1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/export.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
33
34
35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
36{
37 __u8 status = *((__u8 *) skb->data);
38
39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
40
41 if (status) {
42 hci_dev_lock(hdev);
43 mgmt_stop_discovery_failed(hdev, status);
44 hci_dev_unlock(hdev);
45 return;
46 }
47
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49
50 hci_dev_lock(hdev);
51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
52 hci_dev_unlock(hdev);
53
54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
55
56 hci_conn_check_pending(hdev);
57}
58
59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
69}
70
71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
74
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
76
77 if (status)
78 return;
79
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
109 }
110
111 hci_dev_unlock(hdev);
112}
113
114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134{
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
137 void *sent;
138
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
140
141 if (rp->status)
142 return;
143
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
147
148 hci_dev_lock(hdev);
149
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 if (conn)
152 conn->link_policy = get_unaligned_le16(sent + 2);
153
154 hci_dev_unlock(hdev);
155}
156
157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
186}
187
188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
191
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
193
194 clear_bit(HCI_RESET, &hdev->flags);
195
196 hci_req_complete(hdev, HCI_OP_RESET, status);
197
198
199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
201
202 hdev->discovery.state = DISCOVERY_STOPPED;
203}
204
205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
209
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
211
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
215
216 hci_dev_lock(hdev);
217
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222
223 hci_dev_unlock(hdev);
224
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233
234 if (rp->status)
235 return;
236
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
259 }
260
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263
264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
265}
266
267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
268{
269 __u8 status = *((__u8 *) skb->data);
270 void *sent;
271
272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
273
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent)
276 return;
277
278 if (!status) {
279 __u8 param = *((__u8 *) sent);
280
281 if (param)
282 set_bit(HCI_ENCRYPT, &hdev->flags);
283 else
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
285 }
286
287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
288}
289
290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
294 void *sent;
295
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
297
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
301
302 param = *((__u8 *) sent);
303
304 hci_dev_lock(hdev);
305
306 if (status != 0) {
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
317 if (!old_iscan)
318 mgmt_discoverable(hdev, 1);
319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
322 to);
323 }
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
333
334done:
335 hci_dev_unlock(hdev);
336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
337}
338
339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
344
345 if (rp->status)
346 return;
347
348 memcpy(hdev->dev_class, rp->dev_class, 3);
349
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
352}
353
354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
358
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
364
365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
374}
375
376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
388 if (hdev->voice_setting == setting)
389 return;
390
391 hdev->voice_setting = setting;
392
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
394
395 if (hdev->notify)
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
397}
398
399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
401{
402 __u8 status = *((__u8 *) skb->data);
403 __u16 setting;
404 void *sent;
405
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
407
408 if (status)
409 return;
410
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
414
415 setting = get_unaligned_le16(sent);
416
417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
421
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
423
424 if (hdev->notify)
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
426}
427
428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
429{
430 __u8 status = *((__u8 *) skb->data);
431
432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
433
434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
435}
436
437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438{
439 __u8 status = *((__u8 *) skb->data);
440 void *sent;
441
442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
450 else if (!status) {
451 if (*((u8 *) sent))
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 else
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 }
456}
457
458static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
459{
460 if (hdev->features[6] & LMP_EXT_INQ)
461 return 2;
462
463 if (hdev->features[3] & LMP_RSSI_INQ)
464 return 1;
465
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
467 hdev->lmp_subver == 0x0757)
468 return 1;
469
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
472 return 1;
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
476 return 1;
477 }
478
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
480 hdev->lmp_subver == 0x1805)
481 return 1;
482
483 return 0;
484}
485
486static void hci_setup_inquiry_mode(struct hci_dev *hdev)
487{
488 u8 mode;
489
490 mode = hci_get_inquiry_mode(hdev);
491
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
493}
494
495static void hci_setup_event_mask(struct hci_dev *hdev)
496{
497
498
499
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
501
502
503
504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
505 return;
506
507 events[4] |= 0x01;
508 events[4] |= 0x02;
509 events[4] |= 0x04;
510 events[5] |= 0x08;
511 events[5] |= 0x10;
512
513 if (hdev->features[3] & LMP_RSSI_INQ)
514 events[4] |= 0x02;
515
516 if (hdev->features[5] & LMP_SNIFF_SUBR)
517 events[5] |= 0x20;
518
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80;
521
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40;
524
525 if (hdev->features[6] & LMP_NO_FLUSH)
526 events[7] |= 0x01;
527
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80;
530
531 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
532 events[6] |= 0x01;
533 events[6] |= 0x02;
534 events[6] |= 0x04;
535 events[6] |= 0x08;
536 events[6] |= 0x10;
537 events[6] |= 0x20;
538 events[7] |= 0x04;
539 events[7] |= 0x08;
540 events[7] |= 0x10;
541
542 }
543
544 if (hdev->features[4] & LMP_LE)
545 events[7] |= 0x20;
546
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
548}
549
550static void hci_setup(struct hci_dev *hdev)
551{
552 if (hdev->dev_type != HCI_BREDR)
553 return;
554
555 hci_setup_event_mask(hdev);
556
557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
559
560 if (lmp_ssp_capable(hdev)) {
561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
562 u8 mode = 0x01;
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
564 sizeof(mode), &mode);
565 } else {
566 struct hci_cp_write_eir cp;
567
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
570
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
572 }
573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
586 &cp);
587 }
588
589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
590 u8 enable = 1;
591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
592 &enable);
593 }
594}
595
596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
599
600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601
602 if (rp->status)
603 goto done;
604
605 hdev->hci_ver = rp->hci_ver;
606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
607 hdev->lmp_ver = rp->lmp_ver;
608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
610
611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
613
614 if (test_bit(HCI_INIT, &hdev->flags))
615 hci_setup(hdev);
616
617done:
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
623 struct hci_cp_write_def_link_policy cp;
624 u16 link_policy = 0;
625
626 if (hdev->features[0] & LMP_RSWITCH)
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (hdev->features[0] & LMP_SNIFF)
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
634
635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
637}
638
639static void hci_cc_read_local_commands(struct hci_dev *hdev,
640 struct sk_buff *skb)
641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643
644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
645
646 if (rp->status)
647 goto done;
648
649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
650
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
653
654done:
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
656}
657
658static void hci_cc_read_local_features(struct hci_dev *hdev,
659 struct sk_buff *skb)
660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
662
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664
665 if (rp->status)
666 return;
667
668 memcpy(hdev->features, rp->features, 8);
669
670
671
672
673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
675
676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
678
679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
683
684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
