1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI event handling. */ 26 27 #include <asm/unaligned.h> 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/mgmt.h> 32 33 #include "a2mp.h" 34 #include "amp.h" 35 36 /* Handle HCI Event packets */ 37 38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 39 { 40 __u8 status = *((__u8 *) skb->data); 41 42 BT_DBG("%s status 0x%2.2x", hdev->name, status); 43 44 if (status) 45 return; 46 47 clear_bit(HCI_INQUIRY, &hdev->flags); 48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ 49 wake_up_bit(&hdev->flags, HCI_INQUIRY); 50 51 hci_conn_check_pending(hdev); 52 } 53 54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 55 { 56 __u8 status = *((__u8 *) skb->data); 57 58 BT_DBG("%s status 0x%2.2x", hdev->name, status); 59 60 if (status) 61 return; 62 63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 64 } 65 66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 67 { 68 __u8 status = *((__u8 *) skb->data); 69 70 BT_DBG("%s status 0x%2.2x", hdev->name, status); 71 72 if (status) 73 return; 74 75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags); 76 77 hci_conn_check_pending(hdev); 78 } 79 80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, 81 struct sk_buff *skb) 82 { 83 BT_DBG("%s", hdev->name); 84 } 85 86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 87 { 88 struct hci_rp_role_discovery *rp = (void *) skb->data; 89 struct hci_conn *conn; 90 91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 92 93 if (rp->status) 94 return; 95 96 hci_dev_lock(hdev); 97 98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 99 if (conn) { 100 if (rp->role) 101 conn->link_mode &= ~HCI_LM_MASTER; 102 else 103 conn->link_mode |= HCI_LM_MASTER; 104 } 105 106 hci_dev_unlock(hdev); 107 } 108 109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 110 { 111 struct hci_rp_read_link_policy *rp = (void *) skb->data; 112 struct hci_conn *conn; 113 114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 115 116 if (rp->status) 117 return; 118 119 hci_dev_lock(hdev); 120 121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 122 if (conn) 123 conn->link_policy = __le16_to_cpu(rp->policy); 124 125 hci_dev_unlock(hdev); 126 } 127 128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 129 { 130 struct hci_rp_write_link_policy *rp = (void *) skb->data; 131 struct hci_conn *conn; 132 void *sent; 133 134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 135 136 if (rp->status) 137 return; 138 139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 140 if (!sent) 141 return; 142 143 hci_dev_lock(hdev); 144 145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 146 if (conn) 147 conn->link_policy = get_unaligned_le16(sent + 2); 148 149 hci_dev_unlock(hdev); 150 } 151 152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, 153 struct sk_buff *skb) 154 { 155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 156 157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 158 159 if (rp->status) 160 return; 161 162 hdev->link_policy = __le16_to_cpu(rp->policy); 163 } 164 165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, 166 struct sk_buff *skb) 167 { 168 __u8 status = *((__u8 *) skb->data); 169 void *sent; 170 171 BT_DBG("%s status 0x%2.2x", hdev->name, status); 172 173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 174 if (!sent) 175 return; 176 177 if (!status) 178 hdev->link_policy = get_unaligned_le16(sent); 179 } 180 181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 182 { 183 __u8 status = *((__u8 *) skb->data); 184 185 BT_DBG("%s status 0x%2.2x", hdev->name, status); 186 187 clear_bit(HCI_RESET, &hdev->flags); 188 189 /* Reset all non-persistent flags */ 190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 191 192 hdev->discovery.state = DISCOVERY_STOPPED; 193 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 194 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 195 196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data)); 197 hdev->adv_data_len = 0; 198 199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data)); 200 hdev->scan_rsp_data_len = 0; 201 202 hdev->ssp_debug_mode = 0; 203 } 204 205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 206 { 207 __u8 status = *((__u8 *) skb->data); 208 void *sent; 209 210 BT_DBG("%s status 0x%2.2x", hdev->name, status); 211 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 213 if (!sent) 214 return; 215 216 hci_dev_lock(hdev); 217 218 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 219 mgmt_set_local_name_complete(hdev, sent, status); 220 else if (!status) 221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 222 223 hci_dev_unlock(hdev); 224 } 225 226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 227 { 228 struct hci_rp_read_local_name *rp = (void *) skb->data; 229 230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 231 232 if (rp->status) 233 return; 234 235 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 237 } 238 239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 240 { 241 __u8 status = *((__u8 *) skb->data); 242 void *sent; 243 244 BT_DBG("%s status 0x%2.2x", hdev->name, status); 245 246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 247 if (!sent) 248 return; 249 250 if (!status) { 251 __u8 param = *((__u8 *) sent); 252 253 if (param == AUTH_ENABLED) 254 set_bit(HCI_AUTH, &hdev->flags); 255 else 256 clear_bit(HCI_AUTH, &hdev->flags); 257 } 258 259 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 260 mgmt_auth_enable_complete(hdev, status); 261 } 262 263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 264 { 265 __u8 status = *((__u8 *) skb->data); 266 void *sent; 267 268 BT_DBG("%s status 0x%2.2x", hdev->name, status); 269 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 271 if (!sent) 272 return; 273 274 if (!status) { 275 __u8 param = *((__u8 *) sent); 276 277 if (param) 278 set_bit(HCI_ENCRYPT, &hdev->flags); 279 else 280 clear_bit(HCI_ENCRYPT, &hdev->flags); 281 } 282 } 283 284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 285 { 286 __u8 param, status = *((__u8 *) skb->data); 287 int old_pscan, old_iscan; 288 void *sent; 289 290 BT_DBG("%s status 0x%2.2x", hdev->name, status); 291 292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 293 if (!sent) 294 return; 295 296 param = *((__u8 *) sent); 297 298 hci_dev_lock(hdev); 299 300 if (status) { 301 mgmt_write_scan_failed(hdev, param, status); 302 hdev->discov_timeout = 0; 303 goto done; 304 } 305 306 /* We need to ensure that we set this back on if someone changed 307 * the scan mode through a raw HCI socket. 308 */ 309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 310 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 313 314 if (param & SCAN_INQUIRY) { 315 set_bit(HCI_ISCAN, &hdev->flags); 316 if (!old_iscan) 317 mgmt_discoverable(hdev, 1); 318 } else if (old_iscan) 319 mgmt_discoverable(hdev, 0); 320 321 if (param & SCAN_PAGE) { 322 set_bit(HCI_PSCAN, &hdev->flags); 323 if (!old_pscan) 324 mgmt_connectable(hdev, 1); 325 } else if (old_pscan) 326 mgmt_connectable(hdev, 0); 327 328 done: 329 hci_dev_unlock(hdev); 330 } 331 332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 333 { 334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 335 336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 337 338 if (rp->status) 339 return; 340 341 memcpy(hdev->dev_class, rp->dev_class, 3); 342 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 345 } 346 347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 348 { 349 __u8 status = *((__u8 *) skb->data); 350 void *sent; 351 352 BT_DBG("%s status 0x%2.2x", hdev->name, status); 353 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 355 if (!sent) 356 return; 357 358 hci_dev_lock(hdev); 359 360 if (status == 0) 361 memcpy(hdev->dev_class, sent, 3); 362 363 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 364 mgmt_set_class_of_dev_complete(hdev, sent, status); 365 366 hci_dev_unlock(hdev); 367 } 368 369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 370 { 371 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 372 __u16 setting; 373 374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 375 376 if (rp->status) 377 return; 378 379 setting = __le16_to_cpu(rp->voice_setting); 380 381 if (hdev->voice_setting == setting) 382 return; 383 384 hdev->voice_setting = setting; 385 386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 387 388 if (hdev->notify) 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 390 } 391 392 static void hci_cc_write_voice_setting(struct hci_dev *hdev, 393 struct sk_buff *skb) 394 { 395 __u8 status = *((__u8 *) skb->data); 396 __u16 setting; 397 void *sent; 398 399 BT_DBG("%s status 0x%2.2x", hdev->name, status); 400 401 if (status) 402 return; 403 404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 405 if (!sent) 406 return; 407 408 setting = get_unaligned_le16(sent); 409 410 if (hdev->voice_setting == setting) 411 return; 412 413 hdev->voice_setting = setting; 414 415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting); 416 417 if (hdev->notify) 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 419 } 420 421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev, 422 struct sk_buff *skb) 423 { 424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data; 425 426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 427 428 if (rp->status) 429 return; 430 431 hdev->num_iac = rp->num_iac; 432 433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac); 434 } 435 436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 437 { 438 __u8 status = *((__u8 *) skb->data); 439 struct hci_cp_write_ssp_mode *sent; 440 441 BT_DBG("%s status 0x%2.2x", hdev->name, status); 442 443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 444 if (!sent) 445 return; 446 447 if (!status) { 448 if (sent->mode) 449 hdev->features[1][0] |= LMP_HOST_SSP; 450 else 451 hdev->features[1][0] &= ~LMP_HOST_SSP; 452 } 453 454 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 455 mgmt_ssp_enable_complete(hdev, sent->mode, status); 456 else if (!status) { 457 if (sent->mode) 458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 459 else 460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 461 } 462 } 463 464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 465 { 466 struct hci_rp_read_local_version *rp = (void *) skb->data; 467 468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 469 470 if (rp->status) 471 return; 472 473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) { 474 hdev->hci_ver = rp->hci_ver; 475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 476 hdev->lmp_ver = rp->lmp_ver; 477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 479 } 480 } 481 482 static void hci_cc_read_local_commands(struct hci_dev *hdev, 483 struct sk_buff *skb) 484 { 485 struct hci_rp_read_local_commands *rp = (void *) skb->data; 486 487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 488 489 if (rp->status) 490 return; 491 492 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 493 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 494 } 495 496 static void hci_cc_read_local_features(struct hci_dev *hdev, 497 struct sk_buff *skb) 498 { 499 struct hci_rp_read_local_features *rp = (void *) skb->data; 500 501 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 502 503 if (rp->status) 504 return; 505 506 memcpy(hdev->features, rp->features, 8); 507 508 /* Adjust default settings according to features 509 * supported by device. */ 510 511 if (hdev->features[0][0] & LMP_3SLOT) 512 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 513 514 if (hdev->features[0][0] & LMP_5SLOT) 515 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 516 517 if (hdev->features[0][1] & LMP_HV2) { 518 hdev->pkt_type |= (HCI_HV2); 519 hdev->esco_type |= (ESCO_HV2); 520 } 521 522 if (hdev->features[0][1] & LMP_HV3) { 523 hdev->pkt_type |= (HCI_HV3); 524 hdev->esco_type |= (ESCO_HV3); 525 } 526 527 if (lmp_esco_capable(hdev)) 528 hdev->esco_type |= (ESCO_EV3); 529 530 if (hdev->features[0][4] & LMP_EV4) 531 hdev->esco_type |= (ESCO_EV4); 532 533 if (hdev->features[0][4] & LMP_EV5) 534 hdev->esco_type |= (ESCO_EV5); 535 536 if (hdev->features[0][5] & LMP_EDR_ESCO_2M) 537 hdev->esco_type |= (ESCO_2EV3); 538 539 if (hdev->features[0][5] & LMP_EDR_ESCO_3M) 540 hdev->esco_type |= (ESCO_3EV3); 541 542 if (hdev->features[0][5] & LMP_EDR_3S_ESCO) 543 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 544 } 545 546 