sec_level; 3050 3051 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 3052 3053 if (ev->status && conn->state == BT_CONNECTED) { 3054 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE); 3055 hci_conn_put(conn); 3056 goto unlock; 3057 } 3058 3059 if (conn->state == BT_CONFIG) { 3060 if (!ev->status) 3061 conn->state = BT_CONNECTED; 3062 3063 hci_proto_connect_cfm(conn, ev->status); 3064 hci_conn_put(conn); 3065 } else { 3066 hci_auth_cfm(conn, ev->status); 3067 3068 hci_conn_hold(conn); 3069 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 3070 hci_conn_put(conn); 3071 } 3072 3073unlock: 3074 hci_dev_unlock(hdev); 3075} 3076 3077static u8 hci_get_auth_req(struct hci_conn *conn) 3078{ 3079 /* If remote requests dedicated bonding follow that lead */ 3080 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) { 3081 /* If both remote and local IO capabilities allow MITM 3082 * protection then require it, otherwise don't */ 3083 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03) 3084 return 0x02; 3085 else 3086 return 0x03; 3087 } 3088 3089 /* If remote requests no-bonding follow that lead */ 3090 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 3091 return conn->remote_auth | (conn->auth_type & 0x01); 3092 3093 return conn->auth_type; 3094} 3095 3096static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3097{ 3098 struct hci_ev_io_capa_request *ev = (void *) skb->data; 3099 struct hci_conn *conn; 3100 3101 BT_DBG("%s", hdev->name); 3102 3103 hci_dev_lock(hdev); 3104 3105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3106 if (!conn) 3107 goto unlock; 3108 3109 hci_conn_hold(conn); 3110 3111 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3112 goto unlock; 3113 3114 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) || 3115 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 3116 struct hci_cp_io_capability_reply cp; 3117 3118 bacpy(&cp.bdaddr, &ev->bdaddr); 3119 /* Change the IO capability from KeyboardDisplay 3120 * to DisplayYesNo as it is not supported by BT spec. */ 3121 cp.capability = (conn->io_capability == 0x04) ? 3122 0x01 : conn->io_capability; 3123 conn->auth_type = hci_get_auth_req(conn); 3124 cp.authentication = conn->auth_type; 3125 3126 if (hci_find_remote_oob_data(hdev, &conn->dst) && 3127 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) 3128 cp.oob_data = 0x01; 3129 else 3130 cp.oob_data = 0x00; 3131 3132 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY, 3133 sizeof(cp), &cp); 3134 } else { 3135 struct hci_cp_io_capability_neg_reply cp; 3136 3137 bacpy(&cp.bdaddr, &ev->bdaddr); 3138 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED; 3139 3140 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 3141 sizeof(cp), &cp); 3142 } 3143 3144unlock: 3145 hci_dev_unlock(hdev); 3146} 3147 3148static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 3149{ 3150 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 3151 struct hci_conn *conn; 3152 3153 BT_DBG("%s", hdev->name); 3154 3155 hci_dev_lock(hdev); 3156 3157 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3158 if (!conn) 3159 goto unlock; 3160 3161 conn->remote_cap = ev->capability; 3162 conn->remote_auth = ev->authentication; 3163 if (ev->oob_data) 3164 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags); 3165 3166unlock: 3167 hci_dev_unlock(hdev); 3168} 3169 3170static void hci_user_confirm_request_evt(struct hci_dev *hdev, 3171 struct sk_buff *skb) 3172{ 3173 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 3174 int loc_mitm, rem_mitm, confirm_hint = 0; 3175 struct hci_conn *conn; 3176 3177 BT_DBG("%s", hdev->name); 3178 3179 hci_dev_lock(hdev); 3180 3181 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3182 goto unlock; 3183 3184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3185 if (!conn) 3186 goto unlock; 3187 3188 loc_mitm = (conn->auth_type & 0x01); 3189 rem_mitm = (conn->remote_auth & 0x01); 3190 3191 /* If