688
689 if (hdev->features[3] & LMP_ESCO)
690 hdev->esco_type |= (ESCO_EV3);
691
692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
694
695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
697
698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
712}
713
714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
728}
729
730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
731 struct sk_buff *skb)
732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
736
737 if (rp->status)
738 goto done;
739
740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
748
749 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
750 hci_set_le_support(hdev);
751
752done:
753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
757 struct sk_buff *skb)
758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
774
775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
776
777 if (rp->status)
778 return;
779
780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
788 }
789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
795}
796
797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800
801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802
803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
805
806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
807}
808
809static void hci_cc_read_data_block_size(struct hci_dev *hdev,
810 struct sk_buff *skb)
811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815
816 if (rp->status)
817 return;
818
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
822
823 hdev->block_cnt = hdev->num_blocks;
824
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
826 hdev->block_cnt, hdev->block_len);
827
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
829}
830
831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
838}
839
840static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
841 struct sk_buff *skb)
842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846
847 if (rp->status)
848 return;
849
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
860
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
862}
863
864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 __u8 status = *((__u8 *) skb->data);
868
869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872}
873
874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881}
882
883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
884 struct sk_buff *skb)
885{
886 __u8 status = *((__u8 *) skb->data);
887
888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891}
892
893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
894 struct sk_buff *skb)
895{
896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899
900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power;
902
903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
922
923 hci_dev_lock(hdev);
924
925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
927
928 if (rp->status != 0)
929 goto unlock;
930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
933 goto unlock;
934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
938
939unlock:
940 hci_dev_unlock(hdev);
941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
948
949 hci_dev_lock(hdev);
950
951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
953 rp->status);
954
955 hci_dev_unlock(hdev);
956}
957
958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
977
978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
983
984 hci_dev_lock(hdev);
985
986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
988 rp->status);
989
990 hci_dev_unlock(hdev);
991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
994 struct sk_buff *skb)
995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
999
1000 hci_dev_lock(hdev);
1001
1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1004 ACL_LINK, 0, rp->status);
1005
1006 hci_dev_unlock(hdev);
1007}
1008
1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1014
1015 hci_dev_lock(hdev);
1016
1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1019 0, rp->status);
1020
1021 hci_dev_unlock(hdev);
1022}
1023
1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1025 struct sk_buff *skb)
1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028
1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1030
1031 hci_dev_lock(hdev);
1032
1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1035 ACL_LINK, 0, rp->status);
1036
1037 hci_dev_unlock(hdev);
1038}
1039
1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1041 struct sk_buff *skb)
1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044
1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046
1047 hci_dev_lock(hdev);
1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1049 rp->randomizer, rp->status);
1050 hci_dev_unlock(hdev);
1051}
1052
1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 __u8 status = *((__u8 *) skb->data);
1056
1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1060
1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1065 return;
1066 }
1067}
1068
1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1070 struct sk_buff *skb)
1071{
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1074
1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1076
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp)
1079 return;
1080
1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1084
1085 if (status) {
1086 hci_dev_lock(hdev);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
1089 return;
1090 }
1091
1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093
1094 hci_dev_lock(hdev);
1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1096 hci_dev_unlock(hdev);
1097 break;
1098
1099 case LE_SCANNING_DISABLED:
1100 if (status) {
1101 hci_dev_lock(hdev);
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
1104 return;
1105 }
1106
1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1108
1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
1111 mgmt_interleaved_discovery(hdev);
1112 } else {
1113 hci_dev_lock(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1116 }
1117
1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
1123 }
1124}
1125
1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1131
1132 if (rp->status)
1133 return;
1134
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1136}
1137
1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141
1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143
1144 if (rp->status)
1145 return;
1146
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1148}
1149
1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
1152{
1153 struct hci_cp_write_le_host_supported *sent;
1154 __u8 status = *((__u8 *) skb->data);
1155
1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157
1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1159 if (!sent)
1160 return;
1161
1162 if (!status) {
1163 if (sent->le)
1164 hdev->host_features[0] |= LMP_HOST_LE;
1165 else
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1167 }
1168
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1170 !test_bit(HCI_INIT, &hdev->flags))
1171 mgmt_le_enable_complete(hdev, sent->le, status);
1172
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1174}
1175
1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1177{
1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1179
1180 if (status) {
1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1182 hci_conn_check_pending(hdev);
1183 hci_dev_lock(hdev);
1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1185 mgmt_start_discovery_failed(hdev, status);
1186 hci_dev_unlock(hdev);
1187 return;
1188 }
1189
1190 set_bit(HCI_INQUIRY, &hdev->flags);
1191
1192 hci_dev_lock(hdev);
1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1194 hci_dev_unlock(hdev);
1195}
1196
1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1198{
1199 struct hci_cp_create_conn *cp;
1200 struct hci_conn *conn;
1201
1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211
1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1213
1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) {
1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1219 hci_conn_del(conn);
1220 } else
1221 conn->state = BT_CONNECT2;
1222 }
1223 } else {
1224 if (!conn) {
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1226 if (conn) {
1227 conn->out = true;
1228 conn->link_mode |= HCI_LM_MASTER;
1229 } else
1230 BT_ERR("No memory for new connection");
1231 }
1232 }
1233
1234 hci_dev_unlock(hdev);
1235}
1236
1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1238{
1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1241 __u16 handle;
1242
1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1244
1245 if (!status)
1246 return;
1247
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1249 if (!cp)
1250 return;
1251
1252 handle = __le16_to_cpu(cp->handle);
1253
1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1255
1256 hci_dev_lock(hdev);
1257
1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
1259 if (acl) {
1260 sco = acl->link;
1261 if (sco) {
1262 sco->state = BT_CLOSED;
1263
1264 hci_proto_connect_cfm(sco, status);
1265 hci_conn_del(sco);
1266 }
1267 }
1268
1269 hci_dev_unlock(hdev);
1270}
1271
1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1273{
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1276
1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1278
1279 if (!status)
1280 return;
1281
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1283 if (!cp)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn) {
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1292 hci_conn_put(conn);
1293 }
1294 }
1295
1296 hci_dev_unlock(hdev);
1297}
1298
1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1300{
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1303
1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305
1306 if (!status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn) {