static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 547 struct sk_buff *skb) 548 { 549 struct hci_rp_read_local_ext_features *rp = (void *) skb->data; 550 551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 552 553 if (rp->status) 554 return; 555 556 if (hdev->max_page < rp->max_page) 557 hdev->max_page = rp->max_page; 558 559 if (rp->page < HCI_MAX_PAGES) 560 memcpy(hdev->features[rp->page], rp->features, 8); 561 } 562 563 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, 564 struct sk_buff *skb) 565 { 566 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data; 567 568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 569 570 if (!rp->status) 571 hdev->flow_ctl_mode = rp->mode; 572 } 573 574 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 575 { 576 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 577 578 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 579 580 if (rp->status) 581 return; 582 583 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 584 hdev->sco_mtu = rp->sco_mtu; 585 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 586 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 587 588 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 589 hdev->sco_mtu = 64; 590 hdev->sco_pkts = 8; 591 } 592 593 hdev->acl_cnt = hdev->acl_pkts; 594 hdev->sco_cnt = hdev->sco_pkts; 595 596 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, 597 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); 598 } 599 600 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 601 { 602 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 603 604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 605 606 if (!rp->status) 607 bacpy(&hdev->bdaddr, &rp->bdaddr); 608 } 609 610 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev, 611 struct sk_buff *skb) 612 { 613 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data; 614 615 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 616 617 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) { 618 hdev->page_scan_interval = __le16_to_cpu(rp->interval); 619 hdev->page_scan_window = __le16_to_cpu(rp->window); 620 } 621 } 622 623 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev, 624 struct sk_buff *skb) 625 { 626 u8 status = *((u8 *) skb->data); 627 struct hci_cp_write_page_scan_activity *sent; 628 629 BT_DBG("%s status 0x%2.2x", hdev->name, status); 630 631 if (status) 632 return; 633 634 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY); 635 if (!sent) 636 return; 637 638 hdev->page_scan_interval = __le16_to_cpu(sent->interval); 639 hdev->page_scan_window = __le16_to_cpu(sent->window); 640 } 641 642 static void hci_cc_read_page_scan_type(struct hci_dev *hdev, 643 struct sk_buff *skb) 644 { 645 struct hci_rp_read_page_scan_type *rp = (void *) skb->data; 646 647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 648 649 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) 650 hdev->page_scan_type = rp->type; 651 } 652 653 static void hci_cc_write_page_scan_type(struct hci_dev *hdev, 654 struct sk_buff *skb) 655 { 656 u8 status = *((u8 *) skb->data); 657 u8 *type; 658 659 BT_DBG("%s status 0x%2.2x", hdev->name, status); 660 661 if (status) 662 return; 663 664 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE); 665 if (type) 666 hdev->page_scan_type = *type; 667 } 668 669 static void hci_cc_read_data_block_size(struct hci_dev *hdev, 670 struct sk_buff *skb) 671 { 672 struct hci_rp_read_data_block_size *rp = (void *) skb->data; 673 674 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 675 676 if (rp->status) 677 return; 678 679 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len); 680 hdev->block_len = __le16_to_cpu(rp->block_len); 681 hdev->num_blocks = __le16_to_cpu(rp->num_blocks); 682 683 hdev->block_cnt = hdev->num_blocks; 684 685 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu, 686 hdev->block_cnt, hdev->block_len); 687 } 688 689 static void hci_cc_read_local_amp_info(struct hci_dev *hdev, 690 struct sk_buff *skb) 691 { 692 struct hci_rp_read_local_amp_info *rp = (void *) skb->data; 693 694 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 695 696 if (rp->status) 697 goto a2mp_rsp; 698 699 hdev->amp_status = rp->amp_status; 700 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 701 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw); 702 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency); 703 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu); 704 hdev->amp_type = rp->amp_type; 705 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap); 706 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size); 707 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to); 708 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 709 710 a2mp_rsp: 711 a2mp_send_getinfo_rsp(hdev); 712 } 713 714 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev, 715 struct sk_buff *skb) 716 { 717 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data; 718 struct amp_assoc *assoc = &hdev->loc_assoc; 719 size_t rem_len, frag_len; 720 721 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 722 723 if (rp->status) 724 goto a2mp_rsp; 725 726 frag_len = skb->len - sizeof(*rp); 727 rem_len = __le16_to_cpu(rp->rem_len); 728 729 if (rem_len > frag_len) { 730 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len); 731 732 memcpy(assoc->data + assoc->offset, rp->frag, frag_len); 733 assoc->offset += frag_len; 734 735 /* Read other fragments */ 736 amp_read_loc_assoc_frag(hdev, rp->phy_handle); 737 738 return; 739 } 740 741 memcpy(assoc->data + assoc->offset, rp->frag, rem_len); 742 assoc->len = assoc->offset + rem_len; 743 assoc->offset = 0; 744 745 a2mp_rsp: 746 /* Send A2MP Rsp when all fragments are received */ 747 a2mp_send_getampassoc_rsp(hdev, rp->status); 748 a2mp_send_create_phy_link_req(hdev, rp->status); 749 } 750 751 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 752 struct sk_buff *skb) 753 { 754 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data; 755 756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 757 758 if (!rp->status) 759 hdev->inq_tx_power = rp->tx_power; 760 } 761 762 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb) 763 { 764 struct hci_rp_pin_code_reply *rp = (void *) skb->data; 765 struct hci_cp_pin_code_reply *cp; 766 struct hci_conn *conn; 767 768 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 769 770 hci_dev_lock(hdev); 771 772 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 773 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status); 774 775 if (rp->status) 776 goto unlock; 777 778 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY); 779 if (!cp) 780 goto unlock; 781 782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 783 if (conn) 784 conn->pin_length = cp->pin_len; 785 786 unlock: 787 hci_dev_unlock(hdev); 788 } 789 790 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 791 { 792 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 793 794 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 795 796 hci_dev_lock(hdev); 797 798 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 799 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr, 800 rp->status); 801 802 hci_dev_unlock(hdev); 803 } 804 805 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev, 806 struct sk_buff *skb) 807 { 808 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 809 810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 811 812 if (rp->status) 813 return; 814 815 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); 816 hdev->le_pkts = rp->le_max_pkt; 817 818 hdev->le_cnt = hdev->le_pkts; 819 820 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); 821 } 822 823 static void hci_cc_le_read_local_features(struct hci_dev *hdev, 824 struct sk_buff *skb) 825 { 826 struct hci_rp_le_read_local_features *rp = (void *) skb->data; 827 828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 829 830 if (!rp->status) 831 memcpy(hdev->le_features, rp->features, 8); 832 } 833 834 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev, 835 struct sk_buff *skb) 836 { 837 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data; 838 839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 840 841 if (!rp->status) 842 hdev->adv_tx_power = rp->tx_power; 843 } 844 845 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 846 { 847 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 848 849 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 850 851 hci_dev_lock(hdev); 852 853 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 854 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0, 855 rp->status); 856 857 hci_dev_unlock(hdev); 858 } 859 860 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev, 861 struct sk_buff *skb) 862 { 863 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 864 865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 866 867 hci_dev_lock(hdev); 868 869 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 870 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr, 871 ACL_LINK, 0, rp->status); 872 873 hci_dev_unlock(hdev); 874 } 875 876 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb) 877 { 878 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 879 880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 881 882 hci_dev_lock(hdev); 883 884 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 885 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 886 0, rp->status); 887 888 hci_dev_unlock(hdev); 889 } 890 891 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev, 892 struct sk_buff *skb) 893 { 894 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 895 896 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 897 898 hci_dev_lock(hdev); 899 900 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 901 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr, 902 ACL_LINK, 0, rp->status); 903 904 hci_dev_unlock(hdev); 905 } 906 907 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, 908 struct sk_buff *skb) 909 { 910 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 911 912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 913 914 hci_dev_lock(hdev); 915 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash, 916 rp->randomizer, rp->status); 917 hci_dev_unlock(hdev); 918 } 919 920 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb) 921 { 922 __u8 *sent, status = *((__u8 *) skb->data); 923 924 BT_DBG("%s status 0x%2.2x", hdev->name, status); 925 926 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE); 927 if (!sent) 928 return; 929 930 hci_dev_lock(hdev); 931 932 if (!status) { 933 if (*sent) 934 set_bit(HCI_ADVERTISING, &hdev->dev_flags); 935 else 936 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 937 } 938 939 hci_dev_unlock(hdev); 940 } 941 942 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, 943 struct sk_buff *skb) 944 { 945 struct hci_cp_le_set_scan_enable *cp; 946 __u8 status = *((__u8 *) skb->data); 947 948 BT_DBG("%s status 0x%2.2x", hdev->name, status); 949 950 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 951 if (!cp) 952 return; 953 954 if (status) 955 return; 956 957 switch (cp->enable) { 958 case LE_SCAN_ENABLE: 959 set_bit(HCI_LE_SCAN, &hdev->dev_flags); 960 break; 961 962 case LE_SCAN_DISABLE: 963 clear_bit(HCI_LE_SCAN, &hdev->dev_flags); 964 break; 965 966 default: 967 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); 968 break; 969 } 970 } 971 972 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, 973 struct sk_buff *skb) 974 { 975 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data; 976 977 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size); 978 979 if (!rp->status) 980 hdev->le_white_list_size = rp->size; 981 } 982 983 static void hci_cc_le_read_supported_states(struct hci_dev *hdev, 984 struct sk_buff *skb) 985 { 986 struct hci_rp_le_read_supported_states *rp = (void *) skb->data; 987 988 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 989 990 if (!rp->status) 991 memcpy(hdev->le_states, rp->le_states, 8); 992 } 993 994 static void hci_cc_write_le_host_supported(struct hci_dev *hdev, 995 struct sk_buff *skb) 996 { 997 struct hci_cp_write_le_host_supported *sent; 998 __u8 status = *((__u8 *) skb->data); 999 1000 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1001 1002 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED); 1003 if (!sent) 1004 return; 1005 1006 if (!status) { 1007 if (sent->le) { 1008 hdev->features[1][0] |= LMP_HOST_LE; 1009 