we require MITM but the remote device can't provide that 3192 * (it has NoInputNoOutput) then reject the confirmation 3193 * request. The only exception is when we're dedicated bonding 3194 * initiators (connect_cfm_cb set) since then we always have the MITM 3195 * bit set. */ 3196 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) { 3197 BT_DBG("Rejecting request: remote device can't provide MITM"); 3198 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, 3199 sizeof(ev->bdaddr), &ev->bdaddr); 3200 goto unlock; 3201 } 3202 3203 /* If no side requires MITM protection; auto-accept */ 3204 if ((!loc_mitm || conn->remote_cap == 0x03) && 3205 (!rem_mitm || conn->io_capability == 0x03)) { 3206 3207 /* If we're not the initiators request authorization to 3208 * proceed from user space (mgmt_user_confirm with 3209 * confirm_hint set to 1). */ 3210 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 3211 BT_DBG("Confirming auto-accept as acceptor"); 3212 confirm_hint = 1; 3213 goto confirm; 3214 } 3215 3216 BT_DBG("Auto-accept of user confirmation with %ums delay", 3217 hdev->auto_accept_delay); 3218 3219 if (hdev->auto_accept_delay > 0) { 3220 int delay = msecs_to_jiffies(hdev->auto_accept_delay); 3221 mod_timer(&conn->auto_accept_timer, jiffies + delay); 3222 goto unlock; 3223 } 3224 3225 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, 3226 sizeof(ev->bdaddr), &ev->bdaddr); 3227 goto unlock; 3228 } 3229 3230confirm: 3231 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey, 3232 confirm_hint); 3233 3234unlock: 3235 hci_dev_unlock(hdev); 3236} 3237 3238static void hci_user_passkey_request_evt(struct hci_dev *hdev, 3239 struct sk_buff *skb) 3240{ 3241 struct hci_ev_user_passkey_req *ev = (void *) skb->data; 3242 3243 BT_DBG("%s", hdev->name); 3244 3245 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3246 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0); 3247} 3248 3249static void hci_simple_pair_complete_evt(struct hci_dev *hdev, 3250 struct sk_buff *skb) 3251{ 3252 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 3253 struct hci_conn *conn; 3254 3255 BT_DBG("%s", hdev->name); 3256 3257 hci_dev_lock(hdev); 3258 3259 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3260 if (!conn) 3261 goto unlock; 3262 3263 /* To avoid duplicate auth_failed events to user space we check 3264 * the HCI_CONN_AUTH_PEND flag which will be set if we 3265 * initiated the authentication. A traditional auth_complete 3266 * event gets always produced as initiator and is also mapped to 3267 * the mgmt_auth_failed event */ 3268 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0) 3269 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 3270 ev->status); 3271 3272 hci_conn_put(conn); 3273 3274unlock: 3275 hci_dev_unlock(hdev); 3276} 3277 3278static void hci_remote_host_features_evt(struct hci_dev *hdev, 3279 struct sk_buff *skb) 3280{ 3281 struct hci_ev_remote_host_features *ev = (void *) skb->data; 3282 struct inquiry_entry *ie; 3283 3284 BT_DBG("%s", hdev->name); 3285 3286 hci_dev_lock(hdev); 3287 3288 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3289 if (ie) 3290 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3291 3292 hci_dev_unlock(hdev); 3293} 3294 3295static void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 3296 struct sk_buff *skb) 3297{ 3298 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 3299 struct oob_data *data; 3300 3301 BT_DBG("%s", hdev->name); 3302 3303 hci_dev_lock(hdev); 3304 3305 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3306 goto unlock; 3307 3308 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 3309 if (data) { 3310 struct hci_cp_remote_oob_data_reply cp; 3311 3312 bacpy(&cp.bdaddr, &ev->bdaddr); 3313 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 3314 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 3315 3316 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp), 3317 &cp); 3318 } else { 3319 struct hci_cp_remote_oob_data_neg_reply cp; 3320 3321 bacpy(&cp.bdaddr, &ev->bdaddr); 3322 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp), 3323 &cp); 3324 } 3325 3326unlock: 3327 hci_dev_unlock(hdev); 3328} 3329 3330static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3331{ 3332 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3333 struct hci_conn *conn; 3334 3335 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3336 3337 hci_dev_lock(hdev); 3338 3339 if (ev->status) { 3340 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 3341 if (!conn) 3342 goto unlock; 3343 3344 mgmt_connect_failed(hdev, &conn->dst, conn->type, 3345 conn->dst_type, ev->status); 3346 hci_proto_connect_cfm(conn, ev->status); 3347 conn->state = BT_CLOSED; 3348 hci_conn_del(conn); 3349 goto unlock; 3350 } 3351 3352 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr); 3353 if (!conn) { 3354 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr); 3355 if (!conn) { 3356 BT_ERR("No memory for new connection"); 3357 goto unlock; 3358 } 3359 3360 conn->dst_type = ev->bdaddr_type; 3361 3362 if (ev->role == LE_CONN_ROLE_MASTER) { 3363 conn->out = true; 3364 conn->link_mode |= HCI_LM_MASTER; 3365 } 3366 } 3367 3368 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 3369 mgmt_device_connected(hdev, &ev->bdaddr, conn->type, 3370 conn->dst_type, 0, NULL, 0, NULL); 3371 3372 conn->sec_level = BT_SECURITY_LOW; 3373 conn->handle = __le16_to_cpu(ev->handle); 3374 conn->state = BT_CONNECTED; 3375 3376 hci_conn_hold_device(conn); 3377 hci_conn_add_sysfs(conn); 3378 3379 hci_proto_connect_cfm(conn, ev->status); 3380 3381unlock: 3382 hci_dev_unlock(hdev); 3383} 3384 3385static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) 3386{ 3387 u8 num_reports = skb->data[0]; 3388 void *ptr = &skb->data[1]; 3389 s8 rssi; 3390 3391 hci_dev_lock(hdev); 3392 3393 while (num_reports--) { 3394 struct hci_ev_le_advertising_info *ev = ptr; 3395 3396 rssi = ev->data[ev->length]; 3397 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type, 3398 NULL, rssi, 0, 1, ev->data, ev->length); 3399 3400 ptr += sizeof(*ev) + ev->length + 1; 3401 } 3402 3403 hci_dev_unlock(hdev); 3404} 3405 3406static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3407{ 3408 struct hci_ev_le_ltk_req *ev = (void *) skb->data; 3409 struct hci_cp_le_ltk_reply cp; 3410 struct hci_cp_le_ltk_neg_reply neg; 3411 struct hci_conn *conn; 3412 struct smp_ltk *ltk; 3413 3414 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle)); 3415 3416 hci_dev_lock(hdev); 3417 3418 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3419 if (conn == NULL) 3420 goto not_found; 3421 3422 ltk = hci_find_ltk(hdev, ev->ediv, ev->random); 3423 if (ltk == NULL) 3424 goto not_found; 3425 3426 memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); 3427 cp.handle = cpu_to_le16(conn->handle); 3428 3429 if (ltk->authenticated) 3430 conn->sec_level = BT_SECURITY_HIGH; 3431 3432 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 3433 3434 if (ltk->type & HCI_SMP_STK) { 3435 list_del(<k->list); 3436 kfree(ltk); 3437 } 3438 3439 hci_dev_unlock(hdev); 3440 3441 return; 3442 3443not_found: 3444 neg.handle = ev->handle; 3445 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg); 3446 hci_dev_unlock(hdev); 3447} 3448 3449static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 3450{ 3451 struct hci_ev_le_meta *le_ev = (void *) skb->data; 3452 3453 skb_pull(skb, sizeof(*le_ev)); 3454 3455 switch (le_ev->subevent) { 3456 case HCI_EV_LE_CONN_COMPLETE: 3457 hci_le_conn_complete_evt(hdev, skb); 3458 break; 3459 3460 case HCI_EV_LE_ADVERTISING_REPORT: 3461 hci_le_adv_report_evt(hdev, skb); 3462 break; 3463 3464 case HCI_EV_LE_LTK_REQ: 3465 hci_le_ltk_request_evt(hdev, skb); 3466 break; 3467 3468 default: 3469 break; 3470 } 3471} 3472 3473void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 3474{ 3475 struct hci_event_hdr *hdr = (void *) skb->data; 3476 __u8 event = hdr->evt; 3477 3478 skb_pull(skb, HCI_EVENT_HDR_SIZE); 3479 3480 switch (event) { 3481 case HCI_EV_INQUIRY_COMPLETE: 3482 hci_inquiry_complete_evt(hdev, skb); 3483 break; 3484 3485 case HCI_EV_INQUIRY_RESULT: 3486 hci_inquiry_result_evt(hdev, skb); 3487 break; 3488 3489 case HCI_EV_CONN_COMPLETE: 3490 hci_conn_complete_evt(hdev, skb); 3491 break; 3492 3493 case HCI_EV_CONN_REQUEST: 3494 hci_conn_request_evt(hdev, skb); 3495 break; 3496 3497 case HCI_EV_DISCONN_COMPLETE: 3498 hci_disconn_complete_evt(hdev, skb); 3499 break; 3500 3501 case HCI_EV_AUTH_COMPLETE: 3502 hci_auth_complete_evt(hdev, skb); 3503 break; 3504 3505 case HCI_EV_REMOTE_NAME: 3506 hci_remote_name_evt(hdev, skb); 3507 break; 3508 3509 case HCI_EV_ENCRYPT_CHANGE: 3510 hci_encrypt_change_evt(hdev, skb); 3511 break; 3512 3513 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 3514 hci_change_link_key_complete_evt(hdev, skb); 3515 break; 3516 3517 case HCI_EV_REMOTE_FEATURES: 3518 hci_remote_features_evt(hdev, skb); 3519 break; 3520 3521 case HCI_EV_REMOTE_VERSION: 3522 hci_remote_version_evt(hdev, skb); 3523 break; 3524 3525 case HCI_EV_QOS_SETUP_COMPLETE: 3526 hci_qos_setup_complete_evt(hdev, skb); 3527 break; 3528 3529 case HCI_EV_CMD_COMPLETE: 3530 hci_cmd_complete_evt(hdev, skb); 3531 break; 3532 3533 case HCI_EV_CMD_STATUS: 3534 hci_cmd_status_evt(hdev, skb); 3535 break; 3536 3537 case HCI_EV_ROLE_CHANGE: 3538 hci_role_change_evt(hdev, skb); 3539 break; 3540 3541 case HCI_EV_NUM_COMP_PKTS: 3542 hci_num_comp_pkts_evt(hdev, skb); 3543 break; 3544 3545 case HCI_EV_MODE_CHANGE: 3546 hci_mode_change_evt(hdev, skb); 3547 break; 3548 3549 case HCI_EV_PIN_CODE_REQ: 3550 hci_pin_code_request_evt(hdev, skb); 3551 break; 3552 3553 case HCI_EV_LINK_KEY_REQ: 3554 hci_link_key_request_evt(hdev, skb); 3555 break; 3556 3557 case HCI_EV_LINK_KEY_NOTIFY: 3558 hci_link_key_notify_evt(hdev, skb); 3559 break; 3560 3561 case HCI_EV_CLOCK_OFFSET: 3562 hci_clock_offset_evt(hdev, skb); 3563 break; 3564 3565 case HCI_EV_PKT_TYPE_CHANGE: 3566 hci_pkt_type_change_evt(hdev, skb); 3567 break; 3568 3569 case HCI_EV_PSCAN_REP_MODE: 3570 hci_pscan_rep_mode_evt(hdev, skb); 3571 break; 3572 3573 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 3574 hci_inquiry_result_with_rssi_evt(hdev, skb); 3575 break; 3576 3577 case HCI_EV_REMOTE_EXT_FEATURES: 3578 hci_remote_ext_features_evt(hdev, skb); 3579 break; 3580 3581 case HCI_EV_SYNC_CONN_COMPLETE: 3582 hci_sync_conn_complete_evt(hdev, skb); 3583 break; 3584 3585 case HCI_EV_SYNC_CONN_CHANGED: 3586 hci_sync_conn_changed_evt(hdev, skb); 3587 break; 3588 3589 case HCI_EV_SNIFF_SUBRATE: 3590 hci_sniff_subrate_evt(hdev, skb); 3591 break; 3592 3593 case HCI_EV_EXTENDED_INQUIRY_RESULT: 3594 hci_extended_inquiry_result_evt(hdev, skb); 3595 break; 3596 3597 case HCI_EV_KEY_REFRESH_COMPLETE: 3598 hci_key_refresh_complete_evt(hdev, skb); 3599 break; 3600 3601 case HCI_EV_IO_CAPA_REQUEST: 3602 hci_io_capa_request_evt(hdev, skb); 3603 break; 3604 3605 case HCI_EV_IO_CAPA_REPLY: 3606 hci_io_capa_reply_evt(hdev, skb); 3607 break; 3608 3609 case HCI_EV_USER_CONFIRM_REQUEST: 3610 hci_user_confirm_request_evt(hdev, skb); 3611 break; 3612 3613 case HCI_EV_USER_PASSKEY_REQUEST: 3614 hci_user_passkey_request_evt(hdev, skb); 3615 break; 3616 3617 case HCI_EV_SIMPLE_PAIR_COMPLETE: 3618 hci_simple_pair_complete_evt(hdev, skb); 3619 break; 3620 3621 case HCI_EV_REMOTE_HOST_FEATURES: 3622 hci_remote_host_features_evt(hdev, skb); 3623 break; 3624 3625 case HCI_EV_LE_META: 3626 hci_le_meta_evt(hdev, skb); 3627 break; 3628 3629 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 3630 hci_remote_oob_data_request_evt(hdev, skb); 3631 break; 3632 3633 case HCI_EV_NUM_COMP_BLOCKS: 3634 hci_num_comp_blocks_evt(hdev, skb); 3635 break; 3636 3637 default: 3638 BT_DBG("%s event 0x%2.2x", hdev->name, event); 3639 break; 3640 } 3641 3642 kfree_skb(skb); 3643 hdev->stat.evt_rx++; 3644} 3645