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1319 hci_conn_put(conn);
1320 }
1321 }
1322
1323 hci_dev_unlock(hdev);
1324}
1325
1326static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1327 struct hci_conn *conn)
1328{
1329 if (conn->state != BT_CONFIG || !conn->out)
1330 return 0;
1331
1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
1333 return 0;
1334
1335
1336
1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
1339 return 0;
1340
1341 return 1;
1342}
1343
1344static int hci_resolve_name(struct hci_dev *hdev,
1345 struct inquiry_entry *e)
1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
1359static bool hci_resolve_next_name(struct hci_dev *hdev)
1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1368 if (!e)
1369 return false;
1370
1371 if (hci_resolve_name(hdev, e) == 0) {
1372 e->name_state = NAME_PENDING;
1373 return true;
1374 }
1375
1376 return false;
1377}
1378
1379static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1380 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1381{
1382 struct discovery_state *discov = &hdev->discovery;
1383 struct inquiry_entry *e;
1384
1385 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1386 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1387 name_len, conn->dev_class);
1388
1389 if (discov->state == DISCOVERY_STOPPED)
1390 return;
1391
1392 if (discov->state == DISCOVERY_STOPPING)
1393 goto discov_complete;
1394
1395 if (discov->state != DISCOVERY_RESOLVING)
1396 return;
1397
1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1399
1400
1401
1402
1403 if (!e)
1404 return;
1405
1406 list_del(&e->list);
1407 if (name) {
1408 e->name_state = NAME_KNOWN;
1409 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1410 e->data.rssi, name, name_len);
1411 } else {
1412 e->name_state = NAME_NOT_KNOWN;
1413 }
1414
1415 if (hci_resolve_next_name(hdev))
1416 return;
1417
1418discov_complete:
1419 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1420}
1421
1422static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1423{
1424 struct hci_cp_remote_name_req *cp;
1425 struct hci_conn *conn;
1426
1427 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1428
1429
1430
1431 if (!status)
1432 return;
1433
1434 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1435 if (!cp)
1436 return;
1437
1438 hci_dev_lock(hdev);
1439
1440 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1441
1442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1443 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1444
1445 if (!conn)
1446 goto unlock;
1447
1448 if (!hci_outgoing_auth_needed(hdev, conn))
1449 goto unlock;
1450
1451 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1452 struct hci_cp_auth_requested cp;
1453 cp.handle = __cpu_to_le16(conn->handle);
1454 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1455 }
1456
1457unlock:
1458 hci_dev_unlock(hdev);
1459}
1460
1461static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1462{
1463 struct hci_cp_read_remote_features *cp;
1464 struct hci_conn *conn;
1465
1466 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1467
1468 if (!status)
1469 return;
1470
1471 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1472 if (!cp)
1473 return;
1474
1475 hci_dev_lock(hdev);
1476
1477 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1478 if (conn) {
1479 if (conn->state == BT_CONFIG) {
1480 hci_proto_connect_cfm(conn, status);
1481 hci_conn_put(conn);
1482 }
1483 }
1484
1485 hci_dev_unlock(hdev);
1486}
1487
1488static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1489{
1490 struct hci_cp_read_remote_ext_features *cp;
1491 struct hci_conn *conn;
1492
1493 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1494
1495 if (!status)
1496 return;
1497
1498 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1499 if (!cp)
1500 return;
1501
1502 hci_dev_lock(hdev);
1503
1504 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1505 if (conn) {
1506 if (conn->state == BT_CONFIG) {
1507 hci_proto_connect_cfm(conn, status);
1508 hci_conn_put(conn);
1509 }
1510 }
1511
1512 hci_dev_unlock(hdev);
1513}
1514
1515static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1516{
1517 struct hci_cp_setup_sync_conn *cp;
1518 struct hci_conn *acl, *sco;
1519 __u16 handle;
1520
1521 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1522
1523 if (!status)
1524 return;
1525
1526 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1527 if (!cp)
1528 return;
1529
1530 handle = __le16_to_cpu(cp->handle);
1531
1532 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1533
1534 hci_dev_lock(hdev);
1535
1536 acl = hci_conn_hash_lookup_handle(hdev, handle);
1537 if (acl) {
1538 sco = acl->link;
1539 if (sco) {
1540 sco->state = BT_CLOSED;
1541
1542 hci_proto_connect_cfm(sco, status);
1543 hci_conn_del(sco);
1544 }
1545 }
1546
1547 hci_dev_unlock(hdev);
1548}
1549
1550static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1551{
1552 struct hci_cp_sniff_mode *cp;
1553 struct hci_conn *conn;
1554
1555 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1556
1557 if (!status)
1558 return;
1559
1560 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1561 if (!cp)
1562 return;
1563
1564 hci_dev_lock(hdev);
1565
1566 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1567 if (conn) {
1568 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1569
1570 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1571 hci_sco_setup(conn, status);
1572 }
1573
1574 hci_dev_unlock(hdev);
1575}
1576
1577static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1578{
1579 struct hci_cp_exit_sniff_mode *cp;
1580 struct hci_conn *conn;
1581
1582 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1583
1584 if (!status)
1585 return;
1586
1587 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1588 if (!cp)
1589 return;
1590
1591 hci_dev_lock(hdev);
1592
1593 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1594 if (conn) {
1595 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1596
1597 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1598 hci_sco_setup(conn, status);
1599 }
1600
1601 hci_dev_unlock(hdev);
1602}
1603
1604static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1605{
1606 struct hci_cp_disconnect *cp;
1607 struct hci_conn *conn;
1608
1609 if (!status)
1610 return;
1611
1612 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1613 if (!cp)
1614 return;
1615
1616 hci_dev_lock(hdev);
1617
1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1619 if (conn)
1620 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1621 conn->dst_type, status);
1622
1623 hci_dev_unlock(hdev);
1624}
1625
1626static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1627{
1628 struct hci_cp_le_create_conn *cp;
1629 struct hci_conn *conn;
1630
1631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1632
1633 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1634 if (!cp)
1635 return;
1636
1637 hci_dev_lock(hdev);
1638
1639 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1640
1641 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1642 conn);
1643
1644 if (status) {
1645 if (conn && conn->state == BT_CONNECT) {
1646 conn->state = BT_CLOSED;
1647 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1648 conn->dst_type, status);
1649 hci_proto_connect_cfm(conn, status);
1650 hci_conn_del(conn);
1651 }
1652 } else {
1653 if (!conn) {
1654 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1655 if (conn) {
1656 conn->dst_type = cp->peer_addr_type;
1657 conn->out = true;
1658 } else {
1659 BT_ERR("No memory for new connection");
1660 }
1661 }
1662 }
1663
1664 hci_dev_unlock(hdev);
1665}
1666
1667static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1668{
1669 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1670}
1671
1672static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1673{
1674 __u8 status = *((__u8 *) skb->data);
1675 struct discovery_state *discov = &hdev->discovery;
1676 struct inquiry_entry *e;
1677
1678 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1679
1680 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1681
1682 hci_conn_check_pending(hdev);
1683
1684 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1685 return;
1686
1687 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1688 return;
1689
1690 hci_dev_lock(hdev);
1691
1692 if (discov->state != DISCOVERY_FINDING)
1693 goto unlock;
1694
1695 if (list_empty(&discov->resolve)) {
1696 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1697 goto unlock;
1698 }
1699
1700 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1701 if (e && hci_resolve_name(hdev, e) == 0) {
1702 e->name_state = NAME_PENDING;
1703 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1704 } else {
1705 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1706 }
1707
1708unlock:
1709 hci_dev_unlock(hdev);
1710}
1711
1712static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1713{
1714 struct inquiry_data data;
1715 struct inquiry_info *info = (void *) (skb->data + 1);
1716 int num_rsp = *((__u8 *) skb->data);
1717
1718 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1719
1720 if (!num_rsp)
1721 return;
1722
1723 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1724 return;
1725
1726 hci_dev_lock(hdev);
1727
1728 for (; num_rsp; num_rsp--, info++) {
1729 bool name_known, ssp;
1730
1731 bacpy(&data.bdaddr, &info->bdaddr);
1732 data.pscan_rep_mode = info->pscan_rep_mode;
1733 data.pscan_period_mode = info->pscan_period_mode;
1734 data.pscan_mode = info->pscan_mode;
1735 memcpy(data.dev_class, info->dev_class, 3);
1736 data.clock_offset = info->clock_offset;
1737 data.rssi = 0x00;
1738 data.ssp_mode = 0x00;
1739
1740 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1741 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1742 info->dev_class, 0, !name_known, ssp, NULL,
1743 0);