set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1010 } else { 1011 hdev->features[1][0] &= ~LMP_HOST_LE; 1012 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1013 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 1014 } 1015 1016 if (sent->simul) 1017 hdev->features[1][0] |= LMP_HOST_LE_BREDR; 1018 else 1019 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; 1020 } 1021 } 1022 1023 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev, 1024 struct sk_buff *skb) 1025 { 1026 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data; 1027 1028 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x", 1029 hdev->name, rp->status, rp->phy_handle); 1030 1031 if (rp->status) 1032 return; 1033 1034 amp_write_rem_assoc_continue(hdev, rp->phy_handle); 1035 } 1036 1037 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1038 { 1039 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1040 1041 if (status) { 1042 hci_conn_check_pending(hdev); 1043 return; 1044 } 1045 1046 set_bit(HCI_INQUIRY, &hdev->flags); 1047 } 1048 1049 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 1050 { 1051 struct hci_cp_create_conn *cp; 1052 struct hci_conn *conn; 1053 1054 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1055 1056 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 1057 if (!cp) 1058 return; 1059 1060 hci_dev_lock(hdev); 1061 1062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1063 1064 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn); 1065 1066 if (status) { 1067 if (conn && conn->state == BT_CONNECT) { 1068 if (status != 0x0c || conn->attempt > 2) { 1069 conn->state = BT_CLOSED; 1070 hci_proto_connect_cfm(conn, status); 1071 hci_conn_del(conn); 1072 } else 1073 conn->state = BT_CONNECT2; 1074 } 1075 } else { 1076 if (!conn) { 1077 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 1078 if (conn) { 1079 conn->out = true; 1080 conn->link_mode |= HCI_LM_MASTER; 1081 } else 1082 BT_ERR("No memory for new connection"); 1083 } 1084 } 1085 1086 hci_dev_unlock(hdev); 1087 } 1088 1089 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 1090 { 1091 struct hci_cp_add_sco *cp; 1092 struct hci_conn *acl, *sco; 1093 __u16 handle; 1094 1095 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1096 1097 if (!status) 1098 return; 1099 1100 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 1101 if (!cp) 1102 return; 1103 1104 handle = __le16_to_cpu(cp->handle); 1105 1106 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1107 1108 hci_dev_lock(hdev); 1109 1110 acl = hci_conn_hash_lookup_handle(hdev, handle); 1111 if (acl) { 1112 sco = acl->link; 1113 if (sco) { 1114 sco->state = BT_CLOSED; 1115 1116 hci_proto_connect_cfm(sco, status); 1117 hci_conn_del(sco); 1118 } 1119 } 1120 1121 hci_dev_unlock(hdev); 1122 } 1123 1124 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 1125 { 1126 struct hci_cp_auth_requested *cp; 1127 struct hci_conn *conn; 1128 1129 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1130 1131 if (!status) 1132 return; 1133 1134 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 1135 if (!cp) 1136 return; 1137 1138 hci_dev_lock(hdev); 1139 1140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1141 if (conn) { 1142 if (conn->state == BT_CONFIG) { 1143 hci_proto_connect_cfm(conn, status); 1144 hci_conn_drop(conn); 1145 } 1146 } 1147 1148 hci_dev_unlock(hdev); 1149 } 1150 1151 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 1152 { 1153 struct hci_cp_set_conn_encrypt *cp; 1154 struct hci_conn *conn; 1155 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1157 1158 if (!status) 1159 return; 1160 1161 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 1162 if (!cp) 1163 return; 1164 1165 hci_dev_lock(hdev); 1166 1167 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1168 if (conn) { 1169 if (conn->state == BT_CONFIG) { 1170 hci_proto_connect_cfm(conn, status); 1171 hci_conn_drop(conn); 1172 } 1173 } 1174 1175 hci_dev_unlock(hdev); 1176 } 1177 1178 static int hci_outgoing_auth_needed(struct hci_dev *hdev, 1179 struct hci_conn *conn) 1180 { 1181 if (conn->state != BT_CONFIG || !conn->out) 1182 return 0; 1183 1184 if (conn->pending_sec_level == BT_SECURITY_SDP) 1185 return 0; 1186 1187 /* Only request authentication for SSP connections or non-SSP 1188 * devices with sec_level HIGH or if MITM protection is requested */ 1189 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && 1190 conn->pending_sec_level != BT_SECURITY_HIGH) 1191 return 0; 1192 1193 return 1; 1194 } 1195 1196 static int hci_resolve_name(struct hci_dev *hdev, 1197 struct inquiry_entry *e) 1198 { 1199 struct hci_cp_remote_name_req cp; 1200 1201 memset(&cp, 0, sizeof(cp)); 1202 1203 bacpy(&cp.bdaddr, &e->data.bdaddr); 1204 cp.pscan_rep_mode = e->data.pscan_rep_mode; 1205 cp.pscan_mode = e->data.pscan_mode; 1206 cp.clock_offset = e->data.clock_offset; 1207 1208 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1209 } 1210 1211 static bool hci_resolve_next_name(struct hci_dev *hdev) 1212 { 1213 struct discovery_state *discov = &hdev->discovery; 1214 struct inquiry_entry *e; 1215 1216 if (list_empty(&discov->resolve)) 1217 return false; 1218 1219 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1220 if (!e) 1221 return false; 1222 1223 if (hci_resolve_name(hdev, e) == 0) { 1224 e->name_state = NAME_PENDING; 1225 return true; 1226 } 1227 1228 return false; 1229 } 1230 1231 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, 1232 bdaddr_t *bdaddr, u8 *name, u8 name_len) 1233 { 1234 struct discovery_state *discov = &hdev->discovery; 1235 struct inquiry_entry *e; 1236 1237 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 1238 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name, 1239 name_len, conn->dev_class); 1240 1241 if (discov->state == DISCOVERY_STOPPED) 1242 return; 1243 1244 if (discov->state == DISCOVERY_STOPPING) 1245 goto discov_complete; 1246 1247 if (discov->state != DISCOVERY_RESOLVING) 1248 return; 1249 1250 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); 1251 /* If the device was not found in a list of found devices names of which 1252 * are pending. there is no need to continue resolving a next name as it 1253 * will be done upon receiving another Remote Name Request Complete 1254 * Event */ 1255 if (!e) 1256 return; 1257 1258 list_del(&e->list); 1259 if (name) { 1260 e->name_state = NAME_KNOWN; 1261 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, 1262 e->data.rssi, name, name_len); 1263 } else { 1264 e->name_state = NAME_NOT_KNOWN; 1265 } 1266 1267 if (hci_resolve_next_name(hdev)) 1268 return; 1269 1270 discov_complete: 1271 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1272 } 1273 1274 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1275 { 1276 struct hci_cp_remote_name_req *cp; 1277 struct hci_conn *conn; 1278 1279 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1280 1281 /* If successful wait for the name req complete event before 1282 * checking for the need to do authentication */ 1283 if (!status) 1284 return; 1285 1286 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 1287 if (!cp) 1288 return; 1289 1290 hci_dev_lock(hdev); 1291 1292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1293 1294 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 1295 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0); 1296 1297 if (!conn) 1298 goto unlock; 1299 1300 if (!hci_outgoing_auth_needed(hdev, conn)) 1301 goto unlock; 1302 1303 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 1304 struct hci_cp_auth_requested auth_cp; 1305 1306 auth_cp.handle = __cpu_to_le16(conn->handle); 1307 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1308 sizeof(auth_cp), &auth_cp); 1309 } 1310 1311 unlock: 1312 hci_dev_unlock(hdev); 1313 } 1314 1315 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1316 { 1317 struct hci_cp_read_remote_features *cp; 1318 struct hci_conn *conn; 1319 1320 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1321 1322 if (!status) 1323 return; 1324 1325 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 1326 if (!cp) 1327 return; 1328 1329 hci_dev_lock(hdev); 1330 1331 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1332 if (conn) { 1333 if (conn->state == BT_CONFIG) { 1334 hci_proto_connect_cfm(conn, status); 1335 hci_conn_drop(conn); 1336 } 1337 } 1338 1339 hci_dev_unlock(hdev); 1340 } 1341 1342 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 1343 { 1344 struct hci_cp_read_remote_ext_features *cp; 1345 struct hci_conn *conn; 1346 1347 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1348 1349 if (!status) 1350 return; 1351 1352 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 1353 if (!cp) 1354 return; 1355 1356 hci_dev_lock(hdev); 1357 1358 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1359 if (conn) { 1360 if (conn->state == BT_CONFIG) { 1361 hci_proto_connect_cfm(conn, status); 1362 hci_conn_drop(conn); 1363 } 1364 } 1365 1366 hci_dev_unlock(hdev); 1367 } 1368 1369 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 1370 { 1371 struct hci_cp_setup_sync_conn *cp; 1372 struct hci_conn *acl, *sco; 1373 __u16 handle; 1374 1375 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1376 1377 if (!status) 1378 return; 1379 1380 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 1381 if (!cp) 1382 return; 1383 1384 handle = __le16_to_cpu(cp->handle); 1385 1386 BT_DBG("%s handle 0x%4.4x", hdev->name, handle); 1387 1388 hci_dev_lock(hdev); 1389 1390 acl = hci_conn_hash_lookup_handle(hdev, handle); 1391 if (acl) { 1392 sco = acl->link; 1393 if (sco) { 1394 sco->state = BT_CLOSED; 1395 1396 hci_proto_connect_cfm(sco, status); 1397 hci_conn_del(sco); 1398 } 1399 } 1400 1401 hci_dev_unlock(hdev); 1402 } 1403 1404 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1405 { 1406 struct hci_cp_sniff_mode *cp; 1407 struct hci_conn *conn; 1408 1409 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1410 1411 if (!status) 1412 return; 1413 1414 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1415 if (!cp) 1416 return; 1417 1418 hci_dev_lock(hdev); 1419 1420 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1421 if (conn) { 1422 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1423 1424 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1425 hci_sco_setup(conn, status); 1426 } 1427 1428 hci_dev_unlock(hdev); 1429 } 1430 1431 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1432 { 1433 struct hci_cp_exit_sniff_mode *cp; 1434 struct hci_conn *conn; 1435 1436 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1437 1438 if (!status) 1439 return; 1440 1441 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1442 if (!cp) 1443 return; 1444 1445 hci_dev_lock(hdev); 1446 1447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1448 if (conn) { 1449 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags); 1450 1451 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 1452 hci_sco_setup(conn, status); 1453 } 1454 1455 hci_dev_unlock(hdev); 1456 } 1457 1458 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status) 1459 { 1460 struct hci_cp_disconnect *cp; 1461 struct hci_conn *conn; 1462 1463 if (!status) 1464 return; 1465 1466 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT); 1467 if (!cp) 1468 return; 1469 1470 hci_dev_lock(hdev); 1471 1472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1473 if (conn) 1474 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 1475 conn->dst_type, status); 1476 1477 hci_dev_unlock(hdev); 1478 } 1479 1480 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status) 1481 { 1482 struct hci_cp_create_phy_link *cp; 1483 1484 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1485 1486 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK); 1487 if (!cp) 1488 return; 1489 1490 hci_dev_lock(hdev); 1491 1492 if (status) { 1493 struct hci_conn *hcon; 1494 1495 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle); 1496 if (hcon) 1497 hci_conn_del(hcon); 1498 } else { 1499 amp_write_remote_assoc(hdev, cp->phy_handle); 1500 } 1501 1502 hci_dev_unlock(hdev); 1503 } 1504 1505 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status) 1506 { 1507 struct hci_cp_accept_phy_link *cp; 1508 1509 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1510 1511 if (status) 1512 return; 1513 1514 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK); 1515 if (!cp) 1516 return; 1517 1518 amp_write_remote_assoc(hdev, cp->phy_handle); 1519 } 1520 1521 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1522 { 1523 __u8 