1744 }
1745
1746 hci_dev_unlock(hdev);
1747}
1748
1749static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1750{
1751 struct hci_ev_conn_complete *ev = (void *) skb->data;
1752 struct hci_conn *conn;
1753
1754 BT_DBG("%s", hdev->name);
1755
1756 hci_dev_lock(hdev);
1757
1758 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1759 if (!conn) {
1760 if (ev->link_type != SCO_LINK)
1761 goto unlock;
1762
1763 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1764 if (!conn)
1765 goto unlock;
1766
1767 conn->type = SCO_LINK;
1768 }
1769
1770 if (!ev->status) {
1771 conn->handle = __le16_to_cpu(ev->handle);
1772
1773 if (conn->type == ACL_LINK) {
1774 conn->state = BT_CONFIG;
1775 hci_conn_hold(conn);
1776
1777 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1778 !hci_find_link_key(hdev, &ev->bdaddr))
1779 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1780 else
1781 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1782 } else
1783 conn->state = BT_CONNECTED;
1784
1785 hci_conn_hold_device(conn);
1786 hci_conn_add_sysfs(conn);
1787
1788 if (test_bit(HCI_AUTH, &hdev->flags))
1789 conn->link_mode |= HCI_LM_AUTH;
1790
1791 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1792 conn->link_mode |= HCI_LM_ENCRYPT;
1793
1794
1795 if (conn->type == ACL_LINK) {
1796 struct hci_cp_read_remote_features cp;
1797 cp.handle = ev->handle;
1798 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1799 sizeof(cp), &cp);
1800 }
1801
1802
1803 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1804 struct hci_cp_change_conn_ptype cp;
1805 cp.handle = ev->handle;
1806 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1807 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1808 &cp);
1809 }
1810 } else {
1811 conn->state = BT_CLOSED;
1812 if (conn->type == ACL_LINK)
1813 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1814 conn->dst_type, ev->status);
1815 }
1816
1817 if (conn->type == ACL_LINK)
1818 hci_sco_setup(conn, ev->status);
1819
1820 if (ev->status) {
1821 hci_proto_connect_cfm(conn, ev->status);
1822 hci_conn_del(conn);
1823 } else if (ev->link_type != ACL_LINK)
1824 hci_proto_connect_cfm(conn, ev->status);
1825
1826unlock:
1827 hci_dev_unlock(hdev);
1828
1829 hci_conn_check_pending(hdev);
1830}
1831
1832static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1833{
1834 struct hci_ev_conn_request *ev = (void *) skb->data;
1835 int mask = hdev->link_mode;
1836
1837 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1838 ev->link_type);
1839
1840 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1841
1842 if ((mask & HCI_LM_ACCEPT) &&
1843 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1844
1845 struct inquiry_entry *ie;
1846 struct hci_conn *conn;
1847
1848 hci_dev_lock(hdev);
1849
1850 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1851 if (ie)
1852 memcpy(ie->data.dev_class, ev->dev_class, 3);
1853
1854 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1855 &ev->bdaddr);
1856 if (!conn) {
1857 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1858 if (!conn) {
1859 BT_ERR("No memory for new connection");
1860 hci_dev_unlock(hdev);
1861 return;
1862 }
1863 }
1864
1865 memcpy(conn->dev_class, ev->dev_class, 3);
1866 conn->state = BT_CONNECT;
1867
1868 hci_dev_unlock(hdev);
1869
1870 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1871 struct hci_cp_accept_conn_req cp;
1872
1873 bacpy(&cp.bdaddr, &ev->bdaddr);
1874
1875 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1876 cp.role = 0x00;
1877 else
1878 cp.role = 0x01;
1879
1880 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1881 &cp);
1882 } else {
1883 struct hci_cp_accept_sync_conn_req cp;
1884
1885 bacpy(&cp.bdaddr, &ev->bdaddr);
1886 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1887
1888 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1889 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1890 cp.max_latency = __constant_cpu_to_le16(0xffff);
1891 cp.content_format = cpu_to_le16(hdev->voice_setting);
1892 cp.retrans_effort = 0xff;
1893
1894 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1895 sizeof(cp), &cp);
1896 }
1897 } else {
1898
1899 struct hci_cp_reject_conn_req cp;
1900
1901 bacpy(&cp.bdaddr, &ev->bdaddr);
1902 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1903 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1904 }
1905}
1906
1907static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1908{
1909 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1910 struct hci_conn *conn;
1911
1912 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1913
1914 hci_dev_lock(hdev);
1915
1916 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1917 if (!conn)
1918 goto unlock;
1919
1920 if (ev->status == 0)
1921 conn->state = BT_CLOSED;
1922
1923 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1924 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1925 if (ev->status != 0)
1926 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1927 conn->dst_type, ev->status);
1928 else
1929 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1930 conn->dst_type);
1931 }
1932
1933 if (ev->status == 0) {
1934 if (conn->type == ACL_LINK && conn->flush_key)
1935 hci_remove_link_key(hdev, &conn->dst);
1936 hci_proto_disconn_cfm(conn, ev->reason);
1937 hci_conn_del(conn);
1938 }
1939
1940unlock:
1941 hci_dev_unlock(hdev);
1942}
1943
1944static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1945{
1946 struct hci_ev_auth_complete *ev = (void *) skb->data;
1947 struct hci_conn *conn;
1948
1949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1950
1951 hci_dev_lock(hdev);
1952
1953 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1954 if (!conn)
1955 goto unlock;
1956
1957 if (!ev->status) {
1958 if (!hci_conn_ssp_enabled(conn) &&
1959 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1960 BT_INFO("re-auth of legacy device is not possible.");
1961 } else {
1962 conn->link_mode |= HCI_LM_AUTH;
1963 conn->sec_level = conn->pending_sec_level;
1964 }
1965 } else {
1966 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1967 ev->status);
1968 }
1969
1970 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1971 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1972
1973 if (conn->state == BT_CONFIG) {
1974 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1975 struct hci_cp_set_conn_encrypt cp;
1976 cp.handle = ev->handle;
1977 cp.encrypt = 0x01;
1978 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1979 &cp);
1980 } else {
1981 conn->state = BT_CONNECTED;
1982 hci_proto_connect_cfm(conn, ev->status);
1983 hci_conn_put(conn);
1984 }
1985 } else {
1986 hci_auth_cfm(conn, ev->status);
1987
1988 hci_conn_hold(conn);
1989 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1990 hci_conn_put(conn);
1991 }
1992
1993 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1994 if (!ev->status) {
1995 struct hci_cp_set_conn_encrypt cp;
1996 cp.handle = ev->handle;
1997 cp.encrypt = 0x01;
1998 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1999 &cp);
2000 } else {
2001 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2002 hci_encrypt_cfm(conn, ev->status, 0x00);
2003 }
2004 }
2005
2006unlock:
2007 hci_dev_unlock(hdev);
2008}
2009
2010static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2011{
2012 struct hci_ev_remote_name *ev = (void *) skb->data;
2013 struct hci_conn *conn;
2014
2015 BT_DBG("%s", hdev->name);
2016
2017 hci_conn_check_pending(hdev);
2018
2019 hci_dev_lock(hdev);
2020
2021 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2022
2023 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2024 goto check_auth;
2025
2026 if (ev->status == 0)
2027 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2028 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2029 else
2030 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2031
2032check_auth:
2033 if (!conn)
2034 goto unlock;
2035
2036 if (!hci_outgoing_auth_needed(hdev, conn))
2037 goto unlock;
2038
2039 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2040 struct hci_cp_auth_requested cp;
2041 cp.handle = __cpu_to_le16(conn->handle);
2042 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2043 }
2044
2045unlock:
2046 hci_dev_unlock(hdev);
2047}
2048
2049static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2050{
2051 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2052 struct hci_conn *conn;
2053
2054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2055
2056 hci_dev_lock(hdev);
2057
2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2059 if (conn) {
2060 if (!ev->status) {
2061 if (ev->encrypt) {
2062
2063 conn->link_mode |= HCI_LM_AUTH;
2064 conn->link_mode |= HCI_LM_ENCRYPT;
2065 conn->sec_level = conn->pending_sec_level;
2066 } else
2067 conn->link_mode &= ~HCI_LM_ENCRYPT;
2068 }
2069
2070 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2071
2072 if (ev->status && conn->state == BT_CONNECTED) {
2073 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2074 hci_conn_put(conn);
2075 goto unlock;
2076 }
2077
2078 if (conn->state == BT_CONFIG) {
2079 if (!ev->status)
2080 conn->state = BT_CONNECTED;
2081
2082 hci_proto_connect_cfm(conn, ev->status);
2083 hci_conn_put(conn);
2084 } else
2085 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2086 }
2087
2088unlock:
2089 hci_dev_unlock(hdev);
2090}
2091
2092static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2093 struct sk_buff *skb)
2094{
2095 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2096 struct hci_conn *conn;
2097
2098 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2099
2100 hci_dev_lock(hdev);
2101
2102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2103 if (conn) {
2104 if (!ev->status)
2105 conn->link_mode |= HCI_LM_SECURE;
2106
2107 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2108
2109 hci_key_change_cfm(conn, ev->status);
2110 }
2111
2112 hci_dev_unlock(hdev);
2113}
2114
2115static void hci_remote_features_evt(struct hci_dev *hdev,
2116 struct sk_buff *skb)
2117{
2118 struct hci_ev_remote_features *ev = (void *) skb->data;
2119 struct hci_conn *conn;
2120
2121 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2122
2123 hci_dev_lock(hdev);
2124
2125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2126 if (!conn)
2127 goto unlock;
2128
2129 if (!ev->status)
2130 memcpy(conn->features, ev->features, 8);
2131
2132 if (conn->state != BT_CONFIG)
2133 goto unlock;
2134
2135 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2136 struct hci_cp_read_remote_ext_features cp;
2137 cp.handle = ev->handle;
2138 cp.page = 0x01;
2139 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2140 sizeof(cp), &cp);
2141 goto unlock;
2142 }
2143
2144 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2145 struct hci_cp_remote_name_req cp;
2146 memset(&cp, 0, sizeof(cp));
2147 bacpy(&cp.bdaddr, &conn->dst);
2148 cp.pscan_rep_mode = 0x02;
2149 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2150 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2151 mgmt_device_connected(hdev, &conn->dst, conn->type,
2152 conn->dst_type, 0, NULL, 0,
2153 conn->dev_class);
2154
2155 if (!hci_outgoing_auth_needed(hdev, conn)) {
2156 conn->state = BT_CONNECTED;
2157 hci_proto_connect_cfm(conn, ev->status);
2158 hci_conn_put(conn);
2159 }
2160
2161unlock:
2162 hci_dev_unlock(hdev);
2163}
2164
2165static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2166{
2167 BT_DBG("%s", hdev->name);
2168}
2169
2170static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2171 struct sk_buff *skb)
2172{
2173 BT_DBG("%s", hdev->name);
2174}
2175
2176static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2177{
2178 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2179 __u16 opcode;
2180
2181 skb_pull(skb, sizeof(*ev));
2182
2183 opcode = __le16_to_cpu(ev->opcode);
2184
2185 switch (opcode) {
2186 case HCI_OP_INQUIRY_CANCEL:
2187 hci_cc_inquiry_cancel(hdev, skb);
2188 break;
2189
2190 case HCI_OP_PERIODIC_INQ:
2191 hci_cc_periodic_inq(hdev, skb);
2192 break;
2193
2194 case HCI_OP_EXIT_PERIODIC_INQ:
2195 hci_cc_exit_periodic_inq(hdev, skb);
2196 break;
2197
2198 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2199 hci_cc_remote_name_req_cancel(hdev, skb);
2200 break;
2201
2202 case HCI_OP_ROLE_DISCOVERY:
2203 hci_cc_role_discovery(hdev, skb);
2204 break;
2205
2206 case HCI_OP_READ_LINK_POLICY:
2207 hci_cc_read_link_policy(hdev, skb);
2208 break;
2209
2210 case HCI_OP_WRITE_LINK_POLICY:
2211 hci_cc_write_link_policy(hdev, skb);
2212 break;
2213
2214 case HCI_OP_READ_DEF_LINK_POLICY:
2215 hci_cc_read_def_link_policy(hdev, skb);
2216 break;
2217
2218 case HCI_OP_WRITE_DEF_LINK_POLICY:
2219 hci_cc_write_def_link_policy(hdev, skb);
2220 break;
2221
2222 case HCI_OP_RESET:
2223 hci_cc_reset(hdev, skb);
2224 break;
2225
2226 case HCI_OP_WRITE_LOCAL_NAME:
2227 hci_cc_write_local_name(hdev, skb);
2228 break;
2229
2230 case HCI_OP_READ_LOCAL_NAME:
2231 hci_cc_read_local_name(hdev, skb);
2232 break;
2233
2234 case HCI_OP_WRITE_AUTH_ENABLE:
2235 hci_cc_write_auth_enable(hdev, skb);
2236 break;
2237
2238 case HCI_OP_WRITE_ENCRYPT_MODE:
2239 hci_cc_write_encrypt_mode(hdev, skb);
2240 break;
2241
2242 case HCI_OP_WRITE_SCAN_ENABLE:
2243 hci_cc_write_scan_enable(hdev, skb);
2244 break;
2245
2246 case HCI_OP_READ_CLASS_OF_DEV:
2247 hci_cc_read_class_of_dev(hdev, skb);
2248 break;
2249
2250 case HCI_OP_WRITE_CLASS_OF_DEV:
2251 hci_cc_write_class_of_dev(hdev, skb);
2252 break;
2253
2254 case HCI_OP_READ_VOICE_SETTING:
2255 hci_cc_read_voice_setting(hdev, skb);
2256 break;
2257
2258 case HCI_OP_WRITE_VOICE_SETTING:
2259 hci_cc_write_voice_setting(hdev, skb);
2260 break;
2261
2262 case HCI_OP_HOST_BUFFER_SIZE:
2263 hci_cc_host_buffer_size(hdev, skb);
2264 break;
2265
2266 case HCI_OP_WRITE_SSP_MODE:
2267 hci_cc_write_ssp_mode(hdev, skb);
2268 break;
2269
2270 case HCI_OP_READ_LOCAL_VERSION:
2271 hci_cc_read_local_version(hdev, skb);
2272 break;
2273
2274 case HCI_OP_READ_LOCAL_COMMANDS:
2275 hci_cc_read_local_commands(hdev, skb);
2276 break;
2277
2278 case HCI_OP_READ_LOCAL_FEATURES:
2279 hci_cc_read_local_features(hdev, skb);
2280 break;
2281
2282 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2283 hci_cc_read_local_ext_features(hdev, skb);
2284 break;
2285
2286 case HCI_OP_READ_BUFFER_SIZE:
2287 hci_cc_read_buffer_size(hdev, skb);
2288 break;
2289
2290 case HCI_OP_READ_BD_ADDR:
2291 hci_cc_read_bd_addr(hdev, skb);
2292 break;
2293
2294 case HCI_OP_READ_DATA_BLOCK_SIZE:
2295 hci_cc_read_data_block_size(hdev, skb);
2296 break;
2297
2298 case HCI_OP_WRITE_CA_TIMEOUT:
2299 hci_cc_write_ca_timeout(hdev, skb);
2300 break;
2301
2302 case HCI_OP_READ_FLOW_CONTROL_MODE:
2303 hci_cc_read_flow_control_mode(hdev, skb);
2304 break;
2305
2306 case HCI_OP_READ_LOCAL_AMP_INFO:
2307 hci_cc_read_local_amp_info(hdev, skb);
2308 break;
2309
2310 case HCI_OP_DELETE_STORED_LINK_KEY:
2311 hci_cc_delete_stored_link_key(hdev, skb);
2312 break;
2313
2314 case HCI_OP_SET_EVENT_MASK:
2315 hci_cc_set_event_mask(hdev, skb);
2316 break;
2317
2318 case HCI_OP_WRITE_INQUIRY_MODE:
2319 hci_cc_write_inquiry_mode(hdev, skb);
2320 break;
2321
2322 case HCI_OP_READ_INQ_RSP_TX_POWER:
2323 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2324 break;
2325
2326 case HCI_OP_SET_EVENT_FLT:
2327 hci_cc_set_event_flt(hdev, skb);
2328 break;
2329
2330 case HCI_OP_PIN_CODE_REPLY:
2331 hci_cc_pin_code_reply(hdev, skb);
2332 break;
2333
2334 case HCI_OP_PIN_CODE_NEG_REPLY:
2335 hci_cc_pin_code_neg_reply(hdev, skb);
2336 break;
2337
2338 case HCI_OP_READ_LOCAL_OOB_DATA:
2339 hci_cc_read_local_oob_data_reply(hdev, skb);
2340 break;
2341
2342 case HCI_OP_LE_READ_BUFFER_SIZE:
2343 hci_cc_le_read_buffer_size(hdev, skb);
2344 break;
2345
2346 case HCI_OP_USER_CONFIRM_REPLY:
2347 hci_cc_user_confirm_reply(hdev, skb);
2348 break;
2349
2350 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2351 hci_cc_user_confirm_neg_reply(hdev, skb);
2352 break;
2353
2354 case HCI_OP_USER_PASSKEY_REPLY:
2355 hci_cc_user_passkey_reply(hdev, skb);
2356 break;
2357
2358 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2359 hci_cc_user_passkey_neg_reply(hdev, skb);
2360 break;
2361
2362 case HCI_OP_LE_SET_SCAN_PARAM:
2363 hci_cc_le_set_scan_param(hdev, skb);
2364 break;
2365
2366 case HCI_OP_LE_SET_SCAN_ENABLE:
2367 hci_cc_le_set_scan_enable(hdev, skb);
2368 break;
2369
2370 case HCI_OP_LE_LTK_REPLY:
2371 hci_cc_le_ltk_reply(hdev, skb);
2372 break;
2373
2374 case HCI_OP_LE_LTK_NEG_REPLY:
2375 hci_cc_le_ltk_neg_reply(hdev, skb);
2376 break;
2377
2378 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2379 hci_cc_write_le_host_supported(hdev, skb);
2380 break;
2381
2382 default:
2383 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2384 break;
2385 }
2386
2387 if (ev->opcode != HCI_OP_NOP)
2388 del_timer(&hdev->cmd_timer);
2389
2390 if (ev->ncmd) {
2391 atomic_set(&hdev->cmd_cnt, 1);
2392 if (!skb_queue_empty(&hdev->cmd_q))
2393 queue_work(hdev->workqueue, &hdev->cmd_work);
2394 }
2395}
2396
2397static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2398{
2399 struct hci_ev_cmd_status *ev = (void *) skb->data;
2400 __u16 opcode;
2401
2402 skb_pull(skb, sizeof(*ev));
2403
2404 opcode = __le16_to_cpu(ev->opcode);
2405
2406 switch (opcode) {
2407 case HCI_OP_INQUIRY:
2408 hci_cs_inquiry(hdev, ev->status);
2409 break;
2410
2411 case HCI_OP_CREATE_CONN:
2412 hci_cs_create_conn(hdev, ev->status);
2413 break;
2414
2415 case HCI_OP_ADD_SCO:
2416 hci_cs_add_sco(hdev, ev->status);
2417 break;
2418
2419 case HCI_OP_AUTH_REQUESTED:
2420 hci_cs_auth_requested(hdev, ev->status);
2421 break;
2422
2423 case HCI_OP_SET_CONN_ENCRYPT:
2424 hci_cs_set_conn_encrypt(hdev, ev->status);
2425 break;
2426
2427 case HCI_OP_REMOTE_NAME_REQ:
2428 hci_cs_remote_name_req(hdev, ev->status);
2429 break;
2430
2431 case HCI_OP_READ_REMOTE_FEATURES:
2432 hci_cs_read_remote_features(hdev, ev->status);
2433 break;
2434
2435 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2436 hci_cs_read_remote_ext_features(hdev, ev->status);
2437 break;
2438
2439 case HCI_OP_SETUP_SYNC_CONN:
2440 hci_cs_setup_sync_conn(hdev, ev->status);
2441 break;
2442
2443 case HCI_OP_SNIFF_MODE:
2444 hci_cs_sniff_mode(hdev, ev->status);
2445 break;
2446
2447 case HCI_OP_EXIT_SNIFF_MODE:
2448 hci_cs_exit_sniff_mode(hdev, ev->status);
2449 break;
2450
2451 case HCI_OP_DISCONNECT:
2452 hci_cs_disconnect(hdev, ev->status);
2453 break;
2454
2455 case HCI_OP_LE_CREATE_CONN:
2456 hci_cs_le_create_conn(hdev, ev->status);
2457 break;
2458
2459 case HCI_OP_LE_START_ENC:
2460 hci_cs_le_start_enc(hdev, ev->status);
2461 break;
2462
2463 default:
2464 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2465 break;
2466 }
2467
2468 if (ev->opcode != HCI_OP_NOP)
2469 del_timer(&hdev->cmd_timer);
2470
2471 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2472 atomic_set(&hdev->cmd_cnt, 1);
2473 if (!skb_queue_empty(&hdev->cmd_q))
2474 queue_work(hdev->workqueue, &hdev->cmd_work);
2475 }
2476}
2477
2478static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2479{
2480 struct hci_ev_role_change *ev = (void *) skb->data;
2481 struct hci_conn *conn;
2482
2483 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2484
2485 hci_dev_lock(hdev);
2486
2487 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2488 if (conn) {
2489 if (!ev->status) {
2490 if (ev->role)
2491 conn->link_mode &= ~HCI_LM_MASTER;
2492 else
2493 conn->link_mode |= HCI_LM_MASTER;
2494 }
2495
2496 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2497
2498 hci_role_switch_cfm(conn, ev->status, ev->role);
2499 }
2500
2501 hci_dev_unlock(hdev);
2502}
2503
2504static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2505{
2506 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2507 int i;
2508