status = *((__u8 *) skb->data); 1524 struct discovery_state *discov = &hdev->discovery; 1525 struct inquiry_entry *e; 1526 1527 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1528 1529 hci_conn_check_pending(hdev); 1530 1531 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1532 return; 1533 1534 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ 1535 wake_up_bit(&hdev->flags, HCI_INQUIRY); 1536 1537 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1538 return; 1539 1540 hci_dev_lock(hdev); 1541 1542 if (discov->state != DISCOVERY_FINDING) 1543 goto unlock; 1544 1545 if (list_empty(&discov->resolve)) { 1546 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1547 goto unlock; 1548 } 1549 1550 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED); 1551 if (e && hci_resolve_name(hdev, e) == 0) { 1552 e->name_state = NAME_PENDING; 1553 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING); 1554 } else { 1555 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1556 } 1557 1558 unlock: 1559 hci_dev_unlock(hdev); 1560 } 1561 1562 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1563 { 1564 struct inquiry_data data; 1565 struct inquiry_info *info = (void *) (skb->data + 1); 1566 int num_rsp = *((__u8 *) skb->data); 1567 1568 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1569 1570 if (!num_rsp) 1571 return; 1572 1573 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 1574 return; 1575 1576 hci_dev_lock(hdev); 1577 1578 for (; num_rsp; num_rsp--, info++) { 1579 bool name_known, ssp; 1580 1581 bacpy(&data.bdaddr, &info->bdaddr); 1582 data.pscan_rep_mode = info->pscan_rep_mode; 1583 data.pscan_period_mode = info->pscan_period_mode; 1584 data.pscan_mode = info->pscan_mode; 1585 memcpy(data.dev_class, info->dev_class, 3); 1586 data.clock_offset = info->clock_offset; 1587 data.rssi = 0x00; 1588 data.ssp_mode = 0x00; 1589 1590 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); 1591 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 1592 info->dev_class, 0, !name_known, ssp, NULL, 1593 0); 1594 } 1595 1596 hci_dev_unlock(hdev); 1597 } 1598 1599 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1600 { 1601 struct hci_ev_conn_complete *ev = (void *) skb->data; 1602 struct hci_conn *conn; 1603 1604 BT_DBG("%s", hdev->name); 1605 1606 hci_dev_lock(hdev); 1607 1608 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1609 if (!conn) { 1610 if (ev->link_type != SCO_LINK) 1611 goto unlock; 1612 1613 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1614 if (!conn) 1615 goto unlock; 1616 1617 conn->type = SCO_LINK; 1618 } 1619 1620 if (!ev->status) { 1621 conn->handle = __le16_to_cpu(ev->handle); 1622 1623 if (conn->type == ACL_LINK) { 1624 conn->state = BT_CONFIG; 1625 hci_conn_hold(conn); 1626 1627 if (!conn->out && !hci_conn_ssp_enabled(conn) && 1628 !hci_find_link_key(hdev, &ev->bdaddr)) 1629 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 1630 else 1631 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1632 } else 1633 conn->state = BT_CONNECTED; 1634 1635 hci_conn_add_sysfs(conn); 1636 1637 if (test_bit(HCI_AUTH, &hdev->flags)) 1638 conn->link_mode |= HCI_LM_AUTH; 1639 1640 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1641 conn->link_mode |= HCI_LM_ENCRYPT; 1642 1643 /* Get remote features */ 1644 if (conn->type == ACL_LINK) { 1645 struct hci_cp_read_remote_features cp; 1646 cp.handle = ev->handle; 1647 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1648 sizeof(cp), &cp); 1649 } 1650 1651 /* Set packet type for incoming connection */ 1652 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) { 1653 struct hci_cp_change_conn_ptype cp; 1654 cp.handle = ev->handle; 1655 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1656 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), 1657 &cp); 1658 } 1659 } else { 1660 conn->state = BT_CLOSED; 1661 if (conn->type == ACL_LINK) 1662 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, 1663 conn->dst_type, ev->status); 1664 } 1665 1666 if (conn->type == ACL_LINK) 1667 hci_sco_setup(conn, ev->status); 1668 1669 if (ev->status) { 1670 hci_proto_connect_cfm(conn, ev->status); 1671 hci_conn_del(conn); 1672 } else if (ev->link_type != ACL_LINK) 1673 hci_proto_connect_cfm(conn, ev->status); 1674 1675 unlock: 1676 hci_dev_unlock(hdev); 1677 1678 hci_conn_check_pending(hdev); 1679 } 1680 1681 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1682 { 1683 struct hci_ev_conn_request *ev = (void *) skb->data; 1684 int mask = hdev->link_mode; 1685 __u8 flags = 0; 1686 1687 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr, 1688 ev->link_type); 1689 1690 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type, 1691 &flags); 1692 1693 if ((mask & HCI_LM_ACCEPT) && 1694 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) { 1695 /* Connection accepted */ 1696 struct inquiry_entry *ie; 1697 struct hci_conn *conn; 1698 1699 hci_dev_lock(hdev); 1700 1701 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1702 if (ie) 1703 memcpy(ie->data.dev_class, ev->dev_class, 3); 1704 1705 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, 1706 &ev->bdaddr); 1707 if (!conn) { 1708 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1709 if (!conn) { 1710 BT_ERR("No memory for new connection"); 1711 hci_dev_unlock(hdev); 1712 return; 1713 } 1714 } 1715 1716 memcpy(conn->dev_class, ev->dev_class, 3); 1717 1718 hci_dev_unlock(hdev); 1719 1720 if (ev->link_type == ACL_LINK || 1721 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) { 1722 struct hci_cp_accept_conn_req cp; 1723 conn->state = BT_CONNECT; 1724 1725 bacpy(&cp.bdaddr, &ev->bdaddr); 1726 1727 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1728 cp.role = 0x00; /* Become master */ 1729 else 1730 cp.role = 0x01; /* Remain slave */ 1731 1732 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), 1733 &cp); 1734 } else if (!(flags & HCI_PROTO_DEFER)) { 1735 struct hci_cp_accept_sync_conn_req cp; 1736 conn->state = BT_CONNECT; 1737 1738 bacpy(&cp.bdaddr, &ev->bdaddr); 1739 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1740 1741 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 1742 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 1743 cp.max_latency = __constant_cpu_to_le16(0xffff); 1744 cp.content_format = cpu_to_le16(hdev->voice_setting); 1745 cp.retrans_effort = 0xff; 1746 1747 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1748 sizeof(cp), &cp); 1749 } else { 1750 conn->state = BT_CONNECT2; 1751 hci_proto_connect_cfm(conn, 0); 1752 } 1753 } else { 1754 /* Connection rejected */ 1755 struct hci_cp_reject_conn_req cp; 1756 1757 bacpy(&cp.bdaddr, &ev->bdaddr); 1758 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 1759 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1760 } 1761 } 1762 1763 static u8 hci_to_mgmt_reason(u8 err) 1764 { 1765 switch (err) { 1766 case HCI_ERROR_CONNECTION_TIMEOUT: 1767 return MGMT_DEV_DISCONN_TIMEOUT; 1768 case HCI_ERROR_REMOTE_USER_TERM: 1769 case HCI_ERROR_REMOTE_LOW_RESOURCES: 1770 case HCI_ERROR_REMOTE_POWER_OFF: 1771 return MGMT_DEV_DISCONN_REMOTE; 1772 case HCI_ERROR_LOCAL_HOST_TERM: 1773 return MGMT_DEV_DISCONN_LOCAL_HOST; 1774 default: 1775 return MGMT_DEV_DISCONN_UNKNOWN; 1776 } 1777 } 1778 1779 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1780 { 1781 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1782 u8 reason = hci_to_mgmt_reason(ev->reason); 1783 struct hci_conn *conn; 1784 u8 type; 1785 1786 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1787 1788 hci_dev_lock(hdev); 1789 1790 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1791 if (!conn) 1792 goto unlock; 1793 1794 if (ev->status) { 1795 mgmt_disconnect_failed(hdev, &conn->dst, conn->type, 1796 conn->dst_type, ev->status); 1797 goto unlock; 1798 } 1799 1800 conn->state = BT_CLOSED; 1801 1802 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 1803 mgmt_device_disconnected(hdev, &conn->dst, conn->type, 1804 conn->dst_type, reason); 1805 1806 if (conn->type == ACL_LINK && conn->flush_key) 1807 hci_remove_link_key(hdev, &conn->dst); 1808 1809 type = conn->type; 1810 1811 hci_proto_disconn_cfm(conn, ev->reason); 1812 hci_conn_del(conn); 1813 1814 /* Re-enable advertising if necessary, since it might 1815 * have been disabled by the connection. From the 1816 * HCI_LE_Set_Advertise_Enable command description in 1817 * the core specification (v4.0): 1818 * "The Controller shall continue advertising until the Host 1819 * issues an LE_Set_Advertise_Enable command with 1820 * Advertising_Enable set to 0x00 (Advertising is disabled) 1821 * or until a connection is created or until the Advertising 1822 * is timed out due to Directed Advertising." 1823 */ 1824 if (type == LE_LINK) 1825 mgmt_reenable_advertising(hdev); 1826 1827 unlock: 1828 hci_dev_unlock(hdev); 1829 } 1830 1831 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1832 { 1833 struct hci_ev_auth_complete *ev = (void *) skb->data; 1834 struct hci_conn *conn; 1835 1836 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1837 1838 hci_dev_lock(hdev); 1839 1840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1841 if (!conn) 1842 goto unlock; 1843 1844 if (!ev->status) { 1845 if (!hci_conn_ssp_enabled(conn) && 1846 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) { 1847 BT_INFO("re-auth of legacy device is not possible."); 1848 } else { 1849 conn->link_mode |= HCI_LM_AUTH; 1850 conn->sec_level = conn->pending_sec_level; 1851 } 1852 } else { 1853 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 1854 ev->status); 1855 } 1856 1857 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 1858 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 1859 1860 if (conn->state == BT_CONFIG) { 1861 if (!ev->status && hci_conn_ssp_enabled(conn)) { 1862 struct hci_cp_set_conn_encrypt cp; 1863 cp.handle = ev->handle; 1864 cp.encrypt = 0x01; 1865 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 1866 &cp); 1867 } else { 1868 conn->state = BT_CONNECTED; 1869 hci_proto_connect_cfm(conn, ev->status); 1870 hci_conn_drop(conn); 1871 } 1872 } else { 1873 hci_auth_cfm(conn, ev->status); 1874 1875 hci_conn_hold(conn); 1876 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1877 hci_conn_drop(conn); 1878 } 1879 1880 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 1881 if (!ev->status) { 1882 struct hci_cp_set_conn_encrypt cp; 1883 cp.handle = ev->handle; 1884 cp.encrypt = 0x01; 1885 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 1886 &cp); 1887 } else { 1888 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 1889 hci_encrypt_cfm(conn, ev->status, 0x00); 1890 } 1891 } 1892 1893 unlock: 1894 hci_dev_unlock(hdev); 1895 } 1896 1897 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1898 { 1899 struct hci_ev_remote_name *ev = (void *) skb->data; 1900 struct hci_conn *conn; 1901 1902 BT_DBG("%s", hdev->name); 1903 1904 hci_conn_check_pending(hdev); 1905 1906 hci_dev_lock(hdev); 1907 1908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1909 1910 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1911 goto check_auth; 1912 1913 if (ev->status == 0) 1914 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name, 1915 strnlen(ev->name, HCI_MAX_NAME_LENGTH)); 1916 else 1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0); 1918 1919 check_auth: 1920 if (!conn) 1921 goto unlock; 1922 1923 if (!hci_outgoing_auth_needed(hdev, conn)) 1924 goto unlock; 1925 1926 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 1927 struct hci_cp_auth_requested cp; 1928 cp.handle = __cpu_to_le16(conn->handle); 1929 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1930 } 1931 1932 unlock: 1933 hci_dev_unlock(hdev); 1934 } 1935 1936 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1937 { 1938 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1939 struct hci_conn *conn; 1940 1941 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1942 1943 hci_dev_lock(hdev); 1944 1945 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1946 if (conn) { 1947 if (!ev->status) { 1948 if (ev->encrypt) { 1949 /* Encryption implies authentication */ 1950 conn->link_mode |= HCI_LM_AUTH; 1951 conn->link_mode |= HCI_LM_ENCRYPT; 1952 conn->sec_level = conn->pending_sec_level; 1953 } else 1954 conn->link_mode &= ~HCI_LM_ENCRYPT; 1955 } 1956 1957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 1958 1959 if (ev->status && conn->state == BT_CONNECTED) { 1960 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 1961 hci_conn_drop(conn); 1962 goto