2509 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2510 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2511 return;
2512 }
2513
2514 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2515 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2516 BT_DBG("%s bad parameters", hdev->name);
2517 return;
2518 }
2519
2520 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2521
2522 for (i = 0; i < ev->num_hndl; i++) {
2523 struct hci_comp_pkts_info *info = &ev->handles[i];
2524 struct hci_conn *conn;
2525 __u16 handle, count;
2526
2527 handle = __le16_to_cpu(info->handle);
2528 count = __le16_to_cpu(info->count);
2529
2530 conn = hci_conn_hash_lookup_handle(hdev, handle);
2531 if (!conn)
2532 continue;
2533
2534 conn->sent -= count;
2535
2536 switch (conn->type) {
2537 case ACL_LINK:
2538 hdev->acl_cnt += count;
2539 if (hdev->acl_cnt > hdev->acl_pkts)
2540 hdev->acl_cnt = hdev->acl_pkts;
2541 break;
2542
2543 case LE_LINK:
2544 if (hdev->le_pkts) {
2545 hdev->le_cnt += count;
2546 if (hdev->le_cnt > hdev->le_pkts)
2547 hdev->le_cnt = hdev->le_pkts;
2548 } else {
2549 hdev->acl_cnt += count;
2550 if (hdev->acl_cnt > hdev->acl_pkts)
2551 hdev->acl_cnt = hdev->acl_pkts;
2552 }
2553 break;
2554
2555 case SCO_LINK:
2556 hdev->sco_cnt += count;
2557 if (hdev->sco_cnt > hdev->sco_pkts)
2558 hdev->sco_cnt = hdev->sco_pkts;
2559 break;
2560
2561 default:
2562 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2563 break;
2564 }
2565 }
2566
2567 queue_work(hdev->workqueue, &hdev->tx_work);
2568}
2569
2570static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2571{
2572 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2573 int i;
2574
2575 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2576 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2577 return;
2578 }
2579
2580 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2581 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2582 BT_DBG("%s bad parameters", hdev->name);
2583 return;
2584 }
2585
2586 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2587 ev->num_hndl);
2588
2589 for (i = 0; i < ev->num_hndl; i++) {
2590 struct hci_comp_blocks_info *info = &ev->handles[i];
2591 struct hci_conn *conn;
2592 __u16 handle, block_count;
2593
2594 handle = __le16_to_cpu(info->handle);
2595 block_count = __le16_to_cpu(info->blocks);
2596
2597 conn = hci_conn_hash_lookup_handle(hdev, handle);
2598 if (!conn)
2599 continue;
2600
2601 conn->sent -= block_count;
2602
2603 switch (conn->type) {
2604 case ACL_LINK:
2605 hdev->block_cnt += block_count;
2606 if (hdev->block_cnt > hdev->num_blocks)
2607 hdev->block_cnt = hdev->num_blocks;
2608 break;
2609
2610 default:
2611 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2612 break;
2613 }
2614 }
2615
2616 queue_work(hdev->workqueue, &hdev->tx_work);
2617}
2618
2619static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2620{
2621 struct hci_ev_mode_change *ev = (void *) skb->data;
2622 struct hci_conn *conn;
2623
2624 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2625
2626 hci_dev_lock(hdev);
2627
2628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2629 if (conn) {
2630 conn->mode = ev->mode;
2631 conn->interval = __le16_to_cpu(ev->interval);
2632
2633 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2634 &conn->flags)) {
2635 if (conn->mode == HCI_CM_ACTIVE)
2636 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2637 else
2638 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2639 }
2640
2641 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2642 hci_sco_setup(conn, ev->status);
2643 }
2644
2645 hci_dev_unlock(hdev);
2646}
2647
2648static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649{
2650 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2651 struct hci_conn *conn;
2652
2653 BT_DBG("%s", hdev->name);
2654
2655 hci_dev_lock(hdev);
2656
2657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2658 if (!conn)
2659 goto unlock;
2660
2661 if (conn->state == BT_CONNECTED) {
2662 hci_conn_hold(conn);
2663 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2664 hci_conn_put(conn);
2665 }
2666
2667 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2668 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2669 sizeof(ev->bdaddr), &ev->bdaddr);
2670 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2671 u8 secure;
2672
2673 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2674 secure = 1;
2675 else
2676 secure = 0;
2677
2678 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2679 }
2680
2681unlock:
2682 hci_dev_unlock(hdev);
2683}
2684
2685static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686{
2687 struct hci_ev_link_key_req *ev = (void *) skb->data;
2688 struct hci_cp_link_key_reply cp;
2689 struct hci_conn *conn;
2690 struct link_key *key;
2691
2692 BT_DBG("%s", hdev->name);
2693
2694 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2695 return;
2696
2697 hci_dev_lock(hdev);
2698
2699 key = hci_find_link_key(hdev, &ev->bdaddr);
2700 if (!key) {
2701 BT_DBG("%s link key not found for %s", hdev->name,
2702 batostr(&ev->bdaddr));
2703 goto not_found;
2704 }
2705
2706 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2707 batostr(&ev->bdaddr));
2708
2709 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2710 key->type == HCI_LK_DEBUG_COMBINATION) {
2711 BT_DBG("%s ignoring debug key", hdev->name);
2712 goto not_found;
2713 }
2714
2715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2716 if (conn) {
2717 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2718 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2719 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2720 goto not_found;
2721 }
2722
2723 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2724 conn->pending_sec_level == BT_SECURITY_HIGH) {
2725 BT_DBG("%s ignoring key unauthenticated for high security",
2726 hdev->name);
2727 goto not_found;
2728 }
2729
2730 conn->key_type = key->type;
2731 conn->pin_length = key->pin_len;
2732 }
2733
2734 bacpy(&cp.bdaddr, &ev->bdaddr);
2735 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2736
2737 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2738
2739 hci_dev_unlock(hdev);
2740
2741 return;
2742
2743not_found:
2744 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2745 hci_dev_unlock(hdev);
2746}
2747
2748static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2749{
2750 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2751 struct hci_conn *conn;
2752 u8 pin_len = 0;
2753
2754 BT_DBG("%s", hdev->name);
2755
2756 hci_dev_lock(hdev);
2757
2758 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2759 if (conn) {
2760 hci_conn_hold(conn);
2761 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2762 pin_len = conn->pin_length;
2763
2764 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2765 conn->key_type = ev->key_type;
2766
2767 hci_conn_put(conn);
2768 }
2769
2770 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2771 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2772 ev->key_type, pin_len);
2773
2774 hci_dev_unlock(hdev);
2775}
2776
2777static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2778{
2779 struct hci_ev_clock_offset *ev = (void *) skb->data;
2780 struct hci_conn *conn;
2781
2782 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2783
2784 hci_dev_lock(hdev);
2785
2786 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2787 if (conn && !ev->status) {
2788 struct inquiry_entry *ie;
2789
2790 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2791 if (ie) {
2792 ie->data.clock_offset = ev->clock_offset;
2793 ie->timestamp = jiffies;
2794 }
2795 }
2796
2797 hci_dev_unlock(hdev);
2798}
2799
2800static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2801{
2802 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2803 struct hci_conn *conn;
2804
2805 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2806
2807 hci_dev_lock(hdev);
2808
2809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2810 if (conn && !ev->status)
2811 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2812
2813 hci_dev_unlock(hdev);
2814}
2815
2816static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2817{
2818 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2819 struct inquiry_entry *ie;
2820
2821 BT_DBG("%s", hdev->name);
2822
2823 hci_dev_lock(hdev);
2824
2825 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2826 if (ie) {
2827 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2828 ie->timestamp = jiffies;
2829 }
2830
2831 hci_dev_unlock(hdev);
2832}
2833
2834static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2835 struct sk_buff *skb)
2836{
2837 struct inquiry_data data;
2838 int num_rsp = *((__u8 *) skb->data);
2839 bool name_known, ssp;
2840
2841 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2842
2843 if (!num_rsp)
2844 return;
2845
2846 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2847 return;
2848
2849 hci_dev_lock(hdev);
2850
2851 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2852 struct inquiry_info_with_rssi_and_pscan_mode *info;
2853 info = (void *) (skb->data + 1);
2854
2855 for (; num_rsp; num_rsp--, info++) {
2856 bacpy(&data.bdaddr, &info->bdaddr);
2857 data.pscan_rep_mode = info->pscan_rep_mode;
2858 data.pscan_period_mode = info->pscan_period_mode;
2859 data.pscan_mode = info->pscan_mode;
2860 memcpy(data.dev_class, info->dev_class, 3);
2861 data.clock_offset = info->clock_offset;
2862 data.rssi = info->rssi;
2863 data.ssp_mode = 0x00;
2864
2865 name_known = hci_inquiry_cache_update(hdev, &data,
2866 false, &ssp);
2867 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2868 info->dev_class, info->rssi,
2869 !name_known, ssp, NULL, 0);
2870 }
2871 } else {
2872 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2873
2874 for (; num_rsp; num_rsp--, info++) {
2875 bacpy(&data.bdaddr, &info->bdaddr);
2876 data.pscan_rep_mode = info->pscan_rep_mode;
2877 data.pscan_period_mode = info->pscan_period_mode;