unlock; 1963 } 1964 1965 if (conn->state == BT_CONFIG) { 1966 if (!ev->status) 1967 conn->state = BT_CONNECTED; 1968 1969 hci_proto_connect_cfm(conn, ev->status); 1970 hci_conn_drop(conn); 1971 } else 1972 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1973 } 1974 1975 unlock: 1976 hci_dev_unlock(hdev); 1977 } 1978 1979 static void hci_change_link_key_complete_evt(struct hci_dev *hdev, 1980 struct sk_buff *skb) 1981 { 1982 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1983 struct hci_conn *conn; 1984 1985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1986 1987 hci_dev_lock(hdev); 1988 1989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1990 if (conn) { 1991 if (!ev->status) 1992 conn->link_mode |= HCI_LM_SECURE; 1993 1994 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 1995 1996 hci_key_change_cfm(conn, ev->status); 1997 } 1998 1999 hci_dev_unlock(hdev); 2000 } 2001 2002 static void hci_remote_features_evt(struct hci_dev *hdev, 2003 struct sk_buff *skb) 2004 { 2005 struct hci_ev_remote_features *ev = (void *) skb->data; 2006 struct hci_conn *conn; 2007 2008 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2009 2010 hci_dev_lock(hdev); 2011 2012 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2013 if (!conn) 2014 goto unlock; 2015 2016 if (!ev->status) 2017 memcpy(conn->features[0], ev->features, 8); 2018 2019 if (conn->state != BT_CONFIG) 2020 goto unlock; 2021 2022 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 2023 struct hci_cp_read_remote_ext_features cp; 2024 cp.handle = ev->handle; 2025 cp.page = 0x01; 2026 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 2027 sizeof(cp), &cp); 2028 goto unlock; 2029 } 2030 2031 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 2032 struct hci_cp_remote_name_req cp; 2033 memset(&cp, 0, sizeof(cp)); 2034 bacpy(&cp.bdaddr, &conn->dst); 2035 cp.pscan_rep_mode = 0x02; 2036 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2037 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2038 mgmt_device_connected(hdev, &conn->dst, conn->type, 2039 conn->dst_type, 0, NULL, 0, 2040 conn->dev_class); 2041 2042 if (!hci_outgoing_auth_needed(hdev, conn)) { 2043 conn->state = BT_CONNECTED; 2044 hci_proto_connect_cfm(conn, ev->status); 2045 hci_conn_drop(conn); 2046 } 2047 2048 unlock: 2049 hci_dev_unlock(hdev); 2050 } 2051 2052 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2053 { 2054 struct hci_ev_cmd_complete *ev = (void *) skb->data; 2055 u8 status = skb->data[sizeof(*ev)]; 2056 __u16 opcode; 2057 2058 skb_pull(skb, sizeof(*ev)); 2059 2060 opcode = __le16_to_cpu(ev->opcode); 2061 2062 switch (opcode) { 2063 case HCI_OP_INQUIRY_CANCEL: 2064 hci_cc_inquiry_cancel(hdev, skb); 2065 break; 2066 2067 case HCI_OP_PERIODIC_INQ: 2068 hci_cc_periodic_inq(hdev, skb); 2069 break; 2070 2071 case HCI_OP_EXIT_PERIODIC_INQ: 2072 hci_cc_exit_periodic_inq(hdev, skb); 2073 break; 2074 2075 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 2076 hci_cc_remote_name_req_cancel(hdev, skb); 2077 break; 2078 2079 case HCI_OP_ROLE_DISCOVERY: 2080 hci_cc_role_discovery(hdev, skb); 2081 break; 2082 2083 case HCI_OP_READ_LINK_POLICY: 2084 hci_cc_read_link_policy(hdev, skb); 2085 break; 2086 2087 case HCI_OP_WRITE_LINK_POLICY: 2088 hci_cc_write_link_policy(hdev, skb); 2089 break; 2090 2091 case HCI_OP_READ_DEF_LINK_POLICY: 2092 hci_cc_read_def_link_policy(hdev, skb); 2093 break; 2094 2095 case HCI_OP_WRITE_DEF_LINK_POLICY: 2096 hci_cc_write_def_link_policy(hdev, skb); 2097 break; 2098 2099 case HCI_OP_RESET: 2100 hci_cc_reset(hdev, skb); 2101 break; 2102 2103 case HCI_OP_WRITE_LOCAL_NAME: 2104 hci_cc_write_local_name(hdev, skb); 2105 break; 2106 2107 case HCI_OP_READ_LOCAL_NAME: 2108 hci_cc_read_local_name(hdev, skb); 2109 break; 2110 2111 case HCI_OP_WRITE_AUTH_ENABLE: 2112 hci_cc_write_auth_enable(hdev, skb); 2113 break; 2114 2115 case HCI_OP_WRITE_ENCRYPT_MODE: 2116 hci_cc_write_encrypt_mode(hdev, skb); 2117 break; 2118 2119 case HCI_OP_WRITE_SCAN_ENABLE: 2120 hci_cc_write_scan_enable(hdev, skb); 2121 break; 2122 2123 case HCI_OP_READ_CLASS_OF_DEV: 2124 hci_cc_read_class_of_dev(hdev, skb); 2125 break; 2126 2127 case HCI_OP_WRITE_CLASS_OF_DEV: 2128 hci_cc_write_class_of_dev(hdev, skb); 2129 break; 2130 2131 case HCI_OP_READ_VOICE_SETTING: 2132 hci_cc_read_voice_setting(hdev, skb); 2133 break; 2134 2135 case HCI_OP_WRITE_VOICE_SETTING: 2136 hci_cc_write_voice_setting(hdev, skb); 2137 break; 2138 2139 case HCI_OP_READ_NUM_SUPPORTED_IAC: 2140 hci_cc_read_num_supported_iac(hdev, skb); 2141 break; 2142 2143 case HCI_OP_WRITE_SSP_MODE: 2144 hci_cc_write_ssp_mode(hdev, skb); 2145 break; 2146 2147 case HCI_OP_READ_LOCAL_VERSION: 2148 hci_cc_read_local_version(hdev, skb); 2149 break; 2150 2151 case HCI_OP_READ_LOCAL_COMMANDS: 2152 hci_cc_read_local_commands(hdev, skb); 2153 break; 2154 2155 case HCI_OP_READ_LOCAL_FEATURES: 2156 hci_cc_read_local_features(hdev, skb); 2157 break; 2158 2159 case HCI_OP_READ_LOCAL_EXT_FEATURES: 2160 hci_cc_read_local_ext_features(hdev, skb); 2161 break; 2162 2163 case HCI_OP_READ_BUFFER_SIZE: 2164 hci_cc_read_buffer_size(hdev, skb); 2165 break; 2166 2167 case HCI_OP_READ_BD_ADDR: 2168 hci_cc_read_bd_addr(hdev, skb); 2169 break; 2170 2171 case HCI_OP_READ_PAGE_SCAN_ACTIVITY: 2172 hci_cc_read_page_scan_activity(hdev, skb); 2173 break; 2174 2175 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY: 2176 hci_cc_write_page_scan_activity(hdev, skb); 2177 break; 2178 2179 case HCI_OP_READ_PAGE_SCAN_TYPE: 2180 hci_cc_read_page_scan_type(hdev, skb); 2181 break; 2182 2183 case HCI_OP_WRITE_PAGE_SCAN_TYPE: 2184 hci_cc_write_page_scan_type(hdev, skb); 2185 break; 2186 2187 case HCI_OP_READ_DATA_BLOCK_SIZE: 2188 hci_cc_read_data_block_size(hdev, skb); 2189 break; 2190 2191 case HCI_OP_READ_FLOW_CONTROL_MODE: 2192 hci_cc_read_flow_control_mode(hdev, skb); 2193 break; 2194 2195 case HCI_OP_READ_LOCAL_AMP_INFO: 2196 hci_cc_read_local_amp_info(hdev, skb); 2197 break; 2198 2199 case HCI_OP_READ_LOCAL_AMP_ASSOC: 2200 hci_cc_read_local_amp_assoc(hdev, skb); 2201 break; 2202 2203 case HCI_OP_READ_INQ_RSP_TX_POWER: 2204 hci_cc_read_inq_rsp_tx_power(hdev, skb); 2205 break; 2206 2207 case HCI_OP_PIN_CODE_REPLY: 2208 hci_cc_pin_code_reply(hdev, skb); 2209 break; 2210 2211 case HCI_OP_PIN_CODE_NEG_REPLY: 2212 hci_cc_pin_code_neg_reply(hdev, skb); 2213 break; 2214 2215 case HCI_OP_READ_LOCAL_OOB_DATA: 2216 hci_cc_read_local_oob_data_reply(hdev, skb); 2217 break; 2218 2219 case HCI_OP_LE_READ_BUFFER_SIZE: 2220 hci_cc_le_read_buffer_size(hdev, skb); 2221 break; 2222 2223 case HCI_OP_LE_READ_LOCAL_FEATURES: 2224 hci_cc_le_read_local_features(hdev, skb); 2225 break; 2226 2227 case HCI_OP_LE_READ_ADV_TX_POWER: 2228 hci_cc_le_read_adv_tx_power(hdev, skb); 2229 break; 2230 2231 case HCI_OP_USER_CONFIRM_REPLY: 2232 hci_cc_user_confirm_reply(hdev, skb); 2233 break; 2234 2235 case HCI_OP_USER_CONFIRM_NEG_REPLY: 2236 hci_cc_user_confirm_neg_reply(hdev, skb); 2237 break; 2238 2239 case HCI_OP_USER_PASSKEY_REPLY: 2240 hci_cc_user_passkey_reply(hdev, skb); 2241 break; 2242 2243 case HCI_OP_USER_PASSKEY_NEG_REPLY: 2244 hci_cc_user_passkey_neg_reply(hdev, skb); 2245 break; 2246 2247 case HCI_OP_LE_SET_ADV_ENABLE: 2248 hci_cc_le_set_adv_enable(hdev, skb); 2249 break; 2250 2251 case HCI_OP_LE_SET_SCAN_ENABLE: 2252 hci_cc_le_set_scan_enable(hdev, skb); 2253 break; 2254 2255 case HCI_OP_LE_READ_WHITE_LIST_SIZE: 2256 hci_cc_le_read_white_list_size(hdev, skb); 2257 break; 2258 2259 case HCI_OP_LE_READ_SUPPORTED_STATES: 2260 hci_cc_le_read_supported_states(hdev, skb); 2261 break; 2262 2263 case HCI_OP_WRITE_LE_HOST_SUPPORTED: 2264 hci_cc_write_le_host_supported(hdev, skb); 2265 break; 2266 2267 case HCI_OP_WRITE_REMOTE_AMP_ASSOC: 2268 hci_cc_write_remote_amp_assoc(hdev, skb); 2269 break; 2270 2271 default: 2272 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2273 break; 2274 } 2275 2276 if (opcode != HCI_OP_NOP) 2277 del_timer(&hdev->cmd_timer); 2278 2279 hci_req_cmd_complete(hdev, opcode, status); 2280 2281 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2282 atomic_set(&hdev->cmd_cnt, 1); 2283 if (!skb_queue_empty(&hdev->cmd_q)) 2284 queue_work(hdev->workqueue, &hdev->cmd_work); 2285 } 2286 } 2287 2288 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 2289 { 2290 struct hci_ev_cmd_status *ev = (void *) skb->data; 2291 __u16 opcode; 2292 2293 skb_pull(skb, sizeof(*ev)); 2294 2295 opcode = __le16_to_cpu(ev->opcode); 2296 2297 switch (opcode) { 2298 case HCI_OP_INQUIRY: 2299 hci_cs_inquiry(hdev, ev->status); 2300 break; 2301 2302 case HCI_OP_CREATE_CONN: 2303 hci_cs_create_conn(hdev, ev->status); 2304 break; 2305 2306 case HCI_OP_ADD_SCO: 2307 hci_cs_add_sco(hdev, ev->status); 2308 break; 2309 2310 case HCI_OP_AUTH_REQUESTED: 2311 hci_cs_auth_requested(hdev, ev->status); 2312 break; 2313 2314 case HCI_OP_SET_CONN_ENCRYPT: 2315 hci_cs_set_conn_encrypt(hdev, ev->status); 2316 break; 2317 2318 case HCI_OP_REMOTE_NAME_REQ: 2319 hci_cs_remote_name_req(hdev, ev->status); 2320 break; 2321 2322 case HCI_OP_READ_REMOTE_FEATURES: 2323 hci_cs_read_remote_features(hdev, ev->status); 2324 break; 2325 2326 case HCI_OP_READ_REMOTE_EXT_FEATURES: 2327 hci_cs_read_remote_ext_features(hdev, ev->status); 2328 break; 2329 2330 case HCI_OP_SETUP_SYNC_CONN: 2331 hci_cs_setup_sync_conn(hdev, ev->status); 2332 break; 2333 2334 case HCI_OP_SNIFF_MODE: 2335 hci_cs_sniff_mode(hdev, ev->status); 2336 break; 2337 2338 case HCI_OP_EXIT_SNIFF_MODE: 2339 hci_cs_exit_sniff_mode(hdev, ev->status); 2340 break; 2341 2342 case HCI_OP_DISCONNECT: 2343 hci_cs_disconnect(hdev, ev->status); 2344 break; 2345 2346 case HCI_OP_CREATE_PHY_LINK: 2347 hci_cs_create_phylink(hdev, ev->status); 2348 break; 2349 2350 case HCI_OP_ACCEPT_PHY_LINK: 2351 hci_cs_accept_phylink(hdev, ev->status); 2352 break; 2353 2354 default: 2355 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2356 break; 2357 } 2358 2359 if (opcode != HCI_OP_NOP) 2360 del_timer(&hdev->cmd_timer); 2361 2362 if (ev->status || 2363 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event)) 2364 hci_req_cmd_complete(hdev, opcode, ev->status); 2365 2366 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2367 atomic_set(&hdev->cmd_cnt, 1); 2368 if (!skb_queue_empty(&hdev->cmd_q)) 2369 queue_work(hdev->workqueue, &hdev->cmd_work); 2370 } 2371 } 2372 2373 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2374 { 2375 struct hci_ev_role_change *ev = (void *) skb->data; 2376 struct hci_conn *conn; 2377 2378 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2379 2380 hci_dev_lock(hdev); 2381 2382 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2383 if (conn) { 2384 if (!ev->status) { 2385 if (ev->role) 2386 conn->link_mode &= ~HCI_LM_MASTER; 2387 else 2388 conn->link_mode |= HCI_LM_MASTER; 2389 } 2390 2391 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags); 2392 2393 hci_role_switch_cfm(conn, ev->status, ev->role); 2394 } 2395 2396 hci_dev_unlock(hdev); 2397 } 2398 2399 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 2400 { 2401 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 2402 int i; 2403 2404 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { 2405 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2406 return; 2407 } 2408 2409 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2410 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) { 2411 BT_DBG("%s bad parameters", hdev->name); 2412 return; 2413 } 2414 2415 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 2416 2417 for (i = 0; i < ev->num_hndl; i++) { 2418 struct hci_comp_pkts_info *info = &ev->handles[i]; 2419 struct hci_conn *conn; 2420 __u16 handle, count; 2421 2422 handle = __le16_to_cpu(info->handle); 2423 count = __le16_to_cpu(info->count); 2424 2425 conn = hci_conn_hash_lookup_handle(hdev, handle); 2426 if (!conn) 2427 continue; 2428 2429 conn->sent -= count; 2430 2431 switch (conn->type) { 2432 case ACL_LINK: 2433 hdev->acl_cnt += count; 2434 if (hdev->acl_cnt > hdev->acl_pkts) 2435 hdev->acl_cnt = hdev->acl_pkts; 2436 break; 2437 2438 case LE_LINK: 2439 if (hdev->le_pkts) { 2440 hdev->le_cnt += count; 2441 if (hdev->le_cnt > hdev->le_pkts) 2442 hdev->le_cnt = hdev->le_pkts; 2443 } else { 2444 hdev->acl_cnt += count; 2445 if (hdev->acl_cnt > hdev->acl_pkts) 2446 hdev->acl_cnt = hdev->acl_pkts; 2447 } 2448 break; 2449 2450 case SCO_LINK: 2451 hdev->sco_cnt += count; 2452 if (hdev->sco_cnt > hdev->sco_pkts) 2453 hdev->sco_cnt = hdev->sco_pkts; 2454 break; 2455 2456 default: 2457 