2878 data.pscan_mode = 0x00;
2879 memcpy(data.dev_class, info->dev_class, 3);
2880 data.clock_offset = info->clock_offset;
2881 data.rssi = info->rssi;
2882 data.ssp_mode = 0x00;
2883 name_known = hci_inquiry_cache_update(hdev, &data,
2884 false, &ssp);
2885 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2886 info->dev_class, info->rssi,
2887 !name_known, ssp, NULL, 0);
2888 }
2889 }
2890
2891 hci_dev_unlock(hdev);
2892}
2893
2894static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2895 struct sk_buff *skb)
2896{
2897 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2898 struct hci_conn *conn;
2899
2900 BT_DBG("%s", hdev->name);
2901
2902 hci_dev_lock(hdev);
2903
2904 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2905 if (!conn)
2906 goto unlock;
2907
2908 if (!ev->status && ev->page == 0x01) {
2909 struct inquiry_entry *ie;
2910
2911 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2912 if (ie)
2913 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2914
2915 if (ev->features[0] & LMP_HOST_SSP)
2916 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2917 }
2918
2919 if (conn->state != BT_CONFIG)
2920 goto unlock;
2921
2922 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2923 struct hci_cp_remote_name_req cp;
2924 memset(&cp, 0, sizeof(cp));
2925 bacpy(&cp.bdaddr, &conn->dst);
2926 cp.pscan_rep_mode = 0x02;
2927 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2928 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2929 mgmt_device_connected(hdev, &conn->dst, conn->type,
2930 conn->dst_type, 0, NULL, 0,
2931 conn->dev_class);
2932
2933 if (!hci_outgoing_auth_needed(hdev, conn)) {
2934 conn->state = BT_CONNECTED;
2935 hci_proto_connect_cfm(conn, ev->status);
2936 hci_conn_put(conn);
2937 }
2938
2939unlock:
2940 hci_dev_unlock(hdev);
2941}
2942
2943static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2944 struct sk_buff *skb)
2945{
2946 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2947 struct hci_conn *conn;
2948
2949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2950
2951 hci_dev_lock(hdev);
2952
2953 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2954 if (!conn) {
2955 if (ev->link_type == ESCO_LINK)
2956 goto unlock;
2957
2958 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2959 if (!conn)
2960 goto unlock;
2961
2962 conn->type = SCO_LINK;
2963 }
2964
2965 switch (ev->status) {
2966 case 0x00:
2967 conn->handle = __le16_to_cpu(ev->handle);
2968 conn->state = BT_CONNECTED;
2969
2970 hci_conn_hold_device(conn);
2971 hci_conn_add_sysfs(conn);
2972 break;
2973
2974 case 0x11:
2975 case 0x1c:
2976 case 0x1a:
2977 case 0x1f:
2978 if (conn->out && conn->attempt < 2) {
2979 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2980 (hdev->esco_type & EDR_ESCO_MASK);
2981 hci_setup_sync(conn, conn->link->handle);
2982 goto unlock;
2983 }
2984
2985
2986 default:
2987 conn->state = BT_CLOSED;
2988 break;
2989 }
2990
2991 hci_proto_connect_cfm(conn, ev->status);
2992 if (ev->status)
2993 hci_conn_del(conn);
2994
2995unlock:
2996 hci_dev_unlock(hdev);
2997}
2998
2999static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3000{
3001 BT_DBG("%s", hdev->name);
3002}
3003
3004static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3005{
3006 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3007
3008 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3009}
3010
3011static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3012 struct sk_buff *skb)
3013{
3014 struct inquiry_data data;
3015 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3016 int num_rsp = *((__u8 *) skb->data);
3017 size_t eir_len;
3018
3019 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3020
3021 if (!num_rsp)
3022 return;
3023
3024 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3025 return;
3026
3027 hci_dev_lock(hdev);
3028
3029 for (; num_rsp; num_rsp--, info++) {
3030 bool name_known, ssp;
3031
3032 bacpy(&data.bdaddr, &info->bdaddr);
3033 data.pscan_rep_mode = info->pscan_rep_mode;
3034 data.pscan_period_mode = info->pscan_period_mode;
3035 data.pscan_mode = 0x00;
3036 memcpy(data.dev_class, info->dev_class, 3);
3037 data.clock_offset = info->clock_offset;
3038 data.rssi = info->rssi;
3039 data.ssp_mode = 0x01;
3040
3041 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3042 name_known = eir_has_data_type(info->data,
3043 sizeof(info->data),
3044 EIR_NAME_COMPLETE);
3045 else
3046 name_known = true;
3047
3048 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3049 &ssp);
3050 eir_len = eir_get_length(info->data, sizeof(info->data));
3051 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3052 info->dev_class, info->rssi, !name_known,
3053 ssp, info->data, eir_len);
3054 }
3055
3056 hci_dev_unlock(hdev);
3057}
3058
3059static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3060 struct sk_buff *skb)
3061{
3062 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3064
3065 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3066 __le16_to_cpu(ev->handle));
3067
3068 hci_dev_lock(hdev);
3069
3070 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3071 if (!conn)
3072 goto unlock;
3073
3074 if (!ev->status)
3075 conn->sec_level = conn->pending_sec_level;
3076
3077 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3078
3079 if (ev->status && conn->state == BT_CONNECTED) {
3080 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3081 hci_conn_put(conn);
3082 goto unlock;
3083 }
3084
3085 if (conn->state == BT_CONFIG) {
3086 if (!ev->status)
3087 conn->state = BT_CONNECTED;
3088
3089 hci_proto_connect_cfm(conn, ev->status);
3090 hci_conn_put(conn);
3091 } else {
3092 hci_auth_cfm(conn, ev->status);
3093
3094 hci_conn_hold(conn);
3095 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3096 hci_conn_put(conn);
3097 }
3098
3099unlock:
3100 hci_dev_unlock(hdev);
3101}
3102
3103static u8 hci_get_auth_req(struct hci_conn *conn)
3104{
3105
3106 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3107
3108
3109 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3110 return 0x02;
3111 else
3112 return 0x03;
3113 }
3114
3115
3116 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3117 return conn->remote_auth | (conn->auth_type & 0x01);
3118
3119 return conn->auth_type;
3120}
3121
3122static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3123{
3124 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3125 struct hci_conn *conn;
3126
3127 BT_DBG("%s", hdev->name);
3128
3129 hci_dev_lock(hdev);
3130
3131 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3132 if (!conn)
3133 goto unlock;
3134
3135 hci_conn_hold(conn);
3136
3137 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3138 goto unlock;
3139
3140 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3141 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3142 struct hci_cp_io_capability_reply cp;
3143
3144 bacpy(&cp.bdaddr, &ev->bdaddr);
3145
3146
3147 cp.capability = (conn->io_capability == 0x04) ?
3148 0x01 : conn->io_capability;
3149 conn->auth_type = hci_get_auth_req(conn);
3150 cp.authentication = conn->auth_type;
3151
3152 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3153 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3154 cp.oob_data = 0x01;
3155 else
3156 cp.oob_data = 0x00;
3157
3158 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3159 sizeof(cp), &cp);
3160 } else {
3161 struct hci_cp_io_capability_neg_reply cp;
3162
3163 bacpy(&cp.bdaddr, &ev->bdaddr);
3164 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3165
3166 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3167 sizeof(cp), &cp);
3168 }
3169
3170unlock:
3171 hci_dev_unlock(hdev);
3172}
3173
3174static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3175{
3176 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3177 struct hci_conn *conn;
3178
3179 BT_DBG("%s", hdev->name);
3180
3181 hci_dev_lock(hdev);
3182
3183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3184 if (!conn)
3185 goto unlock;
3186
3187 conn->remote_cap = ev->capability;
3188 conn->remote_auth = ev->authentication;
3189 if (ev->oob_data)
3190 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3191
3192unlock:
3193 hci_dev_unlock(hdev);
3194}
3195
3196static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
3198{
3199 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3200 int loc_mitm, rem_mitm, confirm_hint = 0;
3201 struct hci_conn *conn;
3202
3203 BT_DBG("%s", hdev->name);
3204
3205 hci_dev_lock(hdev);
3206
3207 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3208 goto unlock;
3209
3210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3211 if (!conn)
3212 goto unlock;
3213
3214 loc_mitm = (conn->auth_type & 0x01);
3215 rem_mitm = (conn->remote_auth & 0x01);
3216
3217
3218
3219
3220
3221
3222 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3223 BT_DBG("Rejecting request: remote device can't provide MITM");
3224 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3225 sizeof(ev->bdaddr), &ev->bdaddr);
3226 goto unlock;
3227 }
3228
3229
3230 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3231 (!rem_mitm || conn->io_capability == 0x03)) {
3232
3233
3234
3235
3236 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3237 BT_DBG("Confirming auto-accept as acceptor");
3238 confirm_hint = 1;
3239 goto confirm;
3240 }
3241
3242 BT_DBG("Auto-accept of user confirmation with %ums delay",
3243 hdev->auto_accept_delay);
3244
3245 if (hdev->auto_accept_delay > 0) {
3246 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3247 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3248 goto unlock;
3249 }
3250
3251 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3252 sizeof(ev->bdaddr), &ev->bdaddr);
3253 goto unlock;
3254 }
3255
3256confirm:
3257 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3258 confirm_hint);
3259
3260unlock:
3261 hci_dev_unlock(hdev);