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2458 break; 2459 } 2460 } 2461 2462 queue_work(hdev->workqueue, &hdev->tx_work); 2463 } 2464 2465 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev, 2466 __u16 handle) 2467 { 2468 struct hci_chan *chan; 2469 2470 switch (hdev->dev_type) { 2471 case HCI_BREDR: 2472 return hci_conn_hash_lookup_handle(hdev, handle); 2473 case HCI_AMP: 2474 chan = hci_chan_lookup_handle(hdev, handle); 2475 if (chan) 2476 return chan->conn; 2477 break; 2478 default: 2479 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type); 2480 break; 2481 } 2482 2483 return NULL; 2484 } 2485 2486 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2487 { 2488 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2489 int i; 2490 2491 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) { 2492 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); 2493 return; 2494 } 2495 2496 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + 2497 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) { 2498 BT_DBG("%s bad parameters", hdev->name); 2499 return; 2500 } 2501 2502 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks, 2503 ev->num_hndl); 2504 2505 for (i = 0; i < ev->num_hndl; i++) { 2506 struct hci_comp_blocks_info *info = &ev->handles[i]; 2507 struct hci_conn *conn = NULL; 2508 __u16 handle, block_count; 2509 2510 handle = __le16_to_cpu(info->handle); 2511 block_count = __le16_to_cpu(info->blocks); 2512 2513 conn = __hci_conn_lookup_handle(hdev, handle); 2514 if (!conn) 2515 continue; 2516 2517 conn->sent -= block_count; 2518 2519 switch (conn->type) { 2520 case ACL_LINK: 2521 case AMP_LINK: 2522 hdev->block_cnt += block_count; 2523 if (hdev->block_cnt > hdev->num_blocks) 2524 hdev->block_cnt = hdev->num_blocks; 2525 break; 2526 2527 default: 2528 BT_ERR("Unknown type %d conn %p", conn->type, conn); 2529 break; 2530 } 2531 } 2532 2533 queue_work(hdev->workqueue, &hdev->tx_work); 2534 } 2535 2536 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2537 { 2538 struct hci_ev_mode_change *ev = (void *) skb->data; 2539 struct hci_conn *conn; 2540 2541 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2542 2543 hci_dev_lock(hdev); 2544 2545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2546 if (conn) { 2547 conn->mode = ev->mode; 2548 2549 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, 2550 &conn->flags)) { 2551 if (conn->mode == HCI_CM_ACTIVE) 2552 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2553 else 2554 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags); 2555 } 2556 2557 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags)) 2558 hci_sco_setup(conn, ev->status); 2559 } 2560 2561 hci_dev_unlock(hdev); 2562 } 2563 2564 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2565 { 2566 struct hci_ev_pin_code_req *ev = (void *) skb->data; 2567 struct hci_conn *conn; 2568 2569 BT_DBG("%s", hdev->name); 2570 2571 hci_dev_lock(hdev); 2572 2573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2574 if (!conn) 2575 goto unlock; 2576 2577 if (conn->state == BT_CONNECTED) { 2578 hci_conn_hold(conn); 2579 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2580 hci_conn_drop(conn); 2581 } 2582 2583 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 2584 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2585 sizeof(ev->bdaddr), &ev->bdaddr); 2586 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) { 2587 u8 secure; 2588 2589 if (conn->pending_sec_level == BT_SECURITY_HIGH) 2590 secure = 1; 2591 else 2592 secure = 0; 2593 2594 mgmt_pin_code_request(hdev, &ev->bdaddr, secure); 2595 } 2596 2597 unlock: 2598 hci_dev_unlock(hdev); 2599 } 2600 2601 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2602 { 2603 struct hci_ev_link_key_req *ev = (void *) skb->data; 2604 struct hci_cp_link_key_reply cp; 2605 struct hci_conn *conn; 2606 struct link_key *key; 2607 2608 BT_DBG("%s", hdev->name); 2609 2610 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2611 return; 2612 2613 hci_dev_lock(hdev); 2614 2615 key = hci_find_link_key(hdev, &ev->bdaddr); 2616 if (!key) { 2617 BT_DBG("%s link key not found for %pMR", hdev->name, 2618 &ev->bdaddr); 2619 goto not_found; 2620 } 2621 2622 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type, 2623 &ev->bdaddr); 2624 2625 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 2626 key->type == HCI_LK_DEBUG_COMBINATION) { 2627 BT_DBG("%s ignoring debug key", hdev->name); 2628 goto not_found; 2629 } 2630 2631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2632 if (conn) { 2633 if (key->type == HCI_LK_UNAUTH_COMBINATION && 2634 conn->auth_type != 0xff && (conn->auth_type & 0x01)) { 2635 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2636 goto not_found; 2637 } 2638 2639 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && 2640 conn->pending_sec_level == BT_SECURITY_HIGH) { 2641 BT_DBG("%s ignoring key unauthenticated for high security", 2642 hdev->name); 2643 goto not_found; 2644 } 2645 2646 conn->key_type = key->type; 2647 conn->pin_length = key->pin_len; 2648 } 2649 2650 bacpy(&cp.bdaddr, &ev->bdaddr); 2651 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE); 2652 2653 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 2654 2655 hci_dev_unlock(hdev); 2656 2657 return; 2658 2659 not_found: 2660 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 2661 hci_dev_unlock(hdev); 2662 } 2663 2664 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2665 { 2666 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2667 struct hci_conn *conn; 2668 u8 pin_len = 0; 2669 2670 BT_DBG("%s", hdev->name); 2671 2672 hci_dev_lock(hdev); 2673 2674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2675 if (conn) { 2676 hci_conn_hold(conn); 2677 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2678 pin_len = conn->pin_length; 2679 2680 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2681 conn->key_type = ev->key_type; 2682 2683 hci_conn_drop(conn); 2684 } 2685 2686 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 2687 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key, 2688 ev->key_type, pin_len); 2689 2690 hci_dev_unlock(hdev); 2691 } 2692 2693 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 2694 { 2695 struct hci_ev_clock_offset *ev = (void *) skb->data; 2696 struct hci_conn *conn; 2697 2698 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2699 2700 hci_dev_lock(hdev); 2701 2702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2703 if (conn && !ev->status) { 2704 struct inquiry_entry *ie; 2705 2706 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2707 if (ie) { 2708 ie->data.clock_offset = ev->clock_offset; 2709 ie->timestamp = jiffies; 2710 } 2711 } 2712 2713 hci_dev_unlock(hdev); 2714 } 2715 2716 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2717 { 2718 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2719 struct hci_conn *conn; 2720 2721 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2722 2723 hci_dev_lock(hdev); 2724 2725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2726 if (conn && !ev->status) 2727 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 2728 2729 hci_dev_unlock(hdev); 2730 } 2731 2732 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 2733 { 2734 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 2735 struct inquiry_entry *ie; 2736 2737 BT_DBG("%s", hdev->name); 2738 2739 hci_dev_lock(hdev); 2740 2741 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2742 if (ie) { 2743 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 2744 ie->timestamp = jiffies; 2745 } 2746 2747 hci_dev_unlock(hdev); 2748 } 2749 2750 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, 2751 struct sk_buff *skb) 2752 { 2753 struct inquiry_data data; 2754 int num_rsp = *((__u8 *) skb->data); 2755 bool name_known, ssp; 2756 2757 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2758 2759 if (!num_rsp) 2760 return; 2761 2762 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 2763 return; 2764 2765 hci_dev_lock(hdev); 2766 2767 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2768 struct inquiry_info_with_rssi_and_pscan_mode *info; 2769 info = (void *) (skb->data + 1); 2770 2771 for (; num_rsp; num_rsp--, info++) { 2772 bacpy(&data.bdaddr, &info->bdaddr); 2773 data.pscan_rep_mode = info->pscan_rep_mode; 2774 data.pscan_period_mode = info->pscan_period_mode; 2775 data.pscan_mode = info->pscan_mode; 2776 memcpy(data.dev_class, info->dev_class, 3); 2777 data.clock_offset = info->clock_offset; 2778 data.rssi = info->rssi; 2779 data.ssp_mode = 0x00; 2780 2781 name_known = hci_inquiry_cache_update(hdev, &data, 2782 false, &ssp); 2783 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2784 info->dev_class, info->rssi, 2785 !name_known, ssp, NULL, 0); 2786 } 2787 } else { 2788 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2789 2790 for (; num_rsp; num_rsp--, info++) { 2791 bacpy(&data.bdaddr, &info->bdaddr); 2792 data.pscan_rep_mode = info->pscan_rep_mode; 2793 data.pscan_period_mode = info->pscan_period_mode; 2794 data.pscan_mode = 0x00; 2795 memcpy(data.dev_class, info->dev_class, 3); 2796 data.clock_offset = info->clock_offset; 2797 data.rssi = info->rssi; 2798 data.ssp_mode = 0x00; 2799 name_known = hci_inquiry_cache_update(hdev, &data, 2800 false, &ssp); 2801 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2802 info->dev_class, info->rssi, 2803 !name_known, ssp, NULL, 0); 2804 } 2805 } 2806 2807 hci_dev_unlock(hdev); 2808 } 2809 2810 static void hci_remote_ext_features_evt(struct hci_dev *hdev, 2811 struct sk_buff *skb) 2812 { 2813 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 2814 struct hci_conn *conn; 2815 2816 BT_DBG("%s", hdev->name); 2817 2818 hci_dev_lock(hdev); 2819 2820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2821 if (!conn) 2822 goto unlock; 2823 2824 if (ev->page < HCI_MAX_PAGES) 2825 memcpy(conn->features[ev->page], ev->features, 8); 2826 2827 if (!ev->status && ev->page == 0x01) { 2828 struct inquiry_entry *ie; 2829 2830 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2831 if (ie) 2832 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 2833 2834 if (ev->features[0] & LMP_HOST_SSP) { 2835 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 2836 } else { 2837 /* It is mandatory by the Bluetooth specification that 2838 * Extended Inquiry Results are only used when Secure 2839 * Simple Pairing is enabled, but some devices violate 2840 * this. 2841 * 2842 * To make these devices work, the internal SSP 2843 * enabled flag needs to be cleared if the remote host 2844 * features do not indicate SSP support */ 2845 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 2846 } 2847 } 2848 2849 if (conn->state != BT_CONFIG) 2850 goto unlock; 2851 2852 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 2853 struct hci_cp_remote_name_req cp; 2854 memset(&cp, 0, sizeof(cp)); 2855 bacpy(&cp.bdaddr, &conn->dst); 2856 cp.pscan_rep_mode = 0x02; 2857 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2858 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 2859 mgmt_device_connected(hdev, &conn->dst, conn->type, 2860 conn->dst_type, 0, NULL, 0, 2861 conn->dev_class); 2862 2863 if (!hci_outgoing_auth_needed(hdev, conn)) { 2864 conn->state = BT_CONNECTED; 2865 hci_proto_connect_cfm(conn, ev->status); 2866 hci_conn_drop(conn); 2867 } 2868 2869 unlock: 2870 hci_dev_unlock(hdev); 2871 } 2872 2873 static void hci_sync_conn_complete_evt(struct hci_dev *hdev, 2874 struct sk_buff *skb) 2875 { 2876 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2877 struct hci_conn *conn; 2878 2879 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 2880 2881 hci_dev_lock(hdev); 2882 2883 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 2884 if (!conn) { 2885 if (ev->link_type == ESCO_LINK) 2886 goto unlock; 2887 2888 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 2889 if (!conn) 2890 goto unlock; 2891 2892 conn->type = SCO_LINK; 2893 } 2894 2895 switch (ev->status) { 2896 case 0x00: 2897 conn->handle = __le16_to_cpu(ev->handle); 2898 conn->state = BT_CONNECTED; 2899 2900 hci_conn_add_sysfs(conn); 2901 break; 2902 2903 case 0x0d: /* Connection Rejected due to Limited Resources */ 2904 case 0x11: /* Unsupported Feature or Parameter Value */ 2905 case 0x1c: /* SCO interval rejected */ 2906 case 0x1a: /* Unsupported Remote Feature */ 2907 case 0x1f: /* Unspecified error */ 2908 if (conn->out) { 2909 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2910 (hdev->esco_type & EDR_ESCO_MASK); 2911 if (hci_setup_sync(conn, conn->link->handle)) 2912 goto unlock; 2913 } 2914 /* fall through */ 2915 2916 default: 2917 conn->state = BT_CLOSED; 2918 break; 2919 } 2920 2921 hci_proto_connect_cfm(conn, ev->status); 2922 if (ev->status) 2923 hci_conn_del(conn); 2924 2925 unlock: 2926 hci_dev_unlock(hdev); 2927 } 2928 2929 static inline size_t eir_get_length(u8 *eir, size_t eir_len) 2930 { 2931 size_t parsed = 0; 2932 2933 while (parsed < eir_len) { 2934 u8 field_len = eir[0]; 2935 2936 if (field_len == 0) 2937 return parsed; 2938 2939 parsed += field_len + 1; 2940 eir += field_len + 1; 2941 } 2942 2943 return eir_len; 2944 } 2945 2946 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, 2947 struct sk_buff *skb) 2948 { 2949 struct inquiry_data data; 2950 struct extended_inquiry_info *info = (void *) (skb->data + 1); 2951 int num_rsp = *((__u8 *) skb->data); 2952 size_t eir_len; 2953 2954 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2955 2956 if (!num_rsp) 2957 return; 2958 2959 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) 2960 return; 2961 2962 hci_dev_lock(hdev); 2963 2964 for (; num_rsp; num_rsp--, info++) { 2965 bool name_known, ssp; 2966 2967 bacpy(&data.bdaddr, &info->bdaddr); 2968 data.pscan_rep_mode = info->pscan_rep_mode; 2969 data.pscan_period_mode = info->pscan_period_mode; 2970 data.pscan_mode = 0x00; 2971 memcpy(data.dev_class, info->dev_class, 3); 2972 data.clock_offset = info->clock_offset; 2973 data.rssi = info->rssi; 2974 data.ssp_mode = 0x01; 2975 2976 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 2977 name_known = eir_has_data_type(info->data, 2978 sizeof(info->data), 2979 EIR_NAME_COMPLETE); 2980 else 2981 name_known = true; 2982 2983 name_known = hci_inquiry_cache_update(hdev, &data, name_known, 2984 &ssp); 2985 eir_len = eir_get_length(info->data, sizeof(info->data)); 2986 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2987 info->dev_class, info->rssi, !name_known, 2988 ssp, info->data, eir_len); 2989 } 2990 2991 hci_dev_unlock(hdev); 2992 } 2993 2994 static void hci_key_refresh_complete_evt(struct hci_dev *hdev, 2995 struct sk_buff *skb) 2996 { 2997 struct hci_ev_key_refresh_complete *ev = (void *) skb->data; 2998 struct hci_conn *conn; 2999 3000 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status, 3001 __le16_to_cpu(ev->handle)); 3002 3003 hci_dev_lock(hdev); 3004 3005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3006 if (!conn) 3007 goto unlock; 3008 3009 if (!ev->status) 3010 conn->sec_level = conn->pending_sec_level; 3011 3012 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 3013 3014 if (ev->status && conn->state == BT_CONNECTED) { 3015 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 3016 hci_conn_drop(conn); 3017 goto unlock; 3018 } 3019 3020 if (conn->state == BT_CONFIG) { 3021 if (!ev->status) 3022 conn->state = BT_CONNECTED; 3023 3024 hci_proto_connect_cfm(conn, ev->status); 3025 hci_conn_drop(conn); 3026 } else { 3027 hci_auth_cfm(conn, ev->status); 3028 3029 hci_conn_hold(conn); 3030 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 3031 hci_conn_drop(conn); 3032 } 3033 3034 unlock: 3035 hci_dev_unlock(hdev); 3036 } 3037 3038 static u8 hci_get_auth_req(struct hci_conn *conn) 3039 { 3040 /* If remote requests dedicated bonding follow that lead */ 3041 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING || 3042 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) { 3043 /* If both remote and local IO capabilities allow MITM 3044 * protection then require it, otherwise don't */ 3045 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT || 3046 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT) 3047 return HCI_AT_DEDICATED_BONDING; 3048 else 3049 return HCI_AT_DEDICATED_BONDING_MITM; 3050 } 3051 3052 /* If remote requests no-bonding follow that lead */ 3053 if (conn->remote_auth == HCI_AT_NO_BONDING || 3054 conn->remote_auth == HCI_AT_NO_BONDING_MITM) 3055 return conn->remote_auth | (conn->auth_type & 0x01); 3056 3057 return conn->auth_type; 3058 } 3059 3060 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3061 { 3062 struct hci_ev_io_capa_request *ev = (void *) skb->data; 3063 struct hci_conn *conn; 3064 3065 BT_DBG("%s", hdev->name); 3066 3067 hci_dev_lock(hdev); 3068 3069 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3070 if (!conn) 3071 goto unlock; 3072 3073 hci_conn_hold(conn); 3074 3075 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3076 goto unlock; 3077 3078 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) || 3079 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 3080 struct hci_cp_io_capability_reply cp; 3081 3082 bacpy(&cp.bdaddr, &ev->bdaddr); 3083 /* Change the IO capability from KeyboardDisplay 3084 * to DisplayYesNo as it is not supported by BT spec. */ 3085 cp.capability = (conn->io_capability == 0x04) ? 3086 HCI_IO_DISPLAY_YESNO : conn->io_capability; 3087 conn->auth_type = hci_get_auth_req(conn); 3088 cp.authentication = conn->auth_type; 3089 3090 if (hci_find_remote_oob_data(hdev, &conn->dst) && 3091 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) 3092 cp.oob_data = 0x01; 3093 else 3094 cp.oob_data = 0x00; 3095 3096 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY, 3097 sizeof(cp), &cp); 3098 } else { 3099 struct hci_cp_io_capability_neg_reply cp; 3100 3101 bacpy(&cp.bdaddr, &ev->bdaddr); 3102 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED; 3103 3104 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 3105 sizeof(cp), &cp); 3106 } 3107 3108 unlock: 3109 hci_dev_unlock(hdev); 3110 } 3111 3112 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 3113 { 3114 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 3115 struct hci_conn *conn; 3116 3117 BT_DBG("%s", hdev->name); 3118 3119 hci_dev_lock(hdev); 3120 3121 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3122 if (!conn) 3123 goto unlock; 3124 3125 conn->remote_cap = ev->capability; 3126 conn->remote_auth = ev->authentication; 3127 if (ev->oob_data) 3128 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags); 3129 3130 unlock: 3131 hci_dev_unlock(hdev); 3132 } 3133 3134 static void hci_user_confirm_request_evt(struct hci_dev *hdev, 3135 struct sk_buff *skb) 3136 { 3137 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 3138 int loc_mitm, rem_mitm, confirm_hint = 0; 3139 struct hci_conn *conn; 3140 3141 BT_DBG("%s", hdev->name); 3142 3143 hci_dev_lock(hdev); 3144 3145 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3146 goto unlock; 3147 3148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3149 if (!conn) 3150 goto unlock; 3151 3152 loc_mitm = (conn->auth_type & 0x01); 3153 rem_mitm = (conn->remote_auth & 0x01); 3154 3155 /* If we require MITM but the remote device can't provide that 3156 * (it has NoInputNoOutput) then reject the confirmation 3157 * request. The only exception is when we're dedicated bonding 3158 * initiators (connect_cfm_cb set) since then we always have the MITM 3159 * bit set. */ 3160 if (!conn->connect_cfm_cb && loc_mitm && 3161 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) { 3162 BT_DBG("Rejecting request: remote device can't provide MITM"); 3163 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, 3164 sizeof(ev->bdaddr), &ev->bdaddr); 3165 goto unlock; 3166 } 3167 3168 /* If no side requires MITM protection; auto-accept */ 3169 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && 3170 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { 3171 3172 /* If we're not the initiators request authorization to 3173 * proceed from user space (mgmt_user_confirm with 3174 * confirm_hint set to 1). */ 3175 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 3176 BT_DBG("Confirming auto-accept as acceptor"); 3177 confirm_hint = 1; 3178 goto confirm; 3179 } 3180 3181 BT_DBG("Auto-accept of user confirmation with %ums delay", 3182 hdev->auto_accept_delay); 3183 3184 if (hdev->auto_accept_delay > 0) { 3185 int delay = msecs_to_jiffies(hdev->auto_accept_delay); 3186 queue_delayed_work(conn->hdev->workqueue, 3187 &conn->auto_accept_work, delay); 3188 goto unlock; 3189 } 3190 3191 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, 3192 sizeof(ev->bdaddr), &ev->bdaddr); 3193 goto unlock; 3194 } 3195 3196 confirm: 3197 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey, 3198 confirm_hint); 3199 3200 unlock: 3201 hci_dev_unlock(hdev); 3202 } 3203 3204 static void hci_user_passkey_request_evt(struct hci_dev *hdev, 3205 struct sk_buff *skb) 3206 { 3207 struct hci_ev_user_passkey_req *ev = (void *) skb->data; 3208 3209 BT_DBG("%s", hdev->name); 3210 3211 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3212 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0); 3213 } 3214 3215 static void hci_user_passkey_notify_evt(struct hci_dev *hdev, 3216 struct sk_buff *skb) 3217 { 3218 struct hci_ev_user_passkey_notify *ev = (void *) skb->data; 3219 struct hci_conn *conn; 3220 3221 BT_DBG("%s", hdev->name); 3222 3223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3224 if (!conn) 3225 return; 3226 3227 conn->passkey_notify = __le32_to_cpu(ev->passkey); 3228 conn->passkey_entered = 0; 3229 3230 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3231 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, 3232 conn->dst_type, conn->passkey_notify, 3233 conn->passkey_entered); 3234 } 3235 3236 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 3237 { 3238 struct hci_ev_keypress_notify *ev = (void *) skb->data; 3239 struct hci_conn *conn; 3240 3241 BT_DBG("%s", hdev->name); 3242 3243 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3244 if (!conn) 3245 return; 3246 3247 switch (ev->type) { 3248 case HCI_KEYPRESS_STARTED: 3249 conn->passkey_entered = 0; 3250 return; 3251 3252 case HCI_KEYPRESS_ENTERED: 3253 conn->passkey_entered++; 3254 break; 3255 3256 case HCI_KEYPRESS_ERASED: 3257 conn->passkey_entered--; 3258 break; 3259 3260 case HCI_KEYPRESS_CLEARED: 3261 conn->passkey_entered = 0; 3262 break; 3263 3264 case HCI_KEYPRESS_COMPLETED: 3265 return; 3266 } 3267 3268 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 3269 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type, 3270 conn->dst_type, conn->passkey_notify, 3271 conn->passkey_entered); 3272 } 3273 3274 static void hci_simple_pair_complete_evt(struct hci_dev *hdev, 3275 struct sk_buff *skb) 3276 { 3277 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 3278 struct hci_conn *conn; 3279 3280 BT_DBG("%s", hdev->name); 3281 3282 hci_dev_lock(hdev); 3283 3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3285 if (!conn) 3286 goto unlock; 3287 3288 /* To avoid duplicate auth_failed events to user space we check 3289 * the HCI_CONN_AUTH_PEND flag which will be set if we 3290 * initiated the authentication. A traditional auth_complete 3291 * event gets always produced as initiator and is also mapped to 3292 * the mgmt_auth_failed event */ 3293 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status) 3294 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 3295 ev->status); 3296 3297 hci_conn_drop(conn); 3298 3299 unlock: 3300 hci_dev_unlock(hdev); 3301 } 3302 3303 static void hci_remote_host_features_evt(struct hci_dev *hdev, 3304 struct sk_buff *skb) 3305 { 3306 struct hci_ev_remote_host_features *ev = (void *) skb->data; 3307 struct inquiry_entry *ie; 3308 struct hci_conn *conn; 3309 3310 BT_DBG("%s", hdev->name); 3311 3312 hci_dev_lock(hdev); 3313 3314 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3315 if (conn) 3316 memcpy(conn->features[1], ev->features, 8); 3317 3318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3319 if (ie) 3320 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3321 3322 hci_dev_unlock(hdev); 3323 } 3324 3325 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 3326 struct sk_buff *skb) 3327 { 3328 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 3329 struct oob_data *data; 3330 3331 BT_DBG("%s", hdev->name); 3332 3333 hci_dev_lock(hdev); 3334 3335 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3336 goto unlock; 3337 3338 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 3339 if (data) { 3340 struct hci_cp_remote_oob_data_reply cp; 3341 3342 bacpy(&cp.bdaddr, &ev->bdaddr); 3343 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 3344 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 3345 3346 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp), 3347 &cp); 3348 } else { 3349 struct hci_cp_remote_oob_data_neg_reply cp; 3350 3351 bacpy(&cp.bdaddr, &ev->bdaddr); 