3262}
3263
3264static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3265 struct sk_buff *skb)
3266{
3267 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3268
3269 BT_DBG("%s", hdev->name);
3270
3271 hci_dev_lock(hdev);
3272
3273 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3274 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3275
3276 hci_dev_unlock(hdev);
3277}
3278
3279static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3280 struct sk_buff *skb)
3281{
3282 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3283 struct hci_conn *conn;
3284
3285 BT_DBG("%s", hdev->name);
3286
3287 hci_dev_lock(hdev);
3288
3289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3290 if (!conn)
3291 goto unlock;
3292
3293
3294
3295
3296
3297
3298 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3299 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3300 ev->status);
3301
3302 hci_conn_put(conn);
3303
3304unlock:
3305 hci_dev_unlock(hdev);
3306}
3307
3308static void hci_remote_host_features_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3310{
3311 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3312 struct inquiry_entry *ie;
3313
3314 BT_DBG("%s", hdev->name);
3315
3316 hci_dev_lock(hdev);
3317
3318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3319 if (ie)
3320 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3321
3322 hci_dev_unlock(hdev);
3323}
3324
3325static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
3327{
3328 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3329 struct oob_data *data;
3330
3331 BT_DBG("%s", hdev->name);
3332
3333 hci_dev_lock(hdev);
3334
3335 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3336 goto unlock;
3337
3338 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3339 if (data) {
3340 struct hci_cp_remote_oob_data_reply cp;
3341
3342 bacpy(&cp.bdaddr, &ev->bdaddr);
3343 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3344 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3345
3346 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3347 &cp);
3348 } else {
3349 struct hci_cp_remote_oob_data_neg_reply cp;
3350
3351 bacpy(&cp.bdaddr, &ev->bdaddr);
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3353 &cp);
3354 }
3355
3356unlock:
3357 hci_dev_unlock(hdev);
3358}
3359
3360static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3361{
3362 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3363 struct hci_conn *conn;
3364
3365 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3366
3367 hci_dev_lock(hdev);
3368
3369 if (ev->status) {
3370 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3371 if (!conn)
3372 goto unlock;
3373
3374 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3375 conn->dst_type, ev->status);
3376 hci_proto_connect_cfm(conn, ev->status);
3377 conn->state = BT_CLOSED;
3378 hci_conn_del(conn);
3379 goto unlock;
3380 }
3381
3382 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3383 if (!conn) {
3384 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3385 if (!conn) {
3386 BT_ERR("No memory for new connection");
3387 hci_dev_unlock(hdev);
3388 return;
3389 }
3390
3391 conn->dst_type = ev->bdaddr_type;
3392 }
3393
3394 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3395 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3396 conn->dst_type, 0, NULL, 0, NULL);
3397
3398 conn->sec_level = BT_SECURITY_LOW;
3399 conn->handle = __le16_to_cpu(ev->handle);
3400 conn->state = BT_CONNECTED;
3401
3402 hci_conn_hold_device(conn);
3403 hci_conn_add_sysfs(conn);
3404
3405 hci_proto_connect_cfm(conn, ev->status);
3406
3407unlock:
3408 hci_dev_unlock(hdev);
3409}
3410
3411static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3412{
3413 u8 num_reports = skb->data[0];
3414 void *ptr = &skb->data[1];
3415 s8 rssi;
3416
3417 hci_dev_lock(hdev);
3418
3419 while (num_reports--) {
3420 struct hci_ev_le_advertising_info *ev = ptr;
3421
3422 rssi = ev->data[ev->length];
3423 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3424 NULL, rssi, 0, 1, ev->data, ev->length);
3425
3426 ptr += sizeof(*ev) + ev->length + 1;
3427 }
3428
3429 hci_dev_unlock(hdev);
3430}
3431
3432static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3433{
3434 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3435 struct hci_cp_le_ltk_reply cp;
3436 struct hci_cp_le_ltk_neg_reply neg;
3437 struct hci_conn *conn;
3438 struct smp_ltk *ltk;
3439
3440 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3441
3442 hci_dev_lock(hdev);
3443
3444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3445 if (conn == NULL)
3446 goto not_found;
3447
3448 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3449 if (ltk == NULL)
3450 goto not_found;
3451
3452 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3453 cp.handle = cpu_to_le16(conn->handle);
3454
3455 if (ltk->authenticated)
3456 conn->sec_level = BT_SECURITY_HIGH;
3457
3458 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3459
3460 if (ltk->type & HCI_SMP_STK) {
3461 list_del(<k->list);
3462 kfree(ltk);
3463 }
3464
3465 hci_dev_unlock(hdev);
3466
3467 return;
3468
3469not_found:
3470 neg.handle = ev->handle;
3471 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3472 hci_dev_unlock(hdev);
3473}
3474
3475static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3476{
3477 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3478
3479 skb_pull(skb, sizeof(*le_ev));
3480
3481 switch (le_ev->subevent) {
3482 case HCI_EV_LE_CONN_COMPLETE:
3483 hci_le_conn_complete_evt(hdev, skb);
3484 break;
3485
3486 case HCI_EV_LE_ADVERTISING_REPORT:
3487 hci_le_adv_report_evt(hdev, skb);
3488 break;
3489
3490 case HCI_EV_LE_LTK_REQ:
3491 hci_le_ltk_request_evt(hdev, skb);
3492 break;
3493
3494 default:
3495 break;
3496 }
3497}
3498
3499void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3500{
3501 struct hci_event_hdr *hdr = (void *) skb->data;
3502 __u8 event = hdr->evt;
3503
3504 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3505
3506 switch (event) {
3507 case HCI_EV_INQUIRY_COMPLETE:
3508 hci_inquiry_complete_evt(hdev, skb);
3509 break;
3510
3511 case HCI_EV_INQUIRY_RESULT:
3512 hci_inquiry_result_evt(hdev, skb);
3513 break;
3514
3515 case HCI_EV_CONN_COMPLETE:
3516 hci_conn_complete_evt(hdev, skb);
3517 break;
3518
3519 case HCI_EV_CONN_REQUEST:
3520 hci_conn_request_evt(hdev, skb);
3521 break;
3522
3523 case HCI_EV_DISCONN_COMPLETE:
3524 hci_disconn_complete_evt(hdev, skb);
3525 break;
3526
3527 case HCI_EV_AUTH_COMPLETE:
3528 hci_auth_complete_evt(hdev, skb);
3529 break;
3530
3531 case HCI_EV_REMOTE_NAME:
3532 hci_remote_name_evt(hdev, skb);
3533 break;
3534
3535 case HCI_EV_ENCRYPT_CHANGE:
3536 hci_encrypt_change_evt(hdev, skb);
3537 break;
3538
3539 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3540 hci_change_link_key_complete_evt(hdev, skb);
3541 break;
3542
3543 case HCI_EV_REMOTE_FEATURES:
3544 hci_remote_features_evt(hdev, skb);
3545 break;
3546
3547 case HCI_EV_REMOTE_VERSION:
3548 hci_remote_version_evt(hdev, skb);
3549 break;
3550
3551 case HCI_EV_QOS_SETUP_COMPLETE:
3552 hci_qos_setup_complete_evt(hdev, skb);
3553 break;
3554
3555 case HCI_EV_CMD_COMPLETE:
3556 hci_cmd_complete_evt(hdev, skb);
3557 break;
3558
3559 case HCI_EV_CMD_STATUS:
3560 hci_cmd_status_evt(hdev, skb);
3561 break;
3562
3563 case HCI_EV_ROLE_CHANGE:
3564 hci_role_change_evt(hdev, skb);
3565 break;
3566
3567 case HCI_EV_NUM_COMP_PKTS:
3568 hci_num_comp_pkts_evt(hdev, skb);
3569 break;
3570
3571 case HCI_EV_MODE_CHANGE:
3572 hci_mode_change_evt(hdev, skb);
3573 break;
3574
3575 case HCI_EV_PIN_CODE_REQ:
3576 hci_pin_code_request_evt(hdev, skb);
3577 break;
3578
3579 case HCI_EV_LINK_KEY_REQ:
3580 hci_link_key_request_evt(hdev, skb);
3581 break;
3582
3583 case HCI_EV_LINK_KEY_NOTIFY:
3584 hci_link_key_notify_evt(hdev, skb);
3585 break;
3586
3587 case HCI_EV_CLOCK_OFFSET:
3588 hci_clock_offset_evt(hdev, skb);
3589 break;
3590
3591 case HCI_EV_PKT_TYPE_CHANGE:
3592 hci_pkt_type_change_evt(hdev, skb);
3593 break;
3594
3595 case HCI_EV_PSCAN_REP_MODE:
3596 hci_pscan_rep_mode_evt(hdev, skb);
3597 break;
3598
3599 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3600 hci_inquiry_result_with_rssi_evt(hdev, skb);
3601 break;
3602
3603 case HCI_EV_REMOTE_EXT_FEATURES:
3604 hci_remote_ext_features_evt(hdev, skb);
3605 break;
3606
3607 case HCI_EV_SYNC_CONN_COMPLETE:
3608 hci_sync_conn_complete_evt(hdev, skb);
3609 break;
3610
3611 case HCI_EV_SYNC_CONN_CHANGED:
3612 hci_sync_conn_changed_evt(hdev, skb);
3613 break;
3614
3615 case HCI_EV_SNIFF_SUBRATE:
3616 hci_sniff_subrate_evt(hdev, skb);
3617 break;
3618
3619 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3620 hci_extended_inquiry_result_evt(hdev, skb);
3621 break;
3622
3623 case HCI_EV_KEY_REFRESH_COMPLETE:
3624 hci_key_refresh_complete_evt(hdev, skb);
3625 break;
3626
3627 case HCI_EV_IO_CAPA_REQUEST:
3628 hci_io_capa_request_evt(hdev, skb);
3629 break;
3630
3631 case HCI_EV_IO_CAPA_REPLY:
3632 hci_io_capa_reply_evt(hdev, skb);
3633 break;
3634
3635 case HCI_EV_USER_CONFIRM_REQUEST:
3636 hci_user_confirm_request_evt(hdev, skb);
3637 break;
3638
3639 case HCI_EV_USER_PASSKEY_REQUEST:
3640 hci_user_passkey_request_evt(hdev, skb);
3641 break;
3642
3643 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3644 hci_simple_pair_complete_evt(hdev, skb);
3645 break;
3646
3647 case HCI_EV_REMOTE_HOST_FEATURES:
3648 hci_remote_host_features_evt(hdev, skb);
3649 break;
3650
3651 case HCI_EV_LE_META:
3652 hci_le_meta_evt(hdev, skb);
3653 break;
3654
3655 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3656 hci_remote_oob_data_request_evt(hdev, skb);
3657 break;
3658
3659 case HCI_EV_NUM_COMP_BLOCKS:
3660 hci_num_comp_blocks_evt(hdev, skb);
3661 break;
3662
3663 default:
3664 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3665 break;
3666 }
3667
3668 kfree_skb(skb);
3669 hdev->stat.evt_rx++;
3670}
3671