3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp), 3353 &cp); 3354 } 3355 3356 unlock: 3357 hci_dev_unlock(hdev); 3358 } 3359 3360 static void hci_phy_link_complete_evt(struct hci_dev *hdev, 3361 struct sk_buff *skb) 3362 { 3363 struct hci_ev_phy_link_complete *ev = (void *) skb->data; 3364 struct hci_conn *hcon, *bredr_hcon; 3365 3366 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle, 3367 ev->status); 3368 3369 hci_dev_lock(hdev); 3370 3371 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3372 if (!hcon) { 3373 hci_dev_unlock(hdev); 3374 return; 3375 } 3376 3377 if (ev->status) { 3378 hci_conn_del(hcon); 3379 hci_dev_unlock(hdev); 3380 return; 3381 } 3382 3383 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon; 3384 3385 hcon->state = BT_CONNECTED; 3386 bacpy(&hcon->dst, &bredr_hcon->dst); 3387 3388 hci_conn_hold(hcon); 3389 hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3390 hci_conn_drop(hcon); 3391 3392 hci_conn_add_sysfs(hcon); 3393 3394 amp_physical_cfm(bredr_hcon, hcon); 3395 3396 hci_dev_unlock(hdev); 3397 } 3398 3399 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3400 { 3401 struct hci_ev_logical_link_complete *ev = (void *) skb->data; 3402 struct hci_conn *hcon; 3403 struct hci_chan *hchan; 3404 struct amp_mgr *mgr; 3405 3406 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x", 3407 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle, 3408 ev->status); 3409 3410 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3411 if (!hcon) 3412 return; 3413 3414 /* Create AMP hchan */ 3415 hchan = hci_chan_create(hcon); 3416 if (!hchan) 3417 return; 3418 3419 hchan->handle = le16_to_cpu(ev->handle); 3420 3421 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan); 3422 3423 mgr = hcon->amp_mgr; 3424 if (mgr && mgr->bredr_chan) { 3425 struct l2cap_chan *bredr_chan = mgr->bredr_chan; 3426 3427 l2cap_chan_lock(bredr_chan); 3428 3429 bredr_chan->conn->mtu = hdev->block_mtu; 3430 l2cap_logical_cfm(bredr_chan, hchan, 0); 3431 hci_conn_hold(hcon); 3432 3433 l2cap_chan_unlock(bredr_chan); 3434 } 3435 } 3436 3437 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev, 3438 struct sk_buff *skb) 3439 { 3440 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data; 3441 struct hci_chan *hchan; 3442 3443 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name, 3444 le16_to_cpu(ev->handle), ev->status); 3445 3446 if (ev->status) 3447 return; 3448 3449 hci_dev_lock(hdev); 3450 3451 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle)); 3452 if (!hchan) 3453 goto unlock; 3454 3455 amp_destroy_logical_link(hchan, ev->reason); 3456 3457 unlock: 3458 hci_dev_unlock(hdev); 3459 } 3460 3461 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev, 3462 struct sk_buff *skb) 3463 { 3464 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data; 3465 struct hci_conn *hcon; 3466 3467 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3468 3469 if (ev->status) 3470 return; 3471 3472 hci_dev_lock(hdev); 3473 3474 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3475 if (hcon) { 3476 hcon->state = BT_CLOSED; 3477 hci_conn_del(hcon); 3478 } 3479 3480 hci_dev_unlock(hdev); 3481 } 3482 3483 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3484 { 3485 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3486 struct hci_conn *conn; 3487 3488 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 3489 3490 hci_dev_lock(hdev); 3491 3492 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 3493 if (!conn) { 3494 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr); 3495 if (!conn) { 3496 BT_ERR("No memory for new connection"); 3497 goto unlock; 3498 } 3499 3500 conn->dst_type = ev->bdaddr_type; 3501 3502 /* The advertising parameters for own address type 3503 * define which source address and source address 3504 * type this connections has. 3505 */ 3506 if (bacmp(&conn->src, BDADDR_ANY)) { 3507 conn->src_type = ADDR_LE_DEV_PUBLIC; 3508 } else { 3509 bacpy(&conn->src, &hdev->static_addr); 3510 conn->src_type = ADDR_LE_DEV_RANDOM; 3511 } 3512 3513 if (ev->role == LE_CONN_ROLE_MASTER) { 3514 conn->out = true; 3515 conn->link_mode |= HCI_LM_MASTER; 3516 } 3517 } 3518 3519 if (ev->status) { 3520 mgmt_connect_failed(hdev, &conn->dst, conn->type, 3521 conn->dst_type, ev->status); 3522 hci_proto_connect_cfm(conn, ev->status); 3523 conn->state = BT_CLOSED; 3524 hci_conn_del(conn); 3525 goto unlock; 3526 } 3527 3528 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 3529 mgmt_device_connected(hdev, &ev->bdaddr, conn->type, 3530 conn->dst_type, 0, NULL, 0, NULL); 3531 3532 conn->sec_level = BT_SECURITY_LOW; 3533 conn->handle = __le16_to_cpu(ev->handle); 3534 conn->state = BT_CONNECTED; 3535 3536 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags)) 3537 set_bit(HCI_CONN_6LOWPAN, &conn->flags); 3538 3539 hci_conn_add_sysfs(conn); 3540 3541 hci_proto_connect_cfm(conn, ev->status); 3542 3543 unlock: 3544 hci_dev_unlock(hdev); 3545 } 3546 3547 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) 3548 { 3549 u8 num_reports = skb->data[0]; 3550 void *ptr = &skb->data[1]; 3551 s8 rssi; 3552 3553 while (num_reports--) { 3554 struct hci_ev_le_advertising_info *ev = ptr; 3555 3556 rssi = ev->data[ev->length]; 3557 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type, 3558 NULL, rssi, 0, 1, ev->data, ev->length); 3559 3560 ptr += sizeof(*ev) + ev->length + 1; 3561 } 3562 } 3563 3564 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 3565 { 3566 struct hci_ev_le_ltk_req *ev = (void *) skb->data; 3567 struct hci_cp_le_ltk_reply cp; 3568 struct hci_cp_le_ltk_neg_reply neg; 3569 struct hci_conn *conn; 3570 struct smp_ltk *ltk; 3571 3572 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle)); 3573 3574 hci_dev_lock(hdev); 3575 3576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 3577 if (conn == NULL) 3578 goto not_found; 3579 3580 ltk = hci_find_ltk(hdev, ev->ediv, ev->random); 3581 if (ltk == NULL) 3582 goto not_found; 3583 3584 memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); 3585 cp.handle = cpu_to_le16(conn->handle); 3586 3587 if (ltk->authenticated) 3588 conn->pending_sec_level = BT_SECURITY_HIGH; 3589 else 3590 conn->pending_sec_level = BT_SECURITY_MEDIUM; 3591 3592 conn->enc_key_size = ltk->enc_size; 3593 3594 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 3595 3596 if (ltk->type & HCI_SMP_STK) { 3597 list_del(<k->list); 3598 kfree(ltk); 3599 } 3600 3601 hci_dev_unlock(hdev); 3602 3603 return; 3604 3605 not_found: 3606 neg.handle = ev->handle; 3607 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg); 3608 hci_dev_unlock(hdev); 3609 } 3610 3611 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 3612 { 3613 struct hci_ev_le_meta *le_ev = (void *) skb->data; 3614 3615 skb_pull(skb, sizeof(*le_ev)); 3616 3617 switch (le_ev->subevent) { 3618 case HCI_EV_LE_CONN_COMPLETE: 3619 hci_le_conn_complete_evt(hdev, skb); 3620 break; 3621 3622 case HCI_EV_LE_ADVERTISING_REPORT: 3623 hci_le_adv_report_evt(hdev, skb); 3624 break; 3625 3626 case HCI_EV_LE_LTK_REQ: 3627 hci_le_ltk_request_evt(hdev, skb); 3628 break; 3629 3630 default: 3631 break; 3632 } 3633 } 3634 3635 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb) 3636 { 3637 struct hci_ev_channel_selected *ev = (void *) skb->data; 3638 struct hci_conn *hcon; 3639 3640 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle); 3641 3642 skb_pull(skb, sizeof(*ev)); 3643 3644 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle); 3645 if (!hcon) 3646 return; 3647 3648 amp_read_loc_assoc_final_data(hdev, hcon); 3649 } 3650 3651 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 3652 { 3653 struct hci_event_hdr *hdr = (void *) skb->data; 3654 __u8 event = hdr->evt; 3655 3656 hci_dev_lock(hdev); 3657 3658 /* Received events are (currently) only needed when a request is 3659 * ongoing so avoid unnecessary memory allocation. 3660 */ 3661 if (hdev->req_status == HCI_REQ_PEND) { 3662 kfree_skb(hdev->recv_evt); 3663 hdev->recv_evt = skb_clone(skb, GFP_KERNEL); 3664 } 3665 3666 hci_dev_unlock(hdev); 3667 3668 skb_pull(skb, HCI_EVENT_HDR_SIZE); 3669 3670 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) { 3671 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; 3672 u16 opcode = __le16_to_cpu(cmd_hdr->opcode); 3673 3674 hci_req_cmd_complete(hdev, opcode, 0); 3675 } 3676 3677 switch (event) { 3678 case HCI_EV_INQUIRY_COMPLETE: 3679 hci_inquiry_complete_evt(hdev, skb); 3680 break; 3681 3682 case HCI_EV_INQUIRY_RESULT: 3683 hci_inquiry_result_evt(hdev, skb); 3684 break; 3685 3686 case HCI_EV_CONN_COMPLETE: 3687 hci_conn_complete_evt(hdev, skb); 3688 break; 3689 3690 case HCI_EV_CONN_REQUEST: 3691 hci_conn_request_evt(hdev, skb); 3692 break; 3693 3694 case HCI_EV_DISCONN_COMPLETE: 3695 hci_disconn_complete_evt(hdev, skb); 3696 break; 3697 3698 case HCI_EV_AUTH_COMPLETE: 3699 hci_auth_complete_evt(hdev, skb); 3700 break; 3701 3702 case HCI_EV_REMOTE_NAME: 3703 hci_remote_name_evt(hdev, skb); 3704 break; 3705 3706 case HCI_EV_ENCRYPT_CHANGE: 3707 hci_encrypt_change_evt(hdev, skb); 3708 break; 3709 3710 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 3711 hci_change_link_key_complete_evt(hdev, skb); 3712 break; 3713 3714 case HCI_EV_REMOTE_FEATURES: 3715 hci_remote_features_evt(hdev, skb); 3716 break; 3717 3718 case HCI_EV_CMD_COMPLETE: 3719 hci_cmd_complete_evt(hdev, skb); 3720 break; 3721 3722 case HCI_EV_CMD_STATUS: 3723 hci_cmd_status_evt(hdev, skb); 3724 break; 3725 3726 case HCI_EV_ROLE_CHANGE: 3727 hci_role_change_evt(hdev, skb); 3728 break; 3729 3730 case HCI_EV_NUM_COMP_PKTS: 3731 hci_num_comp_pkts_evt(hdev, skb); 3732 break; 3733 3734 case HCI_EV_MODE_CHANGE: 3735 hci_mode_change_evt(hdev, skb); 3736 break; 3737 3738 case HCI_EV_PIN_CODE_REQ: 3739 hci_pin_code_request_evt(hdev, skb); 3740 break; 3741 3742 case HCI_EV_LINK_KEY_REQ: 3743 hci_link_key_request_evt(hdev, skb); 3744 break; 3745 3746 case HCI_EV_LINK_KEY_NOTIFY: 3747 hci_link_key_notify_evt(hdev, skb); 3748 break; 3749 3750 case HCI_EV_CLOCK_OFFSET: 3751 hci_clock_offset_evt(hdev, skb); 3752 break; 3753 3754 case HCI_EV_PKT_TYPE_CHANGE: 3755 hci_pkt_type_change_evt(hdev, skb); 3756 break; 3757 3758 case HCI_EV_PSCAN_REP_MODE: 3759 hci_pscan_rep_mode_evt(hdev, skb); 3760 break; 3761 3762 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 3763 hci_inquiry_result_with_rssi_evt(hdev, skb); 3764 break; 3765 3766 case HCI_EV_REMOTE_EXT_FEATURES: 3767 hci_remote_ext_features_evt(hdev, skb); 3768 break; 3769 3770 case HCI_EV_SYNC_CONN_COMPLETE: 3771 hci_sync_conn_complete_evt(hdev, skb); 3772 break; 3773 3774 case HCI_EV_EXTENDED_INQUIRY_RESULT: 3775 hci_extended_inquiry_result_evt(hdev, skb); 3776 break; 3777 3778 case HCI_EV_KEY_REFRESH_COMPLETE: 3779 hci_key_refresh_complete_evt(hdev, skb); 3780 break; 3781 3782 case HCI_EV_IO_CAPA_REQUEST: 3783 hci_io_capa_request_evt(hdev, skb); 3784 break; 3785 3786 case HCI_EV_IO_CAPA_REPLY: 3787 hci_io_capa_reply_evt(hdev, skb); 3788 break; 3789 3790 case HCI_EV_USER_CONFIRM_REQUEST: 3791 hci_user_confirm_request_evt(hdev, skb); 3792 break; 3793 3794 case HCI_EV_USER_PASSKEY_REQUEST: 3795 hci_user_passkey_request_evt(hdev, skb); 3796 break; 3797 3798 case HCI_EV_USER_PASSKEY_NOTIFY: 3799 hci_user_passkey_notify_evt(hdev, skb); 3800 break; 3801 3802 case HCI_EV_KEYPRESS_NOTIFY: 3803 hci_keypress_notify_evt(hdev, skb); 3804 break; 3805 3806 case HCI_EV_SIMPLE_PAIR_COMPLETE: 3807 hci_simple_pair_complete_evt(hdev, skb); 3808 break; 3809 3810 case HCI_EV_REMOTE_HOST_FEATURES: 3811 hci_remote_host_features_evt(hdev, skb); 3812 break; 3813 3814 case HCI_EV_LE_META: 3815 hci_le_meta_evt(hdev, skb); 3816 break; 3817 3818 case HCI_EV_CHANNEL_SELECTED: 3819 hci_chan_selected_evt(hdev, skb); 3820 break; 3821 3822 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 3823 hci_remote_oob_data_request_evt(hdev, skb); 3824 break; 3825 3826 case HCI_EV_PHY_LINK_COMPLETE: 3827 hci_phy_link_complete_evt(hdev, skb); 3828 break; 3829 3830 case HCI_EV_LOGICAL_LINK_COMPLETE: 3831 hci_loglink_complete_evt(hdev, skb); 3832 break; 3833 3834 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE: 3835 hci_disconn_loglink_complete_evt(hdev, skb); 3836 break; 3837 3838 case HCI_EV_DISCONN_PHY_LINK_COMPLETE: 3839 hci_disconn_phylink_complete_evt(hdev, skb); 3840 break; 3841 3842 case HCI_EV_NUM_COMP_BLOCKS: 3843 hci_num_comp_blocks_evt(hdev, skb); 3844 break; 3845 3846 default: 3847 BT_DBG("%s event 0x%2.2x", hdev->name, event); 3848 break; 3849 } 3850 3851 kfree_skb(skb); 3852 hdev->stat.evt_rx++; 3853 } 3854